By Connor Walsh, CISSP
In many modern health care facilities, a “perimeter-based security strategy” is used to segment and/or isolatemedical devices from the Internet. Although this provides a basic level of network security, the non-existence of east-west traffic security and visibility, can lead to several possible vulnerabilities that can be exploited by a threat actor. Zero-trust networking is a giant step up from the traditional perimeter-based security and is something that every HTM professional should consider implementing using an IOMT visibility solution.
Zero trust networking is the principal of “never trust, always verify.” In other words, no device will be allowed connectivity in or out of your network until you can confirm, with confidence, that the device is what it is supposed to be and doing what it is supposed to be doing. And any time a device configuration changes, that trust must be verified again. The biggest first step into deploying a zero-trust network at your facility is obtaining visibility into your attack surface. Identifying not only where these devices are, but also what they consist of, such as OS, make, application, TCP/UDP port usage, vulnerabilities, and in the case of HTM, even FDA alerts. However, doing this manually would be very time consuming and require constant attention. This is where the IOMT visibility solution comes into play.
IOMT is a subset of IOT and stands for “Internet of Medical Things.” There are several dedicated IOMT visibility solutions that look at providing protection and zero-trust for a medical facility. These tools work in similar ways, first by building a robust medical device inventory, as mentioned above, by passively or actively “discovering” devices on your network and aggregating each type of device into groups. Once a device has been discovered, the IOMT solution will look at “classifying” each device by attempting to characterize each discovered device and assigning it to an established policy. These policies can be developed based on almost anything, such as, “Is this device domain joined?,” “What type of traffic does this device generate?” and “What ports are open?” After classification, the next stage is to “assess,” where the IOMT solution will determine whether the discovered/classified devices are following facility policy. This is very important because it leads into the final “control” stage, where the IOMT solution can take active measures to enforce policy or remove devices that do not conform.
An IOMT visibility solution can help a medical facility obtain zero-trust networking and provide additional risk mitigation that perimeter-based security cannot provide. Investing, deploying and learning one of these devices at your facility will show leadership that you are prioritizing the protection of your facility’s sensitive data. In today’s ever-changing cyber landscape, it is important to know what devices you have, and be able to act quickly when new threats arise with real-time data at your disposal.
