About

TechNation is the primary monthly magazine and ultimate resource guide for over 12,000 medical equipment service professionals. Its diverse editorial and information helps biomedical, HTM, imaging and I.T. professionals keep their finger on the pulse of the healthcare technology community, helping advance their careers and further their profession.

Register Now: Modernizing HTM Economics | April 22
TechNation.TV | HTM Jobs | Right to Repair | Advertise
Subscribe

Cybersecurity: Ready for the next BlueKeep?

4 Mins Read

By Joseph Fishel, CBET, MBA

Were you ready for BlueKeep? Are you ready for the next one? If you have been following along and making use of my suggestions and recommendations, I hope things are going well. An identified vulnerability is one scenario that you should have a developed and documented in your process or playbook of procedures. I will walk you through the steps using the techniques and processes we have been developing. This is a basic example of a vulnerability playbook. Clinical engineering and biomedical engineering have actually been doing much of this for years for recalls and device upgrades. The only difference is that these devices have an unknown factor as to what can happen, when it can happen and by whom.

Here are some basic steps using the mitigating controls that we have discussed and they should be implemented to work through a remediation. Let’s start.

1. You are notified of a new vulnerability.

2. Get all of the information you can accessing the device on the vulnerability to identify fully what the vulnerability is. Your IS/IT department may be able to assist.

  • What does the vulnerability affect? Does it affect operating systems, versions, applications, core components of the hard drive, etc.?
  • How does the vulnerability gain entry to the system? Does it use a portal, if so what is the port number?
  • What is the manufacturer/vendor suggesting to correct this? Turning off a port? Patching? Isolating?

3. Identify which devices are affected.

  • We identified many fields to make our database searchable for this reason.
  • Identify the devices that are vulnerable.
  • Are the devices all networked or are some of them standalone?
  • Are the devices on a protected VLAN with access control limits?

Knowing these different things and what is available can save time in dealing with a vulnerability or it may already be protected due to things that you have put in place.

4. Identify the remediation steps to be taken for the different classes of vulnerable devices. Also you can create a priority list to address the most vulnerable or temporary remediating steps such as closing a port.

  • This may require applying a patch.
  • A port may need to be turned off.
  • If the vulnerability is on an application, such as an Adobe product, the application may not work with an updated version so the device needs mitigating controls.
  • A firewall installed such as a bridge, prior to the device. This allows the network to communicate to the bridge but no further.
  • We had applied an ACL to the edge routers limiting what can be communicated with from the Internet so it has some protection from a direct attack (often referred to as North South or In and Out protection).
  • If the device was installed on a VLAN. It has both an ACL for North and South protection as well as East and West protect which protects it from devices inside the institution.

5. Verify that the remediation was successful

  • This may be in conjunction with vulnerability scans by IS.

6. Track what you do for remediation.

  • Track what you do to each device on a work order.
  • You may need to create a field in your CMMS to identify that the device has been remediated.
  • All new devices coming in need to be identified to determine if they are susceptible and remediated if needed.

7. Did you have any issues?

  • Identify where you had some issues and rework your playbook to prepare for the next time.
  • What could have worked better?
  • Do you need additional information in your database?

Vulnerabilities are not going away. The Internet of Things (IoT) is becoming the norm of medical equipment as we move to put more data at the fingertips of clinicians. New algorithms and applications are being developed every day to integrate medical devices.

Share.

Related Posts

Add A Comment

Leave A Reply

X