By Andrew Aiken
Foundational to the infrastructure (and the OSI model itself) are the physical components of the network. Firewalls, ASAs, IPS/IDS and network analysis tools are integral but rendered futile if the combination to the datacenter is 1-2-3-4-5. Less extreme and more likely are the number of mobile medical devices that contain sensitive information and could be compromised by malice, mischief or chance due to unsecured entry points or unsecured portable media. These include open consoles, ports, default/weak passwords and easily pilfered storage such as CompactFlash cards. For this exercise, the focus will be on patient-accessible areas of the medical facility.
The unintentional mishaps are not hard to imagine, as family members stricken with grief work to update loved ones and suddenly find that their phone is at 6% battery. Any open USB port in sight becomes fair game. In a recent ECRI finding, the direct effects of those actions could result in device shutdowns, compromises to device settings and performance, or devices failing to monitor or alarm. As a cost-effective protection, USB port blockers are a simple solution to these situations in concert with staff education and can even deter low-level opportunistic threats.
Another point of exposure are open network jacks, which are less prone to casual contact since few people carry network cables with them but still offer an entry point. Many facilities have “non-OIT” networks, which tend to be less secure and can usually house a variety of systems such as access controls, cameras, building automation (boiler/HVAC controls), elevator lift controls, nurse calls, etc. An open port in a lobby adjacent to a check-in kiosk or display board could provide a foothold on a weak network design. There is some comfort in that there are safeguards throughout the OSI ladder, but as Mr. Miyagi would counsel, the best defense is “no be there.” With such sage wisdom in hand, only run patch cables from panel to switch for documented devices where possible.
Wireless endpoints are also vulnerable. They are comprising more and more of the inventory but are also much more appealing to both the casual and professional offender. How can these be weak from a physical standpoint, outside of outright theft or poor media sanitization habits? Enter the dreaded default passwords that vendors love and HTM personnel are sometimes averse to change.
It is easy to search online for a make and model to quickly find a default service password for a given medical device. From this, one could obtain the IP/MAC address, SSID, and possibly the wireless key in addition to the possibility of data exfiltration, alarm manipulation or other compromise of the device that could do serious patient harm.
Even if you have changed the default password, you should always ask yourself “Is it strong and has it been reused?” Poor password hygiene can lead to hackers COMB’ing through your data. COMB, or the Compilation of Many Breaches, is a database that contains the combined usernames and passwords from previous exploits. To guard against this, many agencies offer secure password managers to ensure complexity and uniqueness.
As with other layers of the OSI, unneeded services and ports should be eliminated wherever possible and have an appropriate mitigating control where it is not possible. Maintain the critical eye and secure the low-hanging fruit, most notably the SD or CompactFlash that usually accompanies portable EKG carts. Follow these simple rules and you will avoid having your networks or hardware get, in Mr. Miyagi’s words, “squish just like grape.”
Now that you mastered the physical inventory security, I’ll see you at the All Valley.
– Andrew Aiken is a VISN 9 Information Systems BESS with the VA MidSouth Healthcare Network.