By Inhel Rekik
More and more medical devices need to connect to the network to talk to other applications such as the EMR or to receive software updates. For the majority of medical devices, you can’t install your own antivirus on them or apply security controls at the operating system or application layer on the medical device. One way to protect medical devices from malicious activity is to segment the network. There are two ways to segment a network – VLAN or microsegmentation.
What’s a VLAN? A VLAN defines broadcast domain in a layer 2 network. It defines which devices talk to each other without having to physically install several networks. Routers operate at a layer 3 and are used to bridge layer 2 networks. The advantage of layer 2 networks is that all devices can talk to each other. This is the case of the patient monitoring network.
The issue with the VLAN approach is that a corrupted frame can disrupt the whole network. This can affect one VLAN or several if NIC and switch ports are configured to do trunk access.
Security professionals have come to the conclusion that VLANs are not enough. Microsegmentation is the new way of securing medical devices on a network. It allows networked devices to only talk to end point devices they are allowed to talk to and uses virtual routers to communicate between segments. It limits the propagation of malware or malicious activity. However, it requires a full understanding of applications’ interactions and communications patterns which makes security policies very difficult to put in place. Microsegmentation gives network administrators other ways to describe the workload such as type (database, server, web application), operating system, its use (production or test), and what kind of data will be transmitted through the network by the workload (PHI, financial, low sensitivity). These characteristics are all independent of the physical location and environment of the workload since these two requirements tend to change over time. They are combined to create sophisticated security policies. Since creating these policies and managing them can be very tedious and complicated, some network security tools use machine learning to analyze which applications are communicating and automatically generated rules. These rules need to be evaluated by security analysts.
Microsegmentation is tedious to establish and maintain, but once it’s done it makes securing your environment a lot easier especially with IOT devices being deployed more and more. It’s important to note that not all HDOs will be able to segment their network, especially if they reside on old infrastructure.
As we implement sophisticated ways to protect our network from an attack, medical device manufacturers need to work their way into being compatible with security tools. They also need to be aware that by creating more IOT medical devices they are also increasing cybersecurity risk, creating a vulnerable environment and increasing the impact of a compromise on patient health. One main question to ask when designing a medical device is what’s the risk versus benefit of connecting the medical device to the Internet or the local area network? Can some of the risk be eliminated by incorporating security elements such as encryption of the network communication and allowing the application of the security controls on the device itself?
Inhel Rekik is director of health technology security at MedStar Health.
