Cisco Blogs

Protecting Clinical Devices – the Achilles Heel of Healthcare

- December 1, 2016 - 0 Comments

Everyday, hackers and cybercriminals are infiltrating networks. And they are especially interested in healthcare. That’s because stolen medical records are profitable, selling up to 10 times more than credit card numbers on the black market. But even more lucrative than identity theft is a ransomware attack. Cyber criminals can charge a hospital millions to unlock their records, patient care, or patient admittance systems. And this isn’t an isolated incident – 91% of all healthcare organizations reported at least one data breach over the last two years.

medical hacker healthcare cybersecurity

The thing is, we know how it happens. We know the cybercriminals’ methods and what devices they use. Over the last decade, not much has changed except the sophistication of the tools and the bad guys’ ability to monetize their dirty work. They look for a means to get inside the secure network perimeter, subjugate a device or endpoint with malware, conduct discovery, pivot, and subjugate additional devices until they reach a system with data they can exploit.

So, we know what they are going to do, and how they are going to do it. Then why are most systems vulnerable? One significant reason is they are usually left in the open. Today we have the ability to secure many types of endpoints, but not clinical devices. That’s why they’re often referred to as “the Achilles heel of healthcare”. Many clinical devices were built at a time when security was not a major concern. Therefore, many don’t have any integrated defenses and can’t be easily secured without affecting their function.

Naturally, the hackers target these ‘sitting duck’ devices. To protect these devices without affecting function, IT needs to wall-off these devices from guest devices, BYODs, PS4s, and anything else that they should never talk to. But the two available options have some serious tradeoffs. One, they can operate a separate network, but that tends to be expensive.  Or, two, they can put the devices in a converged network, but they have to mix with everything else on the network. They can’t keep them separate because there is no structured means to identify clinical devices.

Medical devices locked

Well, there wasn’t until we introduced Cisco Medical NAC, a solution that identifies most clinical devices, onboards them onto a protected segment of your existing network, and monitors them for any potential breach.

The solution uses the Cisco Identity Services Engine (ISE) that offers a special library of more than 250 clinical devices and growing quickly, and use of the library is free for ISE customers. So, you can automate network onboarding of clinical devices and keep devices separate using the network you have in place today.  Medical NAC provides visibility into the network flow using Cisco Stealthwatch, so you can discover exactly what devices and systems the medical devices should be talking to before you create your network segments. It also allows you to monitor clinical device behaviors to help detect if they have been breached. If they have, you can quickly move them into a secure segment using Cisco Rapid Threat Containment.

If you want to know how it works go to, watch the video, and read the whitepaper.


In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.