The Internet of Things (IoT) is ushering in an exciting digital renaissance that is redefining the traditional models of how healthcare is delivered. With IoT devices such as smart infusion pumps or connected inhalers, healthcare providers can now remotely monitor and adjust care. IoT devices in healthcare, where mobile and wearable devices are increasingly connected and working together to create a holistic medical picture that can be accessed anywhere by your healthcare provider, are expected to be worth $2.5 trillion by 2025, and are projected to add $285 billion in healthcare provider value to the global economy by 2020.[1]

The Burden of Cybsecurity on Healthcare

While these digital innovations are already delivering higher quality care, improved patient safety, and lowered costs, they also carry with them inherent cybersecurity risks that can put lives at risk in addition to creating economic losses for healthcare providers. In my previous blog, I highlighted how cybersecurity attacks such as the recent WannaCry virus can cause serious damage to our healthcare infrastructure. Ransomware attacks extort victims to recover valuable assets while data breaches now cost the healthcare industry an average of $6.2 billion per year.[2]

Experts are concerned about medical device security as many devices are still far too vulnerable to malicious attack. Imagine being in need of a time sensitive CT or MRI scan to make a critical medical decision but the imaging machines are unavailable due to a ransomware attack. This scenario isn’t farfetched; rather, it represents an alarming trend as assaults on IoT components, including operational systems, embedded devices, and consumer tech, skyrocketed almost 250 percent in 2015 alone[3].

 ISE, Stealthwatch and TrustSec for Visibility, Control, and Rapid Threat Containment

Managing cybersecurity risk is no small feat for healthcare providers, especially for those who have limited security budgets and staff. Savvy healthcare leaders are leveraging an integrated approach that provides:

  1. Comprehensive access and policy control, providing comprehensive visibility to devices that are connected to the network,
  2. Quick visibility threats and indications of compromise impacting the network, and
  3. The ability to apply scalable polices that rapidly contain these threats from further spreading across the network.

In my last post, I introduced the Cisco Medical Network Access Control (NAC) solution—a framework designed to address healthcare cybersecurity attacks. Let’s examine these components:

Onboarding and Identifying Medical Devices

Providing network access for both users and medical devices in a healthcare organization can be a complex process as administrators, healthcare clinicians, patients and visitors all need reliable and secure connectivity. Healthcare organizations must also adhere to strict privacy laws and guidelines such as the Health Insurance Portability and Accountability Act (HIPAA) to safeguard patient medical, financial, and electronic protected health information (ePHI), as well the Payment Card Industry Data Security Standard (PCI DSS). These regulations raise the stakes for healthcare organizations to discover, fingerprint, classify, and validate the posture of devices connecting to the network; and, ensure proper access controls, as the failure to do so can result in compromised patient safety as well as financial and legal repercussions.

Cisco Identity Services Engine (ISE) is helping healthcare organizations to gain device visibility and apply access control policy for more than 250 clinical devices and thousands of non-clinical devices. Cisco Stealthwatch enables organizations to monitor, in real time, any device on the network and detect behavior that is anomalous, malicious or in violation of organization policy. Integrating the two provides actionable intelligence about different classes of devices.

Access Control Policy with Software-defined segmentation

Many organizations have historically built highly-available, high-performance, flat networks. When a threat actor penetrates the perimeter of a flat network, the actor has network layer reach to everything.  One of the goals in reducing risk is to segment the network and implement policy controls to limit what can reach medical devices and applications. For example, infusion pumps and patient monitors are segregated from other networked hosts to prevent tampering and being the pivot point to other systems.

Traditional segmentation based on IP addressing is manual and time intensive. Cisco TrustSec simplifies network segmentation, making it software-defined. Policies about what devices and systems can talk to are expressed based on business intent (imaging machine can speak with imaging server) rather than topology (VLANs/VRFs with associated IP-based ACLs or FW rules). Proper segmentation is more easily achieved and maintained, thereby limiting the scope of damages.

And when an indication of compromise is detected – for example, Stealthwatch picking up data exfiltration from a point-of-sale terminal – ISE can be used to change the access permissions of the device from PoS to compromised-POS, and the policy, based on business intent, for what to do with compromised-POS machines is already defined. A security operator can even click a button in Stealthwatch to instruct ISE to perform this rapid threat containment.

With lives on the line, it is vital for healthcare organizations to ensure the security and integrity of their infrastructure. With Cisco Stealthwatch, ISE and TrustSec, healthcare organizations now have a potent trio that provides the comprehensive security infrastructure needed to protect against next generation security threats.

Click here to learn more about how leading healthcare systems are leveraging these Cisco tools to stay one step ahead in the security space.

[1] Intel: The Internet of Things and Healthcare Policy Principles

[2] Cost of a Breach: A Business Case for Proactive Privacy Analytics

[3] The Digitization of the Healthcare Industry: Using Technology to Transform Care


Kevin Skahill

Senior Director for Security Policy & Access

Secure Access and Mobility Product Group