September 9, 2019

How to Address Security Challenges Caused by Internet of Medical Things (IoMT) Devices


In a second article in our two-part series on the security vulnerabilities related to the Internet of Things (IoT), we offer a closer look at the growth and challenges of IoT in the healthcare industry including wearables and other connected devices. In this article, we examine the lack of security presented by the use of IoMT and an innovative new approach to address these concerns.

How to Address Security Challenges Caused by Internet of Medical Things (IoMT) Devices

We recently posted a blog article on the topic of IoT security, where we looked at the vulnerabilities these devices pose, why traditional security solutions such as endpoint detection and response (EDR) don’t work, and how an innovative new security approach from ARIA Cybersecurity Solutions can overcome these challenges.

Related resource: For more information, download our new eBook, “New Challenges Call for New Solutions: Advances in IoT Cybersecurity,” today.

In this follow-up article, we’ll take a deeper dive into IoT security by exploring the Internet of Medical Things (IoMT). We’ll highlight five different kinds of IoMT devices and technology, show how they inadvertently contribute to security issues, and describe how a new solution from ARIA Cybersecurity can now address these IoMT security challenges. 


Why do we need IoMT security?

Today, IoT devices are growing in number--and growing quickly. Gartner forecasts that over 20 billion devices will be deployed by the year 2020, a great many of which will be IoMT devices. Yet IoT and IoMT devices are notoriously difficult to secure, leading to a significant security risk.

Why is this? Every unsecured network-connected device in your environment represents a security risk that, if not addressed, can contribute to much larger, more significant issues such as patient health and safety. Other adverse effects could include the loss of patient health information (PHI) and other data exfiltration, failure to comply with HIPAA, unauthorized access and use of important healthcare systems, and more.

Today, IoMT has rendered traditional perimeter security virtually obsolete. Once an attack has successfully gotten inside the network, the security solutions in place can likely not stop it, because they don’t have complete visibility of the network traffic (particularly east-west). The visibility problem is exacerbated by the fact that most of the IoMT devices can’t be detected by security resources.  One final point is that it’s possible that certain devices have been authorized to access the network. All of these together present a serious gap to exploit; so once a malicious actor is inside, they can move within and across the network gaining access to all of the data and assets on the network. 

It’s also worth pointing out that IoMT devices are generally not designed with security in mind, either for the device itself or the data it collects. As described in our first article on IoT, these devices generally have limited compute power and memory capacity, both of which make it difficult (if not impossible) to host EDR software. Until this is resolved, IoMT devices will continue to contribute to security concerns and potential data breaches.

Hospitals and healthcare organizations must balance the benefits IoMT technology provides while making sure that they have the right policies and protocols in place for true IoMT security. Yet clearly IoMT devices are here to stay and present valuable technology to monitor patients’ health, sustain proper body functions, and transmit important data to doctors and medical teams.  

Five types of IoMT devices

As the trend of IoT continues to explode, the number of IoMT devices will also climb. Currently there are many different types of IoMT devices in the following categories:

  • Consumer health-monitoring technology: Devices such as FitBit, Nike Fuelband, or Withings track monitor an individual’s health or specific workout plan and connect to mobile devices using BlueTooth technology. These devices are troubling in that they “walk” into an environment, aren’t “sanctioned” by healthcare organizations, and are undiscoverable on the network. 
  • Internally-embedded medical devices: Consider the example of pacemakers or other devices that are physically implanted in the patient but still communicate wirelessly (either with proprietary protocols or Bluetooth). Similar to the case above, these IoMT mobile devices come and go, but they are allowed on the network, and the lack of security could put the patients health at risk.  
  • External medical device wearables: This category includes equipment such as portable insulin pumps and other examples. These devices also use proprietary wireless protocols to send data and vital information to patients and doctors.
  • Stationary medical devices: These types of IoMT devices can include hospital-based chemotherapy stations, homecare cardio-monitoring systems, and more. These devices tend to use traditional wireless networks, especially WiFi networks, to relay data. 
  • Legacy medical systems and equipment: On the other extreme are legacy systems and technology that have been around for 15 years or even longer. For example, think of the PACs, x-ray systems, and CAT scan equipment currently in use by most hospitals and health systems. Many of these devices are currently using operating systems that were developed in the last millennium and generally can’t be patched or adequately maintained. They can’t host modern EDR applications, yet the risk is still the same. They must get the same protection as even the most cutting-edge wearable device.


A new approach to securing the IoMT

When it comes to managing IoMT security, there are three major considerations:

  1. How do identify the devices as they connect to the network.
  2. How to determine/enforce what other applications, systems, and devices they can communicate with.
  3. How to make sure, if something does go wrong, that these IoMT devices do not harm or do no harm to the rest of the network or the larger organization.

To provide these capabilities, and in turn, develop better IoMT security, ARIA Cybersecurity Solutions recently released powerful new capabilities within the ARIA Software-Defined Security (SDS) platform. This solution can now detect and monitor IoMT devices by inspecting network data as it flows from these devices. The ARIA Packet Intelligence application successfully classifies data on the fly, and if desired capture and record, without affecting its delivery while also generating Netflow data.  This provides visibility to IoMT devices in network aggregation points that are usually “one step back” in the wireline network.

Using a simple API, virtually any SIEM (security information and event management), such as Splunk ES or QRadar, can ingest this NetFlow data from network devices and applications and run it through their powerful threat model to detect and assess threats of all kinds. This ability to correlate logs and network data sourced from the ARIA SDS solution makes this combined solution extremely effective at finding difficult-to-detect network-borne threats, especially those coming from IoMT devices.

This joint solution is a real advantage. Any SIEM, a standalone solution that is so effective in preventing threats once they’re detected, can now use our APIs to integrate to ARIA SDS and improve their ability to stop specific threat conversations. The threat is prevented, while allowing critical applications to continue to operate.

This approach overcomes challenges posed by IoMT security approaches in the past. More often than not, these methods attempted to either take out the device--not an option in healthcare settings where patients’ lives may depend on these devices--or shut down those applications the device communicates with. 

Now the ARIA Cybersecurity Solutions provides an easy-to-deploy solution that can secure IoMT environments by:

  • Automatically detecting and stopping threats
  • Never disrupting operations
  • Stopping threat conversations only; not critical communications
  • Preventing the spread of threats from unsecured IoMT devices into the rest of the organization

For more information, download our new eBook, “New Challenges Call for New Solutions: Advances in IoT Cybersecurity,” today.

Tags: cybersecurity, intrusion response, IoT, intrusion detection