Monitoring of medical devices to prevent security threats

In recent years, healthcare networks have become increasingly vulnerable to cyber-attacks. At the same time, there has been an explosion in the number and variety of medical IoT devices that are online or connected to a larger network. The classic narrative of insecure medical devices is related to the fact that older devices were not designed to be connected to computer networks. However, many newer ones are at least as insecure as the legacy equipment.

Legacy medical IoT devices may lack security features, but newer ones built around commodity components can have a whole different set of vulnerabilities that potential attackers are more knowledgeable about. Many manufacturers themselves don’t know what vulnerabilities their devices have.

Older devices are often based on dated technology like older versions of electrically erasable programmable read-only memory (EEPROM). You need an EEPROM reader to mess with them. The codebase is not on the Internet for hackers to look at, and you need physical access to the EEPROM to rewrite it. On the other hand, the newer devices frequently use software and hardware components that are much more familiar to potential attackers.

Insecurity in the current generation of medical IoT hardware also carries the potential for ongoing problems, not just immediate ones. While IT assets get replaced rapidly, IoT devices often have much longer replacement cycles. Quite often, network administrators have only limited access to them and cannot modify their settings, as they are remotely supported by the vendor’s customer service team.

On the other hand, older devices — even if they aren’t quite that old- often lack key capabilities — particularly, remote software updates and configurable password protection — that would help IT staff defend them against modern threats.

Moreover, some particularly vulnerable old devices tend to be more isolated on the network by design, in part because they’re more recognizable as vulnerable assets. For example, Windows 95-vintage x-ray machines are easy to spot as a potential target for a bad actor. These systems do not have vendor support anymore, so it is even more crucial to monitor who is accessing or logging to these devices.

Most hospital environments do a good job of recognizing that they have these old devices and the more vulnerable ones. Simple awareness of the potential security flaws on a given network is central to securing healthcare networks, regardless of whether we have new or old devices. It’s essential to make sure that companies with medical devices are enumerating their network, tracking their devices. Monitoring for attempted control or login to these devices should be part of the general network monitoring strategy, as it should be for any IoT device connected to a general computer network. A Professional SNMP monitoring system is an excellent start to do it. For more complex devices or systems, look for monitoring software supporting listening for performance or status data from various sources.