Physician, Heal Thyself: Protecting Healthcare Systems is an Emergent Need

table of contents

Earlier this year, Kaiser Permanente suffered a breach that led to the exfiltration of the personal data of 13.4 million patients. Late last year, Delta Dental of California suffered a breach that exposed the information of 7 million patients, and a ransomware gang captured the personal data of 5.8 million PharMerica patients. Sav-Rx and WellTok also suffered the compromise of multi-millions of patient records. In March, a debilitating cyberattack cost the UnitedHealth Group in Massachusetts $24 million a day, leading the Secretary of Health and Human Services to say that healthcare breaches are “growing in popularity and severity.”   

We need a diagnosis:

What is driving this increasing trend of attacks on healthcare providers’ networks?   

One reason may be that encrypting electronic medical records for ransom is an attractive strategy because healthcare organizations are highly motivated to pay up to get access restored so they can prevent harm to patients under their care.  

Another is that healthcare organizations are high profile, so a successful attack on one can help a hacker group become more infamous. This amplification of their nefarious reputation is valuable to them as recognition and as leverage in pursuing ransom demands from other victims.  

Finally, we can cite the fact that patient data often also contains PCI payment information, which is an obvious target for hackers. So, for these (and possibly more) reasons, healthcare is an attractive and lucrative target for cybercriminals.  

Compounding this is the fact that the attack surface in healthcare networks is diverse and challenging to secure. In addition to the complex topology of a modern enterprise with data centers, cloud instances, user endpoints, and IoT devices (like smart TVs, security cameras, and printers), healthcare providers add many types of IoMT (Internet of Medical Things) devices, such as infusion pumps, medication dispensary carts, telemetry monitors, and imaging devices to the potential attack surface. And, of course, they have the crown jewel application of their Electronic Medical Records application, such as EPIC.  

All the IoMT devices are vectors of attack, and they can be used by a hacker to propagate the attack to the rest of the network landscape. They need to be protected, and just as zero trust microsegmentation is a foundational technology that is being used to stop the spread of an attack within the IT environment, it should also be employed to stop malware in IoT and IoMT.  

We have a proven Rx

With our Xshield Enterprise Microsegmentation Platform™, unauthorized traffic between devices in the east-west horizontal plane and the north-south plane up the network stack is prevented. For IoT and medical devices, this is enforced by our agentless Gatekeeper appliance, which is installed adjacent to the switch. This stops the spread of an attack after an initial compromise, preventing a breach from becoming a crisis. 

First, an X-ray of the network is indicated 

Xshield’s network map visualization interface allows the administrative user to view assets and traffic in the environment using many (circa 20) drill-town dimensions, such as assets, applications, dependencies, physical location, custom attribute tags, etc. This lets different user personas, such as the security, application, and infrastructure teams, each have a view of the environment that better fits their needs.  

The mapping interface provides multi-level visibility into the whole enterprise environment across IT and IoT/OT. It provides a focal point for traffic analysis and policy design. Using it, administrators can quickly identify misconfigurations, deprecated protocols, and dangerous communications.

Xshield is not limited to protecting only the IoT/IoMT devices, as are some point solutions. It is a holistic microsegmentation solution that protects all types of endpoints pervasively. This is important because your microsegmentation deployment should cover all types of assets and endpoints in the enterprise landscape. If enforcement is not pervasive, it won’t prevent a breach from spreading. Hackers will just walk around the gate if it is not part of a continuous fence. ColorTokens offers zero trust policy enforcement that covers data center servers, user endpoints, Kubernetes containers, cloud workloads, IoT/IoMT devices, Industrial Control Systems/Operational Technology, and even legacy operating systems. It has been used by leading hospital systems to secure their EMR patient data. It flexibly uses both agent-based and agentless policy enforcement points for the different use cases, all through a unified administrator console, which decreases complexity and administration manpower needs.  

Leaders should consider that even if they do not currently use the full breadth of endpoints, their microsegmentation strategy should be future-proofed. For example, they may not currently have deployed modern microservice-based containerized applications, but that is the future direction of enterprise applications, and their microsegmentation solution should be able to expand to manage them seamlessly in the same administrator console as their data center servers, user workstations, and IoMT devices. 

Of course, if you want a second opinion… 

ColorTokens has a superior solution to satisfy the critical need to protect healthcare systems.  But don’t rely only on our assessment; by all means, get a second opinion! One is available from the leading analyst firm, Forrester.  Of the four companies that attained Leader status in the Forester Wave: Microsegmentation Solutions published this month, only ColorTokens received a superior rating in securing Operational Technology, healthcare, and IoT systems.

We concur with the specialist, and we’re justifiably proud of this superior assessment. We believe it reflects our commitment to building solutions to protect these critical environments. You can access the full report here: https://colortokens.com/report/forrester-wave-microsegmentation/ 

Our experienced solutions team would like to speak with you about how we can help you secure your healthcare systems, including critical EMR applications, IT assets, and IoMT devices. You can reach us at www.colortokens.com/contact-us.