The author presents to the HIMSS19 Eurasia Health IT Conference and Exhibition in Istanbul, Turkey |
Healthcare has been transformed over the past century from a largely palliative care delivery model for the sick and dying to an advanced technology-infused and increasingly digitized integrated healthcare delivery model. Technology has fueled massive improvements in patient outcomes. It has enabled us to improve the human condition, to beat diseases that used to ravage families and communities, and to live longer and better than ever before. This was the subject of my presentation today at the HIMSS19 Eurasia Conference held in Istanbul, Turkey.
Increasing use of artificial intelligence and personalized genomic medicines will continue to push the boundaries of care forward in a highly positive way. But digitization comes at a cost, and that cost is in the form of new cybersecurity risks to the confidentiality, integrity, and availability of personal health data and the IT systems that are relied upon to provide care to patients. In fact, in today’s healthcare delivery model, clinicians would find it extremely difficult to maintain the current levels of patient care if health IT systems—and increasingly healthcare IoT—are not available to diagnose, treat, manage, and monitor patients.
The number of connected IoT systems surpassed the global human population sometime around 2007-2008. Today, there are in excess of 20 billion IoT devices connected to the Internet, and most have little to no security designed into them at all! Estimates suggest that by 2050 there will be in excess of 1 trillion connected devices—many of them employed in healthcare.
With so many endpoints in our hospitals and clinics, how do we even go about tackling this expanded threat landscape? A good start is adopting a risk-based approach to healthcare security.
You can’t assess what you don’t know about, and with such a large number of medical devices and other HIoT systems used across healthcare, identifying even a basic inventory of IoT assets is an almost impossible manual task given the ever-changing number of connected devices.
That’s where tools like Cylera's MedCommand™ platform come in.
Cylera's MedCommand™ platform will identify HIoT assets, perform a full risk analysis of each device and device type, profile the legitimate traffic patterns of each device type for zero-trust security controls, alert on any anomalous traffic detected outside of legitimate traffic patterns, and even automatically remediate discovered risks with compensating security controls via a hospital’s existing network access control and/or firewall technology.
Cylera's Richard Staynings and Timur Ozekcin |