The US Healthcare Industry Cybersecurity Task Force reported “In addition to data security and privacy impacts, patients may be physically affected (i.e. illness, injury, death) by cybersecurity threats and vulnerabilities of medical devices.”
Medical devices are difficult to secure. Device makers and HDOs have little faith clinicians and patients are protected. In many cases, budget increases to improve security only happen after an incident. Cyber Tygr assists healthcare organizations in creating and implementing Medical Device Security Programs. See our matrix and determine the level of support your organization needs.
Like laptops, IoT devices are endpoints connected to a network, often wirelessly. Medical devices are a special category of IoT, with an astounding average of 15 per hospital bed.
Hackers use search engines that hunt and find these unsecured IoT devices, especially medical devices. Every compromised IoT device can be a point of entry into the hospital network, allowing cyber criminals to monetize Personal Health Information (PHI) or Personally Identifiable Information (PII).
Even worse, IoT actuating sensors have the ability to reach out from a digital world and make changes to our physical world. Examples include altering the dosage of an infusion pump, modifying the frequency and severity of the shocks from implantable pacemakers and impacting the accuracy of an MRI.
Cyber Tygr has established partnerships with several of the industry’s sophisticated medical device security software architects. These solutions are generally hyper-focused on medical devices and layered within a broader existing security framework, leveraging existing perimeter security investments and reducing costs. This type of medical device security software provides an unprecedented level of visibility and control.
Cyber Tygr begins by deploying a solution to automatically discover the organization’s medical devices and provides a detailed device inventory. This inventory is grouped based on information gathered from network behavior and device communication traffic patterns establishing the foundation for the development of comprehensive, tailored and measurable Medical Device Security Plan.
Our Medical Device Security Services are flexible. Cyber Tygr will support healthcare organizations of all sizes with services designed around their specific needs. Four packages conveniently group these services creating effective strategies for implementation; Bronze, Silver, Gold and Diamond. See the figure below for more detail.
|Stakeholder Education (regulations, laws, standards and frameworks)|
|Assess Ecosystems (technical, policies and procedures)|
|Administrative, Technical and Physical Safeguards|
|Medical Device & IoT Inventory (detailed device data: model, OS, IP/MAC, vulnerabilities, location, Serial #, etc)|
|Device Risk Analysis|
|Device Risk Impact Scores|
|Establish Governance (roles and responsibilities)|
|Mitigation Options & Monitoring|
|Procurement (new devices and RFP for solution providers)|
|Project and Process Management (implementation through iterative risk mgmt.)|