Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
IoT and Healthcare: Serious as a Heart Attack
October 19, 2020
How many are we talking about? Well, per Alpine Security, there are roughly 10-15 connected devices per hospital bed in the US, and new “smart beds monitor up to 35 data points, including blood, oxygen, and pressure sensors.”
…many of these devices were designed with little to no security in mind, [and] they may have hardcoded passwords that facilitate tampering by anyone with physical or network access. Other security measures that may not be present include user authentication and absence of encryption in wireless communications.
At any given time roughly 612,000 people are hospitalized, so by my math that represents more than nine million points of potential mischief at a given moment.
But wait – there’s more. IoT hacks aren’t just about cases where a connected device is the point of entry. We also have to include instances where devices are affected due to a larger system compromise. This is precisely what happened earlier this year at Düsseldorf University Hospital in Germany, where a ransomware hack resulted in the first known death from a cyber attack.
In other words, that nine million number above is a very conservative estimate of the true magnitude of the problem.
None of this is new. We’ve known about these sorts of threats for years. And in one case a device maker was aware of a vulnerability for a year before doing anything.
Don’t panic, though. Sean Tufts, our Practice Director of Product Security for ICS & IoT, says hackers “are far more interested in things like patient data, which they can sell, and ransomware payments from targeted organizations.” (A stolen medical record can be worth up to $250 on the black market, compared to a mere $1 for a credit card.)
“Medjacking [medical device hijacking] might seem like an interesting exercise for some,” he says, “but there’s typically no payoff.
“Of course,” he adds, “being more trouble than you’re worth isn’t exactly a strategy.”
There have been no documented cases of medjacks directly targeting patients to date, but it isn’t unthinkable. Former VP Dick Cheney had his heart implant’s wireless functionality disabled when he learned it could be hacked. It isn’t hard to imagine a scenario where an attacker, operating out of political motivations or economic ones, might seek to assassinate someone or hack a device and demand ransom.
Unfortunately, many healthcare facilities (if not most) aren’t as prepared as they need to be.
An effective healthcare IoT security strategy can be complex, but it’s both necessary and doable. Experts say the solution needs to operate on multiple fronts, with both healthcare providers and device manufacturers implementing stronger safeguards.
Tufts says facilities are advised to closely assess the security culture of manufacturers, identify device vulnerabilities and work closely with them to assure development is conducted in accordance with the most stringent best security practices. Improved staff training is important, and an information architecture that segments IT and IoT networks is essential.
Most valuable, though, is a robust Managed Detection and Response (MDR) platform. “The key is to integrate threat monitoring, detection and response services. You can tailor a solution with a mix of technologies, advanced analytics, hunting, threat intelligence and human expertise in incident investigation and response,” says Tufts. “And that customization is central to maximizing your resources. We’re talking about everything from small offices and community hospitals to huge national systems, and everybody’s situation and budget is different.”
So no, there’s no reason to panic, but there’s every reason to be vigilant, aware and prepared. And for Cybersecurity Awareness Month 2020, we’re going out of our way to stress that awareness can and must inform action.
#BeCyberSmart, and if you have questions or need a hand give us a holler.
October 01, 2020
October is Cybersecurity Awareness Month. Tune in for tips to stay safe from cyber threats.
September 30, 2020
October is Cybersecurity Awareness Month. We’ll be providing resources to drive heightened awareness and translate awareness into action.
October 12, 2020
Optiv IoT expert John Bock walks us through a step-by-step process that safeguards you against 99% of the home network IoT threats you’ll face.
Let us know what you need, and we will have an Optiv professional contact you shortly.