Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
February 18, 2022
The healthcare sector has been a primary cyber crime target for some time, and the industry saw a record number of ransomware attacks in 2021.
Ransomware is obviously a major concern, but it isn’t the only threat healthcare organizations need to watch. The medtech market grew 6.3%, posting a fourth consecutive year of growth, and we’re seeing an increase in the number of medical devices deployed. We also see an increase in the different types of devices such as:
These devices are critical to a patient safety. Still, since manufacturers often provide day-to-day care and feeding, organizations may not be aware of their current security posture. Optiv has worked with hundreds of large healthcare organizations and thousands of hospitals, performing security assessments and other consulting types of engagements, and have found that the security of medical devices is hit and miss. Some organizations have taken on the responsibility of securing these devices, while others trust security to the manufacturer/vendor.
Which approach should your organization take? We always recommend that you “trust, but verify.”
According to the Medigate data team, 2021 saw:
These findings reflect our experience. In two recent cases, the Medigate Device Security Planform (MDSP), which Optiv uses for our HIPAA Risk Assessment engagements with IoT analytics and discovery, identified multiple medical devices with active connections to known malicious sites or addresses in foreign countries. The organizations had decided to leave their medical device security to the manufacturer/vendor in both instances.
In many cases, healthcare organizations have no choice but to depend on manufacturer/vendor support, but that doesn’t mean your IT security team can’t implement additional security controls. We recommend a managed risk approach to any devices added to an environment. Here are a few general risk reduction recommendations:
First - Segment your medical devices to isolate them from other network areas and limit access provided to your vendors. The approach has multiple benefits:
Second – When possible, endpoint protection practices should be used to protect the medical devices and the PCs used to control them. Anti-virus, EDR, MDR and XDR are all vital security controls to implement.
Third - Identity management is critical to limiting access to these devices. Remove default accounts and, if possible, bind authentication for the organization authentication system. Ensure that users adhere to your password change policy.
Fourth – Organizations should keep an accurate inventory of their medical devices. Know what devices are operating on your network. Once you have an accurate inventory, you can check for vulnerability disclosures from manufacturers using the National Vulnerability Database (NVD). Perform vulnerability scans before deploying new devices.
Fifth – There are several medical device security platforms available. These systems afford an in-depth view of your medical devices, providing analytics such as anomaly detection, mapping, aggregating unmanaged devices and network policy management. These systems can also assist with optimizing device utilization, providing an organization with a higher return on investment.
These five recommendations aren’t an exhaustive list, but implementing them will greatly reduce your medical device attack surface and provide warning in the event of an attack. If you want to document your risks and build risk mitigation strategies to reduce those risks, Optiv can assist with building the business case and prioritizing controls.
Optiv Security: Secure greatness.®
Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy and operate complete cybersecurity programs from strategy and managed security services to risk, integration and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber risk so you can secure your full potential. For more information, visit www.optiv.com.
March 22, 2023
Our solution suite helps address a comprehensive range of healthcare-related security challenges and compliance regulations.
September 15, 2021
HITRUST helps clients create, access, store and transmit information safely and securely, while increasing transparency.
March 17, 2023
Our Security Strategy Assessment gauges your security program against big-picture corporate initiatives.
Let us know what you need, and we will have an Optiv professional contact you shortly.