Saturday, September 23, 2023
Saturday, September 23, 2023

How a Security Operations Center Can Elevate a Hospital’s Cybersecurity

Security Operations Center

by Scott Trevino, Senior Vice President of Cybersecurity at TRIMEDX.

How important, yet still often insufficient, hospital cybersecurity remains was underscored again in early March when three cybersecurity companies took a most unusual step: They offered their services for free.

CrowdStrike, Ping Identify, and Cloudfare announced their voluntary effort amid growing worries over a retaliatory cyberattack against the U.S. as it continues to support Ukraine in its war with Russia, according to The Washington Post. Four months of service was offered free to utility companies and hospitals — “the most vulnerable and currently underprotected sectors.”

Hospitals have been a popular target of cyber actors, an unsettling trend for health system CEOs yearning to identify cost-effective measures to bolster their defenses without compromising patient safety. For example, nine out of 10 top executives at large hospitals would value a managed cybersecurity service such as a security operations center (SOC), TRIMEDX research indicates.

For hospitals, reaping full value from an SOC hinges on one of two factors. The SOC works in tandem with a cybersecurity provider with clinical engineering expertise for medical devices or the SOC has medical device cybersecurity expertise itself. Medical devices present unique cybersecurity challenges.

Meanwhile, SOC operators already broadly acknowledge that a lack of deep technical knowledge exists, according to the 2021 security operations center survey by cybersecurity training collaborative SANS Institute.

An SOC coupled with clinical engineering expertise for medical device cybersecurity can elevate a health system’s defenses amid a climate that by many accounts is only going to get worse.

What is a security operations center

Staffed 24/7/365 by a team of subject matter experts, an SOC uses sophisticated technology to monitor, detect, and respond in real-time to cybersecurity threats. Its basic role revolves around typically connected devices such as computers, smartphones, and tablets. Basic functions include maintaining a comprehensive inventory, monitoring device behavior to detect anomalies, risk management, threat hunting and response, and root cause investigations.

Building a security operations center is costly and time-consuming and requires ongoing attention. As a result, many organizations turn to a managed service provider. Likewise, many health systems turn to a third-party service provider knowledgeable about medical device cybersecurity and clinical engineering to work in unison with the SOC. The medical device service provider is able to profile devices and their behavior and is uniquely able to take action on a device to remediate a risk while the SOC monitors, assesses, analyzes, and responds to incidents.

The SOC monitors and responds at a network architecture level. The medical device service provider works at the device level. And much as an SOC requires highly skilled specialists, so too do medical device cybersecurity service providers. Specifically, they require a combination of clinical engineering expertise for medical devices coupled with cybersecurity expertise specific to medical devices.

Why medical device cybersecurity extends beyond monitoring

Hospital cybersecurity now extends far beyond traditional hardware such as desktops, laptops, and even mobile devices. Medical devices such as imaging machines and infusion pumps are increasingly being connected to the internet while cyber threats continue to rise. And securing a medical device is unlike securing a laptop.

Software patches and any other changes to a medical device require a risk assessment as well as validation of the software from the original equipment manufacturer. But long-term manufacturer support isn’t a given. Other than in the instance of an FDA recall, original equipment manufacturers are not required to issue updates, patches, or other remediations. And as devices age, manufacturers often deem the equipment to have reached “end of life,” and they quit providing support.

In these instances when a problem arises, a clinical engineering team or information technology team with medical device expertise can identify and deploy compensating controls. Compensating controls include measures such as disabling services on the devices, enabling encryption if available, network segmentation, or reviewing and ensuring network routing.

As hospitals take steps to strengthen their network defenses, a security operations center provider working with a provider of medical device cybersecurity services can form a formidable one-two punch. An SOC empowers a health system to be proactive versus reactive and reduces the chances of false-positive threats, increases early detection, and improves response time to remediation. A medical device service provider bolsters those efforts because of its expertise outside the scope of what a traditional SOC can provide and can “touch” the device to implement the fix.

How to get started with a security operations center

Before moving forward with an SOC to improve a health system’s cybersecurity efforts, some baseline questions are worth examining.

Assess where your existing cybersecurity efforts are relative to your medical devices. Full value out of an SOC requires a complete understanding of your medical device inventory: where it is, how it is used, and regulatory requirements.

Assess how your existing technology solutions can provide real-time threat information and behavioral anomalies to the SOC to analyze and act on.

Determine whether staffing is adequate to address the number of devices you have. Also, know whether the expertise and training are sufficient to cover enterprise IT assets and specialized assets such as medical devices.

Explore which SOC option might work best for your health system: partner, buy, or build. As noted earlier, the initial startup cost of building an SOC yourself and finding qualified staff can be challenging, so many organizations partner in-house staff with outside experts or outsource the services entirely.

The threat from cyberattacks is unrelenting. Such attacks were predicted to inflict about $6 trillion in damages globally in 2021, according to research firm Cybersecurity Ventures. Put another way, that amount eclipses every global economy other than that of the United States and China.

Health care remains a prime target. A security operations center provider coupled with medical device cybersecurity expertise can provide real-time monitoring, risk assessment, and mitigation or remediation quicker and more thoroughly than hospital and health system IT staff can be expected to provide alone.

Editor’s Note: Scott Trevino is senior vice president of cybersecurity at TRIMEDX, and in this capacity, he leads efforts to define the strategy to deliver value, growth, and evolution of TRIMEDX’s cybersecurity solutions. Mr. Scott is responsible for identifying trends in cybersecurity technology, as well as recognizing and anticipating the evolution of clients, market, and industry needs to translate them into market-leading solutions that meet the needs of and bring value to clients.

Medical Device News Magazine
Our publication is dedicated to bringing our readers the latest medical device news. We are proud to boast that our subscribers include medical specialists, device industry executives, investors, and other allied health professionals, as well as patients who are interested in researching various medical devices. We hope you find value in our easy-to-read publication and its overall purpose and objectives! Medical Device News Magazine is a division of PTM Healthcare Marketing, Inc. Pauline T. Mayer is the managing editor.

Experts Views and Opinions

The Hollywood Writers’ Strike and Ethical AI | By Ed Watal, Founder & Principal — Intellibus

Watal writes, "Less than 12 months ago, with the debut of AI-powered ChatGPT, the true power of AI hit the mainstream. Since then, it has established an unshakeable belief in everyone’s minds that artificial intelligence is here to stay and will forever alter a number of industries." What do you think? Read on.

Viraj Gandhi On Automation and Technology – to Drive Progress in Pharmaceutical Manufacturing

This article takes a closer look at the key benefits of automation and technology in pharmaceutical manufacturing and how Medivant Healthcare harnesses these solutions to drive progress across our production facilities. Read what Viraj Gandhi has to say.

Limb Loss and Preservation Registry (LLPR) Transforms Care Through Data and Insights | By Shawn Murphy, Vice President, Thought Leadership & Innovation Foundation...

Shawn Murphy writes, "The Limb Loss and Preservation Registry (LLPR) represents a pivotal development in patient care. It stands as the first collaborative database that unites hospital and health systems, provider organizations such as Accountable Care Organizations (ACOs), Integrated Delivery Networks (IDNs) and orthotic/prosthetic (O&P) practices, focusing on both upper and lower extremity acquired and congenital limb differences, as well as limb preservation populations. This collective effort has the potential to drive substantial advancements in patient outcomes, treatment effectiveness and care quality." Read to learn more.

It Takes an Ecosystem – Bringing Stakeholders Together is a Critical 1st Step to Solving Problems In Healthcare | By Andrew Cleeland, CEO, Fogarty...

Andrew Cleeland writes, "Introducing a new medical therapy or technology is a complex, expensive, and time-consuming journey, one that is fraught with significant risk. While innovation often starts with a clear, well-defined unmet clinical need, it must be paired with an equally compelling value proposition. My mentor, Dr. Thomas Fogarty, once said, “An idea, by itself, has no importance whatsoever; it is the implementation of that idea and its acceptance by others that brings benefit to our patients.” Read on.

Chemotherapy Starts With Scalp Cooling Treatment: The Path to Improved Access | By Claire Paxman, Director of Global Training of Paxman

Paxman writes, "When Real Housewives of Miami star Guerdy Abraira recently proclaimed “Chemo Starts Now” after shaving off her hair before starting her treatment for breast cancer in People Magazine1, this made me realize just how little the general public and even celebrities like Abraria know about the medical technology being utilized today, such as scalp cooling systems, to manage and prevent chemotherapy-induced hair loss." Read to learn more.

By using this website you agree to accept Medical Device News Magazine Privacy Policy