Exploiting Connected Medical Devices

Connected Medical Devices

The Phantom Menace: 

The healthcare industry is being increasingly targeted by ill-intended actors. This past year there were countless attacks on healthcare, with two major victims being the Irish health service system and the Azienda Sanitaria Locale (ASL) of the Regione Lazione in Italy. These are just two examples of the disruption that can occur following a cyberattack on the medical industry. The Lazio’s ASL was targeted to disrupt the vaccine campaign, something the perpetrators manages to achieve. In the case of Ireland, while the motive was unclear, the disruption caused by the attack resulted in the death of a 36-year-old woman. Casualties, thankfully, are rare, but physical consequences of cyberattacks are quickly becoming a new norm, especially since on average, there are 10-15 healthcare connected medical devices per hospital bed.

More traditionally, bad actors target healthcare delivery organizations (HDOs) because of the potential for quick earnings. Protected Health Information (PHI) is extremely valuable. On the black-market, medical records go for up to $250 each, compared to the second most valuable type of record (payment cards) which reaches only $5.40.

Attack of the Hackers: 

Cybercriminals are always trying to find new ways to exploit vulnerabilities, and healthcare connected medical devices offer such opportunity. Attackers can hack and manipulate personal medical devices. In doing so, malicious actors have the power to adjust – and even turn on and off – these devices, potentially harming patients. The interconnected environment of healthcare delivery organizations (HDOs) allows for lateral movement. This means bad actors can infect/gain control over more devices and/or the entire system.

Threat actors are turning towards hardware-based attacks to infiltrate their targets, using IoMTs and traditional IT as entry points to the organization. To access such assets, perpetrators might try to infiltrate the structure and plug in a thumb key USB or a spoofed device. Moreover, healthcare facilities, such as hospitals, are relatively accessible. With hundreds of people walking in and out every day, a malicious actor can slip in with the crowd. However, in many cases, they won’t even have to do it themselves… They will simply exploit people’s naivety through social engineering. Employees are highly susceptible to social engineering, whereby they unwittingly bring a spoofed device inside the organization.

The Invisible Disease: 

Spoofed peripherals bypass existing security solutions due to Layer 1 manipulation. Existing solutions, such as NAC, EDS and IoT security, fail to cover Layer 1. As such, spoofed peripherals are recognized as the legitimate device they impersonate, thereby raising no alarms. In other words, these malicious devices face no obstacles once inside the organization and allow the perpetrator to move laterally throughout the network.

A New Hope: 

A safe response against these threats is the HAC-1 solution developed by Sepio. The HAC-1 solution calculates a digital fingerprint of all IT, OT and IoT assets, meaning every healthcare connected medical device gets detected for what it truly is. Additionally, the comprehensive policy enforcement mechanism of the HAC-1 solution, combined with its Rogue Device Mitigation capability, means that any unapproved or rogue hardware, such as spoofed peripherals, is blocked instantly, preventing any hardware-based attacks from occurring.

Sepio platform uses a novel algorithm, a combination of physical layer fingerprinting module coupled with a Machine Learning module – providing the sought-after visibility and enforcement level, it is further augmented by a threat intelligence database – ensuring a lower risk hardware infrastructure.

Hardware Assets Control solution for iot security

Sepio Hardware Access Control HAC-1, provides 100% hardware device visibility.

HAC-1 enables Hardware Access Control by setting rules based on the devices characteristics.

HAC-1 instantly detects any devices which breach the set rules and automatically block them to prevent malicious attacks, and in this case with Connected Medical Devices.

The idea is to Verify and then Trust that those assets are what they say they are.

With greater visibility, the zero-trust architecture can grant access decisions with complete information.

Thus, enhancing the enterprise’s protection within, and outside of, its traditional perimeters.

The Hardware Access Control capabilities of HAC-1, block Rogue Devices as soon as they are detected

Our HAC-1 solution stops an attack at the first instance, not even allowing such devices to make network access requests.

Sepio Hardware Access Control HAC-1 provides 100% hardware device visibility. No device goes unmanaged. Rogue Devices are block as soon as they are detected. HAC-1 solution stops an attack at the first instance, not even allowing such devices to make network access requests.

Physical Layer Fingerprinting

Sepio is the only company in the world to undertake Physical Layer fingerprinting . HAC-1 detects and handles all peripherals; no device goes unmanaged.

With this total visibility, a stronger cyber security posture is achieved. There is no longer needed to rely on manual reporting or employee compliance. Sepio manage security and provides answers to questions such as:

  • Do we have an implant or spoofed device in our network?
  • How many IoT devices do we have?
  • Who are the top 5 vendors for devices found in our network?
  • Where are the most vulnerable switches in our network?

Having visibility across all hardware assets provides a more comprehensive cyber security defense.

Reduce the risk of a hardware attack being successful and our private health data being stolen.

Founded in 2016 by cybersecurity industry veterans from the Israeli Intelligence community, Sepio’s HAC-1 is the first hardware access control platform that provides visibility, control, and mitigation to zero trust, insider threat, BYOD, IT, OT and IoT security programs.

Sepio’s Technology

Sepio’s hardware fingerprinting technology discovers all managed, unmanaged and hidden devices that are otherwise invisible to all other security tools.

Sepio is a strategic partner of Munich Re, the world’s largest re-insurance company, and Merlin Cyber, a leading cybersecurity federal solution provider.

Heavy spending on cybersecurity should bring a high return on investment, yet gaps in visibility limit this. Sepio Hardware Access Control (HAC-1) solution provides a panacea to gaps in device visibility to ensure you are getting the most out of your cybersecurity investments.

HAC-1 integrates with existing solutions, such as NAC, EPS, SIEM and SOAR, to enhance the organization’s cybersecurity posture. HAC-1’s deep visibility capabilities mean no device goes unmanaged; the solution identifies, detects, and handles all IT/OT/IoT devices.

Moreover, HAC-1’s policy enforcement mechanism and Rogue Device Mitigation capabilities instantly block any unapproved or rogue hardware, and in this case with Connected Medical Devices. In doing so, ultimately, HAC-1 enables a Zero Trust Hardware Access approach which stops attackers at the first line of defense.

Sepio supporting compliance

Sepio Hardware Access Control (HAC-1) solution provides entities with the Physical Layer coverage they need to obtain complete device visibility. And, in doing so, also provides protection against hardware-based attacks.

As the leader in Rogue Device Mitigation (RDM), Sepio’s solution identifies, detects and handles all peripherals; no device goes unmanaged.

Connected Medical Devices

HAC-1 uses Physical Layer fingerprinting technology and Machine Learning to calculate a digital fingerprint from the electrical characteristics of all devices and compares them against known fingerprints.

In doing so, HAC-1 is able to provide organizations with ultimate device visibility and detect vulnerable devices and switches within the infrastructure.

In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practice policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce.

When a device breaches the pre-set policy, HAC-1 automatically instigates a mitigation process that instantly blocks unapproved or Rogue hardware.

Furthermore, HAC-1’s RDM capabilities support compliance with Section 8 of the EO, which concerns the government’s investigative and remediation capabilities. Section 8 focuses on enhancing data collection efforts in order to improve the investigation and remediation processes following an incident. HAC-1 logs all hardware asset information and usage and maintains such data for a period defined by the system administrator.

Leave a Reply