At a recent Cyber Meetup, we discussed another reason behind cyberattacks: conflicts between countries now often involve modern warfare tactics, including a cyber platoon (a group of highly trained hackers supported by a defence department with all the necessary resources) targeting critical strategic sites such as hospitals. With the recent geopolitical tensions, this topic has become increasingly relevant.
Despite the high level of protection in hospital environments, the increasing number of cyber medical devices accessible from external networks for support and patching purposes poses a significant risk. Our discussion culminated in a list of recommendations to strengthen hospital cybersecurity considering these devices. Here it is:
1️⃣ Segment networks to isolate cyber medical devices, especially those accessible from external networks.
2️⃣ Limit device communication to essential systems, using secure channels and a least-privilege approach.
3️⃣ Manage legacy systems with strict controls, verbose logging, monitoring, and continuous vulnerability scanning tools.
4️⃣ Provide continuous staff training to recognize, report, and prevent security threats.
5️⃣ Collaborate with medical device manufacturers to implement a comprehensive cybersecurity management plan for the devices.
Given the increasing connectivity of medical devices to external networks, addressing cybersecurity risks is crucial for maintaining the hospital's secure environment.
At MedSec Testing, we provide specialized testing and support to identify vulnerabilities and help organise a comprehensive cybersecurity management plan for medical devices, ensuring compliance and a robust defence against cyber threats.
𝐂𝐨𝐧𝐭𝐚𝐜𝐭 𝐮𝐬 𝐭𝐨𝐝𝐚𝐲 𝐟𝐨𝐫 𝐚 𝐟𝐫𝐞𝐞 𝐜𝐨𝐧𝐬𝐮𝐥𝐭𝐚𝐭𝐢𝐨𝐧.
Despite the high level of protection in hospital environments, the increasing number of cyber medical devices accessible from external networks for support and patching purposes poses a significant risk. Our discussion culminated in a list of recommendations to strengthen hospital cybersecurity considering these devices. Here it is:
1️⃣ Segment networks to isolate cyber medical devices, especially those accessible from external networks.
2️⃣ Limit device communication to essential systems, using secure channels and a least-privilege approach.
3️⃣ Manage legacy systems with strict controls, verbose logging, monitoring, and continuous vulnerability scanning tools.
4️⃣ Provide continuous staff training to recognize, report, and prevent security threats.
5️⃣ Collaborate with medical device manufacturers to implement a comprehensive cybersecurity management plan for the devices.
Given the increasing connectivity of medical devices to external networks, addressing cybersecurity risks is crucial for maintaining the hospital's secure environment.
At MedSec Testing, we provide specialized testing and support to identify vulnerabilities and help organise a comprehensive cybersecurity management plan for medical devices, ensuring compliance and a robust defence against cyber threats.
𝐂𝐨𝐧𝐭𝐚𝐜𝐭 𝐮𝐬 𝐭𝐨𝐝𝐚𝐲 𝐟𝐨𝐫 𝐚 𝐟𝐫𝐞𝐞 𝐜𝐨𝐧𝐬𝐮𝐥𝐭𝐚𝐭𝐢𝐨𝐧.
