Securing Operational Technology in Healthcare — Introducing a New Module

Healthcare pharmacy

Current Healthcare Cybersecurity Landscape

The global healthcare industry is vastly diverse, encompassing areas such as provider services and managed care, pharmaceuticals and biotechnology, distributors and facilities, along with supplies and equipment. With that, the digital transformation of healthcare data, remote data interchange and storage, along with the overall medical-related technological advancements have made the industry particularly susceptible to cyberattacks.

In fact, early 2023 research conducted by Check Point revealed that healthcare is one of the top three industries most at risk for cyberattacks. Within the past year, “the healthcare sector experienced a significant rise in attacks with an average of 1,684 attacks per week, marking a substantial year-over-year increase of 22%.” Furthermore, a collaborative effort between Health-ISAC and Booz Allen Hamilton identified and ranked the top five great cybersecurity concerns facing multiple healthcare subsectors for 2022 and 2023 as the following:

  1. Ransomware Deployment
  2. Phishing/Spear-Phishing Attacks
  3. Third-Party/Partner Breach
  4. Data Breach
  5. Social Engineering

How Operational Technology Impacts Healthcare Cybersecurity

While cyber adversaries continue to aggressively target healthcare-related organizations for sensitive and valuable patient and corporate data, the realm of operational technology (OT) has emerged as an area requiring additional safeguarding. Generally thought of as managing and supporting systems used in industrial operations, such as oil, gas, water, and electric monitoring to manufacturing facilities and other critical infrastructure environments, OT has quickly expanded within the healthcare sector.

The convergence of Internet of Things (IoT) and Internet of Medical Things (IoMT) has resulted in a greater OT landscape than the traditional efforts of simply maintaining safe and secure healthcare environments through means such as physical access controls. IoMT components comprising today’s healthcare OT environment include medical devices and equipment, software applications, and the associated connectivity technologies, such as the following:

  • Wearable blood pressure, glucose, and heart monitoring devices
  • Smart thermometers, inhalers, and insulin pumps
  • Ingestible sensors
  • Remote patient care and Health & Wellness apps
  • Critical equipment monitoring

The integration of IoMT components has impacted the healthcare sector by enabling streamlined workflows and often decreasing operating expenses, while enhancing patient monitoring and care. However, all of this comes with the necessity to understand the increased exposure of the environment to cybersecurity threats. Since security is often not built into the design of many IoMT devices, vulnerabilities exist.

In addition, there are other similar concerns, such as cloud storage and web and mobile application misconfigurations, and poor or no authentication controls. Cyber adversaries have motivations ranging from financial to political to simply causing service disruption and they are constantly evolving and innovating their attack tools and tactics. Given this, visibility and monitoring of network-connected devices is necessary in a healthcare OT environment, where availability, reliability, and operational efficiency are a priority.

Introducing the Release of LogRhythm’s Healthcare (OT) Module

The LogRhythm SIEM platform collects, normalizes, correlates, and analyzes events from hundreds of data sources. By harnessing these functions, security teams are better able to monitor, investigate, and report on operating and security events within an organization’s environment. In an effort to assist healthcare organizations to actively identify and mitigate cyber risks within their unique OT environment, LogRhythm Labs has released a Healthcare (OT) Module. The module consists of a collection of thirty AI Engine rules that alert on events such as critical system shutdowns, door authentications, device firmware and configuration changes, known device software vulnerabilities, default/weak device passwords, new hardware and medical device detections, device software installations/updates, and more. In addition, a Web Console dashboard, designed around monitoring system, medical device, and physical access resources, and a report is provided to summarize AI Engine rule alarm activity.

The LogRhythm Healthcare (OT) Module was released in Knowledge Base 7.1.681.0 and the associated module documentation and Deployment and User Guides are located on LogRhythm Community. Finally, the module dashboard is also available for download via the Dashboards section under Shareables on LogRhythm Community.

If you’re interested in learning more about how LogRhythm can help secure healthcare organizations, request more information here.