20 Oct 2020

Edge Computing Part 2: Protecting Medical Devices and the Network from Cyberattack

By Christophe Dore and Robert Cohen

Cybercriminals are exploiting vulnerabilities and uncertainties surrounding COVID-19 to launch a new barrage of cyberattacks, including at healthcare organizations, according to INTERPOL. Most of these cyberattacks involve the hacker obtaining access to the hospital’s network through a fraudulent email that appears to be from a health official, vendor or colleague. Once on the hospital network, if no additional layer of security is present, then cybercriminals may have free rein into any information system or device. One cost-effective and efficient way to provide additional network security is using edge computing.

In part one of our blog on edge computing, we wrote about its advantages related to data resiliency and workflow efficiency. In part two, this post, we explore the security advantages of edge computing and how hospitals can easily fortify the protection around devices and data without the burden commonly associated with segmentation and erecting other barriers in an enterprise network.

Cyberattacks are Common and Costly

In a survey of 232 security decision-makers in healthcare, 82% reported they have experienced an Internet-of-Things (IoT) focused cyberattack in the past year. Of those organizations attacked, 30% reported experiencing compromised end-user safety, 43% operational downtime, 42% compromised patient data and 31% brand or reputational damage.

Cybercriminals can often obtain access to healthcare IoT devices by infiltrating the main network through an email phishing attack, similar to tactics INTERPOL recently described in its report. Hackers can then gain access to other assets through the devices themselves, by identifying the weak spots in the network or device security (this is called “island-hopping”).

From one weak asset to the next, cybercriminals can then penetrate the rest of the network, and do whatever harm they see fit, such as blocking access to the devices until the hospital agrees to pay a ransom (ransomware), reselling stolen data on the dark web, or a combination of crimes. According to a 2020 IBM report, the average total cost of a breach in healthcare is $7.13 million – the highest of all industries – where 50% of these breaches are due to malicious activities, as opposed to accidents or negligence. Healthcare is also the industry that struggles the most to identify and recover from a breach.

Segmentation Without the Burden

One security option to prevent device access is to remove them from the network. While simple, cutting off thousands of devices across a hospital from the larger data pool would result in a loss of valuable information that could be analyzed to predict health deterioration at the patient level as well as disease trends that could lead to better outcomes across populations. Moreover, many modern hospitals rely on networked monitors to allow monitoring from a central location, saving time and resources while still providing the same level of care that would otherwise require someone to be at the bedside. It would be unthinkable to sacrifice patient care or lose valuable clinical insight just for the sake of security.

Another option is to segment the network, partitioning the devices from other information systems that do not require direct access. Network partitioning, however, is a time-consuming and complex initiative that healthcare IT professionals, with numerous other projects as well as daily maintenance, testing and upgrades, may not be able to fit into their busy schedules. The complexity of this task includes initiating the segmentation, but also maintaining it as new devices are added or redeployed. This can lead easily to either a sub-optimal segmentation – still allowing island-hopping attacks – or an over-segmentation – preventing dataflow and interfering with clinical operations.

Create Secure Mini-Networks

While segmenting the network is effective at blocking cybercriminals, a simpler solution is available through edge computing. As we explained in part one, an edge computing model in healthcare facilities removes the requirement of a networked central server to collect and analyze data from the patient’s bedside. Instead, the data captured from the numerous devices at the bedside can drive safe and more rapid clinical decisions, regardless of its network connection.

Through edge computing, hospitals can create a secure “mini-network” around a patient that includes the medical devices but offers an additional safeguard by remaining untethered to the main network. The edge computer connects the two networks – the mini-network and the main network with the electronic health record – and controls which data needs to flow from one network to the other at the application level, not at the network level. Doing so, the “mini network” made of the medical devices, critical assets for patient care, is totally invisible from the main network. The edge computer offers additional security by controlling the data exchange at the application level instead of at the network level where the data is more vulnerable.

In addition, the real-time data analysis and alerting occurring at the point of care can move hospitals past patient monitoring to true clinical surveillance, which allows clinicians to identify and even predict health deterioration to optimize care and prevent adverse events.

While clinical surveillance is expected inside intensive care and other critical care units, edge computing makes this level of patient oversight feasible throughout the hospital – without additional staff or complex network segmentation projects that need to be updated every time a new device is added.

A Simpler Way to Segment

An edge computing environment is easily achieved using Capsule’s Medical Device Information Platform (MDIP). Capsule’s MDIP offers the security of network segmentation, but without the upfront burden or the continued maintenance and adjustments as new devices are added. Capsule’s Neuron 3, part of the MDIP, connects as many as nine medical devices, capturing and encrypting data so that it is secure. Although nine devices are connected, only the Neuron 3 is visible on the network, and none of the medical device protocols are exposed on the network. Instead, the Neuron 3 manages locally the conversations with the medical devices.

Cybercrime, like any sort of organized crime, is a business – hackers do not want to invest their time for very little, or no, return on that investment. A medical device integration based on edge computing streamlines and optimizes the flow of information for improved surveillance and clinical-decision-making, but also offers, by design, significantly higher protection for medical devices, the most critical devices for patient care.

Simpler integration, point-of-care access to data and intelligence with lower risk to data security is why more healthcare organizations are transitioning to edge computing enabled through solutions such as Neuron 3 and Capsule MDIP.

About the authors

Christophe Dore is the Cybersecurity Manager at Capsule Technologies.

Robert Cohen is the Senior Product Manager for Edge Computing at Capsule Technologies.

Learn more about how MDIP can protect your data while enabling clinicians to practice more efficiently.