A Security Fabric for Digital-Age Healthcare: A Preview of HIMSS 2018

With new innovative health tools being developed regularly, healthcare and IT professionals are tasked with ensuring they are adopted, deployed, and used in the most efficient and effective way possible. HIMSS, the Health Information and Management Systems Society, facilitates this execution by bringing together its community of 70,000 individual members, 630 corporate sponsors, and 450 nonprofits to collaborate and learn from each other, as well as from experts in the field, to improve care initiatives through digital capabilities.  

HIMSS 2018 Conference

HIMSS 2018 will be held this year on March 5-9th at the Sands Expo Center in Las Vegas. Fortinet is excited to be attending this event yet again to meet with healthcare IT professionals standing on the front lines of digital transformation initiatives at their organizations, and to attend the various workshops, roundtables, and keynotes presented by thought leaders.

We are also looking forward to meeting attendees on the exhibit floor at our booth, #3210. Conference attendees can visit our team to receive demos of our latest healthcare network defense solutions, as well as to set up meetings with Fortinet team members.

In addition to attending talks and meeting healthcare professionals, Fortinet will also be hosting a lecture on securing medical IoT devices.

Secure from the Start 

Secure from the Start: Why Medical IoT Needs Protection Now, led by Ladi Adefala, Fortinet’s Senior Security Strategist, and Hussein Syed, CISO at RWJBarnabas Health, will be held March 9th, from 12:00 – 1:00 PST.

These two healthcare cybersecurity leaders will examine how medical IoT improves patient care and medical research capabilities through data collection, analysis, and storage capabilities, but also simultaneously open up patients and healthcare organizations to increased cyber risks. They will then discuss how healthcare organizations can address these risks moving forward in order to continue to give patients the best possible care without compromising the security of their data.

Session location: Venetian Convention Center, Marcello 4401

Medical IoT Risks

Medical IoT devices have generally been designed to perform their medical function, with little focus put on other necessary capabilities such as security. Far too often, medical IoT devices are distributed with no endpoint security and outdated, vulnerable OSes and applications. Hackers have taken notice of this trend, and are now actively targeting these devices to establish a foothold in healthcare networks to facilitate locating and exfiltrating valuable data.

As our presenters will point out, vulnerable medical IoT devices can be used as a back door to “land and expand” using three basic steps:

  1. Reconnaissance: Cybercriminals search for known instances of vulnerable devices.
  2. Exploit: Armed with knowledge of vulnerable devices, cybercriminals will exploit them through vulnerabilities and architectural flaws.
  3. Expand: After successfully compromising an IoT device, cybercriminals will move laterally across the network to exploit additional vulnerabilities and gather information.

To break this cycle and ensure the protection of patient data, healthcare organizations have to secure these at-risk devices with additional security controls.

Integrated Security for Medical IoT

In the healthcare space, security and resource allocation for IoT devices moves beyond business critical to, in some cases, lifesaving. In these environments, legacy point solutions can’t be relied on to provide the cohesive visibility, security, and service assurance across the entire network that today’s medical IoT devices require. As the IoT expands, securing it must evolve beyond simply onboarding and classifying devices. It requires the allocation of necessary network resources, provisioning, or service assurance around operational functionality.

To achieve this, medical IoT requires a fabric approach to security, with every element of security and infrastructure working together to evaluate and mitigate threats at every intersection across the elastic and distributed network.

To learn more about this architectural fabric approach, attend our presentation or visit our booth during the show.

Final Thoughts

HIMSS is fast approaching. Fortinet stands ready and is committed to assisting healthcare IT executives with technology, services, and best-of-breed third-party solutions for threat prevention, detection, and response. We are excited for the opportunity to meet and work with healthcare professionals to address their IT challenges and improve and secure overall patient care.

We hope to meet many attendees at this year’s show. Fortinet Booth: #3210

Read more about Fortinet solutions for healthcare.