Palo Alto Networks Moves to Secure Medical Devices
Palo Alto Networks today extended the reach of its secure access service edge (SASE) platform to medical devices that are running either in a hospital setting or at home.
Xu Zou, vice president of IoT security products for Palo Alto Networks, said in the wake of the COVID-19 pandemic, more health care organizations are remotely monitoring patients using a variety of internet-of-things (IoT) devices rather than requiring hospital stays. At the same time, however, cybercriminals are targeting medical records for the purpose of committing fraud, which are worth a lot more than credit card numbers.
The Medical IoT Security service, scheduled to be available next month, enables health care organizations to secure IoT devices by applying rules that monitor devices for behavioral anomalies and automatically trigger appropriate responses. That capability eliminates the need to install agent software or use a software development kit (SDK) to secure those devices, noted Zou.
The goal is to enable the creation of a zero-trust IT environment with a single click using least-privilege access policies for medical devices that can be maintained by Palo Alto Networks Next-Generation Firewalls embedded within the company’s SASE service, he explained. Those firewalls can also be used to apply microsegmentation to IoT devices within a hospital environment, said Zou.
In addition, cybersecurity teams can use the Medical IoT Security service to access a software bill of materials (SBOM) that can be mapped to a database of common vulnerabilities and exposures (CVEs) to remediate vulnerabilities faster. That capability provides immediate insights into the risk posture of each device including end-of-life status, recall notification, default password alert and unauthorized external website communication.
Finally, the Medical IoT Security services will also surface recommendations to bring devices into compliance with rules and guidelines such as the Health Insurance Portability Accountability Act (HIPAA).
The Medical IoT Security service is also designed to be integrated with existing health care information management systems to help automate workflows. Most of those workflows are now being managed by a dedicated biomedical engineering team that specializes in managing health care systems, noted Zou.
The Medical IoT Security service combines Palo Alto Network’s core SASE platform with an IoT security platform it gained with the acquisition of ZingBox in 2019. In the month ahead, Palo Alto Networks will apply this same approach to secure IoT devices across a wider range of vertical industry segments, said Zou.
IoT devices, in general, are being targeted by cybercriminals who are continuously scanning networks for vulnerabilities. The primary goal is to install malware that can then laterally spread through the rest of the enterprise. The challenge is that malware may lie dormant for months before it is activated, which means organizations can suddenly find themselves under attack from multiple vectors that are difficult to determine and thwart. In the case of health care organizations, those attacks can put lives at risk, noted Zou.
It’s too early to say how the relationship between IT, cybersecurity and biomedical engineering teams in the health care sector will evolve in the face of these attacks but it’s clear the need to address cybersecurity in the health care sector has become critical.
