Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
The healthcare industry is increasingly relying on real-time decision making, using data from a wide range of sources, such as electronic medical record (eMR) systems, medical devices, mobile and remote services, etc., to improve patient care and outcomes. We sat down to talk about what this move means for the industry and show how the health systems can get the insights and control they need to keep patient data and care safe. Key takeaways from that discussion follow, but if you are interested in seeing a detailed demo of the Medigate and Splunk solutions, you can also access the on-demand webinar, "Gaining Control Over Medical and IoT Devices."
It takes a lot of data — about all the devices within the healthcare delivery organization (HDO) to make real-time decision-making work. These devices make up the modern, hyper-connected HDO, as health information systems interact with the critical care-delivery infrastructure over the same converged network. This results in private and sensitive data (PHI) being stored and transmitted by various unmanaged endpoints, including tens of thousands of medical, IoMT, and IoT devices on the hospital’s network. In light of this, it is extremely important for health systems to protect all the devices within their operations to ensure patient data and, ultimately, care remains safe and reliable.
Unfortunately, that’s easier said than done. In 2019, cyberattacks on health systems jumped 60%; this year, healthcare delivery organizations continue to be a target. Most of these attacks exploit human weaknesses in some form or another ― they try to trick users (e.g., click on a link, open an attachment, go to a malicious site, etc.) or leverage bad practices (e.g., use easy to guess passwords, delay patching vulnerabilities, etc.) to gain entry. HealthITSecurity reported that an assessment of successful ransomware attacks at 50 hospitals found that:
To make sure health systems can protect their data and devices, they need to:
Medigate and Splunk have partnered to deliver a comprehensive clinical SOC solution that gives health systems the real-time data needed to detect, manage, and respond to cybersecurity events to keep their patient data and care safe. The information captured and analyzed by Medigate on the connected medical and IoT devices active in the environment, network communications, and risks detected are fed into Splunk’s Enterprise Security (ES) to enable sophisticated investigations and facilitate effective playbook development, incident response, and remediation activities.
This healthcare-dedicated solution provides clinical context and relevance, so health systems know exactly what findings mean and can take action to improve the security of their operations. It starts with the ability to accurately detect and thoroughly investigate suspicious medical device communications, based on a precise understanding of manufacturer-intended behaviors and clinical workflows. These anomalies are correlated with intel from other IT sources to trace the potential attack vector from end-to-end. Finally, by creating a clinically-based playbook on Splunk Phantom, Medigate and Splunk make it easy for healthcare organizations to automatically pinpoint a device’s location, analyze its current utilization, and alert clinical engineering personnel to quickly remediate any threats.
To see a full demo of this powerful integration, watch the full webinar on-demand.
This blog was written by Stephan Goldberg, VP of System Engineering, Medigate, and Ramik Chopra, Global Industry Lead for Healthcare, Splunk.