Palo Alto Networks announces medical IoT security to protect connected devices critical to patient care

As healthcare providers use digital devices such as diagnostic and monitoring systems, ambulance equipment, and surgical robots to improve patient care, the security of those devices is as important as their primary function. Palo Alto Networks has announced Medical IoT Security the most comprehensive Zero Trust security solution for medical devices enabling healthcare organisations to deploy and manage new connected technologies quickly and securely. Zero Trust is a strategic approach to cybersecurity that secures an organisation by eliminating implicit trust by continuously verifying every user and device.

“The proliferation of connected medical devices in the healthcare industry brings a wealth of benefits, but these devices are often not well secured. For example, according to Unit 42, an alarming 75% of smart infusion pumps examined on the networks of hospitals and healthcare organisations had known security gaps,” says Anand Oswal, senior vice president of products, network security at Palo Alto Networks. “This makes security devices an attractive target for cyberattackers, potentially exposing patient data and ultimately putting patients at risk.”

While a Zero Trust approach is critical to help protect medical devices against today’s innovative cyberthreats, it can be hard to implement in practice. Through automated device discovery, contextual segmentation, least privilege policy recommendations and one-click enforcement of policies, Palo Alto Networks Medical IoT Security delivers a Zero Trust approach in a seamless, simplified manner. Medical IoT Security also provides threat protection through seamless integration with Palo Alto Networks cloud-delivered security services, such as Advanced Threat Prevention and Advanced URL Filtering.

The new Palo Alto Networks Medical IoT Security uses machine learning (ML) to enable healthcare organisations to:

  • Create device rules with automated security responses: Easily create rules that monitor devices for behavioral anomalies and automatically trigger appropriate responses. For example, if a medical device that typically only sends small amounts of data unexpectedly begins to use a lot of bandwidth, the device can be cut off from the internet and security teams can be alerted.
  • Automate Zero Trust policy recommendations and enforcement: Enforce recommended least-privileged access policies for medical devices with one click using Palo Alto Networks Next-Generation Firewalls or supported network enforcement technologies. This eliminates error-prone and time-consuming manual policy creation and scales easily across a set of devices with the same profile.
  • Understand device vulnerabilities and risk posture: Access each medical device’s Software Bill of Materials (SBOM) and map them to Common Vulnerability Exposures (CVEs). This mapping helps identify the software libraries used on medical devices and any associated vulnerabilities. Get immediate insights into the risk posture of each device, including end-of-life status, recall notification, default password alert and unauthorised external website communication.
  • Improve compliance: Easily understand medical device vulnerabilities, patch status and security settings, and then get recommendations to bring devices into compliance with rules and guidelines, such as the Health Insurance Portability Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and similar laws and regulations.
  • Verify network segmentation: Visualise the entire map of connected devices and ensure each device is placed in its designated network segment. Proper network segmentation can ensure a device only communicates with authorised systems.
  • Simplify operations: Two distinct dashboards allow IT and biomedical engineering teams to each see the information critical to their roles. Integration with existing healthcare information management systems, like AIMS and Epic Systems, helps automate workflows.

Healthcare organisations are using Palo Alto Networks products to secure the devices that deliver cutting-edge care to millions of patients all over the world.

“Establishing and maintaining acute situational awareness of the Internet of Medical Things (IoMT) environment is paramount to establishing an effective enterprise cybersecurity program. The ability to accurately detect, identify and respond to cyber threats is critical to ensuring minimal operational impact to clinical operations during a cyber event,” says Tony Lakin, CISO, Moffitt Cancer Centre. “Palo Alto Networks IoT capability seamlessly integrates with our continuous monitoring processes and threat-hunting operations. The platform consistently provides my teams with actionable information to allow them to proactively manage the threat surface of our medical device portfolio.”

“With thousands of devices to manage, healthcare environments are extremely complex and require intelligent security solutions capable of doing more. Palo Alto Networks understands this requirement and is leveraging machine learning (ML) for Medical IoT security. Adding intelligence will enable providers to improve operational efficiency, which will enhance patient and practitioner experience and alleviate the burden of an ongoing IT skills shortage,” says Bob Laliberte, principal analyst, ESG.

“Healthcare providers continue to be high-value targets for attackers. This reality, combined with the diversity of medical IoT devices and their inherent vulnerabilities, points to a real need for device security that is purpose-built for healthcare use cases. The ability to defend against threats targeting critical care devices while maintaining operational availability and strengthening the alignment of device governance responsibilities between IT and Biomed engineering teams is quickly becoming a necessity for the protection of patient data and lives,” says Ed Lee, research director, IoT and Intelligent Edge Security, IDC.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Aeris to acquire IoT business from Ericsson

Posted on: December 8, 2022

Ericsson and Aeris Communications, a provider of Internet of Things (IoT) solutions based in San Jose, California, have signed an agreement for the transfer of Ericsson’s IoT Accelerator and Connected Vehicle Cloud businesses.

Read more

Telenor IoT passes milestone of 20mn SIM cards

Posted on: December 8, 2022

Telenor, the global IoT provider and telecom operator, has experienced rapid growth over the last years and ranks among the top 3 IoT operators in Europe and among the top IoT operators in the world. The positive development is due to an accelerated pace of new customers combined with a successful growth of existing customers’

Read more
FEATURED IoT STORIES

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

Talking Heads: The M2M Doctor is in the House

Posted on: December 26, 2013

Mobile health is M2M at its most rewarding. So says, Dan MacDuffie CEO of Wyless (left). And he should know, his managed services company has achieved 50% yearon- year growth recently and a growing portion of that is in mHealth and Wellness services. He’s certain we’re standing on the threshold of a new generation of health services that cut delivery costs, extend the reach

Read more

Talking Heads: mHealth gains ground as one-stop shops and M2M with ‘wired safety net’ bring efficient patient monitoring

Posted on: December 23, 2013

For years analysts have touted mobile healthcare as a huge opportunity for those offering machine-to-machine communication (M2M) services. Truth be told, the progress so far has been patchy, at best. So M2M Now asked Alexander Bufalino, SEVP Global Marketing at Telit, to describe the hurdles in the way of M2M mHealth, how they are now being overcome and what

Read more

Unlocking the total value of M2M

Posted on: December 19, 2013

Do you ever wonder why people and organisations invest in machine-to-machine communications (M2M) and the Internet of Things (IoT), asks Fred Yentz? Reasons may differ somewhat across industry segments but in most cases they fall in one or more of three categories: To make money, to save money or to be compliant. ILS Technology is squarely focused on helping

Read more

Paving the way to the Internet of Things

Posted on: December 17, 2013

Combining the ARM computing engine with location-awareness and wireless connectivity It’s set to be the Perfect Storm: The rapid growth of high-speed cellular networks and the introduction of IP version 6 which has enough IP addresses for every grain of sand on Earth. Add to this mix the proliferation of the ARM embedded computing architecture, now the de facto global

Read more

What’s the ‘real deal’ on the Internet of Things?

Posted on: December 16, 2013

The ‘Internet of Things’ buzzword appears to have picked up steam during the past several months as large players such as GE and Cisco have touted their stories on the growing number of connected devices. But, as Alex Brisbourne of KORE asks, how different, if at all, is the Internet of Things when compared with other connected device markets,

Read more

M2M Now Magazine December 2013 Edition

Posted on: December 5, 2013

M2M Now magazine explores the evolving opportunities and challenges facing CSPs across this sector. Our exclusive interviews pass on some key lessons learned by those who have taken the first steps in next gen Machine to Machine (M2M) services. In the latest issue: TALKING HEADS: Alexander Bufalino of Telit tells how one-stop shops and M2M with a ‘wired

Read more