• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Social Distancing for Medical Devices: 5 Steps to Clinical Network Segmentation to Thwart Cyber-Attacks

by Leon Lerman, Cynerio CEO and Co-Founder 06/25/2020 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print
Do We Know When Medical Devices Fail?
Leon Lerman, Cynerio Co-Founder and CEO

Since the beginning of 2020, cyber-attacks have spiked by 300%. As members of the world’s most targeted industry, healthcare organizations like hospitals, clinics, pharmacies, and distributors of medical equipment are more at risk now than ever. 

Even if an attack isn’t directly targeted at connected medical (or, Internet of Medical Things: IoMT) devices, it can spread through a hospital’s internal network and infect equipment used to diagnose and treat patients such as IV pumps, patient monitors, ventilators, and X-Ray machines.

As John Riggi, the American Hospital Association’s (AHA) senior adviser for cybersecurity and risk put it: “Worst-case scenario, life-saving medical devices may be rendered inoperable.” 

The best way for hospitals to prevent cyber attacks and safeguard IoMT devices from infection is by separating or virtually distancing, the most vulnerable and critical devices from each other. This is called network segmentation. 

Here are some practical steps hospitals can take to segment their clinical networks, decrease the attack surface, and safeguard patients from cyber attacks:

1. Define who is responsible

Traditionally, medical device security has been the responsibility of biomedical engineering equipment specialists. However, with the increasing prevalence of IoMT devices and the rise in healthcare-targeted cyber attacks, hospital IT teams have had to take a more active role in medical device security. As a result, close alignment between the IT and biomed teams is needed to devise and enforce safe and effective security policies for clinical networks. 

Securing medical devices and aligning IT and biomed teams have given rise to the need for a single, final decision maker on IoMT cybersecurity policy. Some larger institutions have gone as far as to create the role of Medical Device Security Officer (MDSO) to take direct responsibility for medical device security across a hospital’s entire clinical network.

2. Create a reliable equipment inventory

It’s impossible to set a network segmentation policy without an up-to-date inventory of a hospital’s connected medical devices, profiles on each device, and a deep understanding of communications and utilization patterns. 

Automated inventory tools must also be able to conduct ongoing inventory and profiling of devices with an understanding of IoMT-device behavior, device criticality, and medical device vulnerabilities. 

3. Assess the relative risk for each device

Risk scores should be calculated according to device criticality and medical impact. Risk assessment should be ongoing and continuously monitor the network for anomalous behavior. In order to assess the risk, the following factors must be taken into account:

– Communications with external servers required for normal device functionality (i.e. vendor communications)

– If the device stores and sends ePHI: Does the device need to store and send ePHI, and for what purpose?

– Device utilization patterns

– Does the device run an unsupported OS or have any known vulnerabilities? If so, are patches available or is segmentation the only way to secure the device?

4. Check industry guidelines and regulations

Hospitals could face millions in fines if they fail to comply with federal and state regulatory standards. Fiscal damage aside, failing to follow cybersecurity guidelines places medical devices at risk and could compromise patient safety, business integrity, and a hospital’s reputation.

Guidelines and regulations involving healthcare and medical devices are routinely updated. In order to remain compliant, hospitals must keep a close eye on regulatory standards and updates released by state federal institutions, including:

– The Food and Drug Administration (FDA)

– The Medical Device Information Sharing and Analysis (MDISS) Initiative

– The Health Insurance Portability and Accountability Act (HIPAA)

5. Devise, validate, and enforce segmentation policies

Segmentation policies should be put in place to reduce the attack surface and stop potential threats. Network segmentation can also help networks run more smoothly by limiting traffic to designated areas and reducing the network load. 

However, before any segmentation policy is enforced on the clinical network, it should be tested for safety and efficacy. Hospital security teams should always validate segmentation policies before enforcing them on the live network to ensure the continuity of medical services and clinical operations. 

Clinical Network Segmentation As a Mainstay of Healthcare Business Integrity

Network segmentation can secure critical medical devices, improve clinical network capacity and avoid network overload, and ensure patient safety as long hospitals maintain a disciplined and consistent approach to device discovery, risk assessment, and preventive action. Beginning a network segmentation project as soon as possible will help to fortify the healthcare industry against present and future cyber threats, safeguard patients and business integrity and help prepare for unforeseen crises to come.


About Leon Lerman Co-Founder and CEO –  Cynerio

Leon brings over a decade of experience in cybersecurity enterprise sales, channel sales, and business development to establish Cynerio as a leading vendor in the healthcare cybersecurity space. Prior to Cynerio, Leon was director of sales at Metapacket, where he led go-to-market strategy and execution. Prior to that, Leon held sales and sales engineering positions at RSA security, helping the largest enterprises in the region to solve their security problems. Leon served as an expert intelligence officer at 8200 in the Israel Defense Forces.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: American Hospital Association, behavior, Biomedical Engineering, Connected Medical Devices, Cybersecurity, Cynerio, FDA, health insurance, HIPAA, integrity, Medical Device, Medical Devices, patient safety, risk

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Kinetik CEO Sufian Chowdhury on Fighting NEMT Fraud & Waste

Most-Read

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

'Cranky Index' Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

‘Cranky Index’ Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

5 Ways New Trump Administration Tariffs Are Impacting U.S. Healthcare Now

5 Ways Trump Administration Tariffs Are Impacting U.S. Healthcare Now

iCAD, GE HealthCare Integrate to Advance Breast Cancer Detection with AI

RadNet to Acquire iCAD for $103M in All-Stock Transaction

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |