Feature | Cybersecurity | February 12, 2019 | By Greg Freiherr

The One Step Providers Must Take To Achieve Cybersecurity

Company seeks to make imaging devices less vulnerable

Networked medical devices at a health care provider and their vulnerability to cyber attack, as seen in a screenshot of a display created by the Medigate platform

Networked medical devices at a health care provider and their vulnerability to cyber attack, as seen in a screenshot of a display created by the Medigate platform. Image courtesy of Medigate


Cybersecurity is being defined by a kind of arms race.

On one side are the hackers with malware, some off the shelf, some custom made to create chaos in healthcare. On the other are cybersecurity defenders that try to keep malware at bay with shields and intrusion detectors.

From the Cybersecurity Command Center and in the Innovation Live area on the exhibit floor of the annual meeting of the Healthcare Information and Management Systems Society (HIMSS), a cybersecurity firm called Medigate showcased a hardware-software platform that can help health care providers defend against hackers. When installed on medical device networks, the platform can detect early signs of attack and potentially harden vulnerable equipment.

In a pre-HIMSS interview with Imaging Technology News, the company’s chief executive emphasized that, before this can happen, the information technology team and administrators of healthcare provider must understand its network of medical devices. The Medigate technology is specifically designed to make interconnected medical devices visible, said Medigate CEO Jonathan Langer. “It is the crucial first step” toward strengthening networked medical devices against cyber attack.

The company, which is headquartered in New York and conducts R&D in Israel, has identified tens of thousands of devices for dozens of health care systems, many in the U.S. and Canada. Corporate partners include Palo Alto Networks and Cisco.

Medical devices are most vulnerable, Langer said, if security flaws in their operating systems have not been adequately patched. This may be so because security patches, provided by the maker of the operating systems, were not adequately installed or because the software maker had stopped developing such patches because the operating systems had become obsolete.

Unpatched medical devices are common. And, if these devices are compromised, the impact can be devastating to both the institution and its patients.

“All of a sudden a medical device or an imaging device can be unavailable,” he said. “That can have a huge impact on a hospital’s operation.”

And this could be the least of the hospital’s problems. Cyberattackers may infect a hospital network with ransomware, which encrypts data, holding it hostage until the hospital pays for decryption. Alternatively, the attacker may be searching for patient information stored on archives.

“Cyber attackers may be looking for weak links in the network to reach this information,” Langer said. “So it can pivot from imaging (scanners) to the PACS, which holds an abundance of data, or to the EMR, which is a huge repository of highly valuable data.”

 

How Medigate Fights Cyber Crime

Langer got interested in cybesecurity while serving with the Israel Defense Forces. He later worked as vice president of technology at New York-based CyGov, which provides cyber defense solutions. Now, as the leader of Medigate, which he co-founded, Langer is warning the medical community about devices that are particularly vulnerable to attack — and how the protection for these devices can be improved.

Medigate makes a hardware-software combination — called, simply, the Medigate platform — that can mitigate the danger. The platform, which has both on-premise and cloud components, can be fine tuned to the operation of the healthcare provider.

When installed, it looks for the kind of behavior that signals an ongoing attack — for example, an incubator in the neonatal intensive care unit trying to communicate with an MRI scanner. The concern in this case would be that malware might have turned the incubator into a digital zombie or bot with the mission to infect or disable the MRI.

It also looks for subtle signs of suspicious behavior. These might, for example, look innocuous, digital traffic between a device and its manufacturer. Yet, such traffic might be the result of a successful cyber attack on the manufacturer.

“We alert the hospital to any remote connectivity so it is up to them from a policy perspective to either approve or disapprove of (the contact), he said.

 

Making Medical Devices Visible

Before the software can detect such threats, it maps all the interconnected medical devices. A large hospital may have a thousand or more of these devices, each of which exhibits a clearly visible “fingerprint,” Langer said — if you know where to look.

“Our discovery process gives us a good understanding of exactly what medical devices are installed and what their technical attributes are,” he explained.

The software can determine the make and model of each medical device on the network, as well as its operating system; current software version; and whether its security is at risk.

Not only does this map provide the basis for detecting the early signs of an attack, it identifies networked devices that Medigate can harden. Once vulnerable targets are found, Medigate can install “compensating controls” to help secure them.

Although nothing can completely protect “unpatched” medical devices, for example, the compensating controls from Medigate provide an additional layer of security. This may be achieved by segmenting the vulnerable devices or establishing additional firewalls for their protection.

Langer said he hopes people attending HIMSS will realize that enormous value can be derived simply by mapping networked devices. Identifying vulnerabilities must be done, if attacks are to be blunted.

“Network visibility is really the fundamental foundation of any cybersecurity program specific to medical devices,” he said. “Without that visibility, you’re just chasing a ghost.”

 

Related content:

How to Boost Cybersecurity in Medical Imaging

Cybersecurity Threats in Medical Imaging 

Medical imaging systems need more cybersecurity 

 

Editor's note: In preparation for the upcoming HIMSS (Healthcare Information and Management Systems Society) Conference on Feb. 11, contributing editor Greg Freiherr begins the show coverage with this exclusive podcast and accompanying blog. This is the final podcast in a series of three. You can listen to the first podcast, Hear and Now: How to Boost Cybersecurity in Medical Imaginghere. You can listen to the second podcast, Hear and Now: AI and Imaging, Your Data as Strategic Assethere.

Related Content

The Radiological Society of North America (RSNA) has launched the 2024 RSNA Lumbar Spine Degenerative Classification AI Challenge. RSNA organizes AI challenges to spur the creation of AI tools for radiology and improve patient care.
News | RSNA
RSNA Launches Lumbar Spine Degenerative Classification AI Challenge

May 29, 2024 — The Radiological Society of North America (RSNA) has launched the 2024 RSNA Lumbar Spine Degenerative ...

Time May 29, 2024
arrow
Expands access to iCAD’s AI-powered ProFound Breast Health Suite and Densitas’ AI solutions to patients and medical professionals worldwide
News | Breast Imaging
iCAD and Densitas Partner to Enhance Precision Breast Health with Leading AI Solutions for Mammography Quality, Cancer Detection, and Risk Evaluation

May 28, 2024 — iCAD, Inc., a global leader in clinically proven AI-powered cancer detection solutions, announced a ...

Time May 28, 2024
arrow
 International medical imaging IT and cybersecurity company Sectra’s enterprise imaging solution has been selected by the university hospital Hospital Universidad del Norte, in Colombia
News | Enterprise Imaging
Prestigious Colombian University Hospital First to Use Sectra’s Enterprise Imaging Solution in Latin America

May 24, 2024 — International medical imaging IT and cybersecurity company Sectra’s enterprise imaging solution has been ...

Time May 24, 2024
arrow
Brandon Suh, CEO of Lunit, a provider of Artificial intelligence (AI)-powered solutions for cancer diagnostics and therapeutics, today announced the successful completion of its acquisition of Volpara Health Technologies, a global developer of medical software for breast cancer screening.
News | Artificial Intelligence
Lunit Announces Completion of Volpara Acquisition to Advance AI-driven Cancer Care

May 22, 2024 — Lunit, a provider of Artificial intelligence (AI)-powered solutions for cancer diagnostics and ...

Time May 22, 2024
arrow
St. Vincent’s Private Hospital, the largest acute private hospital in Dublin, announced a five-year contract with AGFA HealthCare including Enterprise Imaging for both radiology and breast imaging
News | Enterprise Imaging
St. Vincent’s Private Hospital, the Largest Acute Private Hospital in Dublin, Chooses AGFA HealthCare’s Enterprise Imaging for Radiology

May 16, 2024 — AGFA HealthCare announced that St. Vincent’s Private Hospital in Dublin, Ireland, has chosen to implement ...

Time May 16, 2024
arrow
Partnership addresses pressing challenges in the US healthcare system and is set to advance radiology workflow for US healthcare providers
News | Artificial Intelligence
deepc Expands US Presence, Enabling Radiology AI Access for Numerous Healthcare Practices via ImagineSoftware Partnership

May 16, 2024 — deepc, the globally recognized digital medicine pioneer and market leader behind the leading AI operating ...

Time May 16, 2024
arrow
Philips recently partnered with Amazon Web Services (AWS) to develop Philips HealthSuite Imaging
Sponsored Content | Case Study | Enterprise Imaging
Delivering Comprehensive Enterprise Imaging from the Cloud

Having the most efficient clinical workflows with enhanced diagnostic capabilities is a major goal for clinicians and ...

Time May 16, 2024
arrow
In a recent announcement, etherFAX reported that through its new integration into Hyland’s OnBase platform, the company is enabling healthcare organizations to securely exchange protected health information (PHI) via the cloud.
News | Enterprise Imaging
etherFAX Expands its Hyland Partnership by Launching New Cloud Fax Integration

May 15, 2024 — etherFAX has announced the expansion of its partnership with Hyland, a global provider of intelligent ...

Time May 15, 2024
arrow
A new UCLA study found Unfold AI’s precise prediction of prostate margins significantly impacts the success of focal therapy treatments
News | Prostate Cancer
New Study Demonstrates Avenda Health’s Unfold AI to Better Predict Focal Therapy Success by 77% Percent as Compared to Standard Methods

May 13, 2024 — Avenda Health, an AI healthcare company creating the future of personalized prostate cancer care, unveils ...

Time May 13, 2024
arrow
News | Cybersecurity
New Data Reveals Healthcare Industry is Facing Rising Cyberattacks

May 13, 2024 — In the wake of the cybersecurity breach targeting the prominent healthcare system Ascension, a new study ...

Time May 13, 2024
arrow
© Copyright Wainscot Media. All Rights Reserved.
Subscribe Now