CyberMDX and Microsoft: Protecting life-saving medical devices

This blog post is part of the Microsoft Intelligent Security Association (MISA) guest blog seriesLearn more about MISA.

While hospitals continue to battle the COVID-19 pandemic, many are battling other “viruses” behind the scenes. Malware, ransomware, and phishing attacks against healthcare delivery organizations are on the rise with many increasing in severity, exposure, and ramifications. An estimated 560 US healthcare targets were impacted by ransomware in 2020, with many of these targets being large conglomerates consisting of hundreds of hospitals.

Most cyberattacks against hospitals originate with or involve unmanaged IoT and medical devices, resulting in prolonged undetected breaches at the device, network, and perimeter levels. In fact, 63 percent of healthcare organizations experienced a security incident related to unmanaged IoT devices in the past two years. These gaps expose the most important elements of a hospital’s healthcare delivery mission.

Healthcare organizations are one of the biggest targets for online attacks. The most common attacks involve stealing patient data to derive financial gain. However, as the stakes rise and the attacks become more brazen, patient lives are now at risk.

The current state of cybersecurity in hospitals

Inherent vulnerabilities are an easy target for bad actors, and many hospital networks lack asset visibility and cybersecurity protection to effectively defend their networks. Currently, hospitals are experiencing:

  • A shortage of cybersecurity talent: A lack of cybersecurity expertise has been a long-standing issue throughout the healthcare industry-leading organizations to rely heavily on third-party providers, software, and hardware to make up for the gap.
  • Confusing regulatory requirements: A disconnect between the intentions of regulators and the nature of cybersecurity continues to drive vulnerabilities. Regulation is designed to prevent past occurrences from recurring and as such is fundamentally retrospective.
  • Minimal software updating and security patching: Updating software and implementing security patches is critical to preventing many cyberattacks and yet device management within the industry is significantly lacking. In fact, 60 percent of medical devices are at the end-of-life stage with no patches or upgrades available.
  • A proliferation of connected devices: More connected devices come into hospitals every year and the trend is only growing. More than 400 million connected medical devices are already operational worldwide, with another 125 million or so expected to come online in the next year.

Nursing the industry back to health

To effectively protect and defend hospitals from these attacks, a multi-layered approach and best-of-breed solution is required. Microsoft Defender for Endpoint is a complete security solution that protects endpoints from cyber threats, detects advanced attacks and data breaches, automates security incidents, and improves security posture. Complementary to this, the CyberMDX Healthcare Security Suite gets more granular and healthcare-specific by identifying, categorizing, and protecting connected medical devices—ensuring resiliency, as well as patient safety and data privacy.

Architectural diagram displaying CyberMDX integrating with Microsoft Defender for Endpoint.

Coupling the CyberMDX solution’s visibility and detection capabilities for unmanaged healthcare devices, together with Microsoft Defender for Endpoint single pane of glass view, healthcare organizations are equipped with unmatched cross-platform and device visibility, classification, and incident response capabilities.

With this combined solution, a large hospital network in the US was able to secure 100 plus connected device types across 26 locations. They were able to:

  • Gain full discovery of all the connected (managed and unmanaged) devices in their network, whether medical devices, IoT, workstations, mobile and more.
  • Automatically apply a risk profile to each connected asset and alert the security team of any malicious activity.
  • Gain insight into device utilization metrics.
  • Automatically track medical device recalls.

The solution also provided customized reports to IT, biomed, compliance, and executives, and instantly highlighted security issues related to ePHI, patient safety, and internet exposure. The hospital staff also utilized the comprehensive dashboards and reports for clinical network and medical device security, helping the IT and security teams to share information and collaborate more than they had in the past. The solution helped ensure patient safety and improved care so they could get back to what was important—saving lives.

The security of connected medical and IoT devices is a serious concern and attacks can come from anywhere. Together, CyberMDX and Microsoft provide a holistic view of all managed and unmanaged medical devices in a single dashboard; making hospitals safer and more efficient, so they can go back to focusing on their patients and saving lives.

Learn more

Explore CyberMDX. Visit the CyberMDX listing in the Azure Marketplace or visit our web page.

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website, where you can learn about the MISA program, product integrations and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products.

To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.