Multinational cybersecurity company Palo Alto Networks on Tuesday, December 6, announced a medical IoT (internet of things) security suite that runs on the 'zero trust' philosophy — a cybersecurity approach that entails continuous verification of every user and device. The timing of the announcement could not have been better, as the country's premier hospital — All India Institute of Medical Sciences (AIIMS), Delhi — is just getting back on its feet after a cyberattack, and at least one other hospital's servers were breached with patient data uploaded for sale on the dark web.

The new suite — Medical IoT Security — is aimed at enabling healthcare organisations to deploy and manage new connected technologies quickly and securely, especially now that healthcare providers use "digital devices such as diagnostic and monitoring systems, ambulance equipment, and surgical robots to improve patient care," the company said in a press release.

“The proliferation of connected medical devices in the healthcare industry brings a wealth of benefits, but these devices are often not well secured,” said Anand Oswal, Senior Vice President of Products, Network Security, at Palo Alto Networks.

Also read: Online registration and other initial online services begin at AIIMS Delhi after cyber attack: Sources

“This makes security devices an attractive target for cyberattackers, potentially exposing patient data and ultimately putting patients at risk," he added.

Palo Alto said it implements zero trust through "automated device discovery, contextual segmentation, least privilege policy recommendations and one-click enforcement of policies" in a "seamless, simplified manner."

"Medical IoT Security also provides best-in-class threat protection through seamless integration with Palo Alto Networks cloud-delivered security services, such as Advanced Threat Prevention and Advanced URL Filtering," the press release read.

Also Read: AIIMS Delhi cyber attack: Authorities confident of retrieving encrypted data, sources say

According to the announcement, Medical IoT Security uses machine learning (ML) to enable healthcare organisations to:

Create device rules with automated security responses: Easily create rules that monitor devices for unusual behaviour and automatically trigger appropriate responses

Automate Zero Trust policy recommendations and enforcement: Enforce appropriate access to medical devices that is easily scaled across a set of similar gadgets.

Understand device vulnerabilities and risk posture: Map each medical device to a list of common vulnerabilities, which will help identify software used on the devices and their weak points. "Get immediate insights into the risk posture of each device, including end-of-life status, recall notification, default password alert and unauthorised external website communication," said Palo Alto.

Improve compliance: Easily understand medical device vulnerabilities, patch status and security settings, and then get recommendations to bring devices into compliance with rules and guidelines.

Verify network segmentation: Ensure each device is part of the proper network segment, which ensures it communicates only with authorised systems.

Simplify operations: Integration with existing healthcare information management systems to help automate workflows.

"Healthcare providers continue to be high-value targets for attackers. This reality, combined with the diversity of medical IoT devices and their inherent vulnerabilities, points to a real need for device security that is purpose-built for healthcare use cases. The ability to defend against threats targeting critical care devices ... is quickly becoming a necessity for the protection of patient data and lives," said Ed Lee, Research Director, IoT and Intelligent Edge Security, International Data Corporation.

Also Read: After AIIMS, hackers attack ICMR website 6,000 times in a day

(Edited by : Shoma Bhattacharjee)