Palo Alto Networks looks to strengthen healthcare IoT security

Palo Alto Networks today launched a new healthcare IoT security offering designed to provide better visibility, automated monitoring of hitherto vulnerable healthcare IoT frameworks through machine learning and adherence to Zero Trust principles wait.

Medical device security is a serious issue for most organizations in the healthcare space, with a long list of reported vulnerabilities in the field dating back many years. Fundamentally, experts agree, a big part of the problem is that many connected devices used in medicine were not originally designed for network connectivity. Because the feature was grafted on as an afterthought rather than designed from the ground up, insecure default configurations, dependencies on broken codebases, and many other serious issues cropped up.

Palo Alto’s healthcare IoT application attempts to circumvent some aspects of the problem by using machine learning to automatically discover and track the behavior of connected devices. Having a complete device inventory is already a step forward for many organizations, and machine learning-based tracking of behavioral anomalies may further improve security against threats to vulnerable medical hardware without built-in security measures. situation.

Analyze to determine compliance of security settings

The company is also touting its new product’s capabilities in the area of ​​compliance, specifically analyzing patches and security settings to determine whether they comply with regulatory frameworks such as HIPAA and GDPR. Additionally, network segmentation—another key way to protect leaked medical devices from external threats—is also a core part of Palo Alto’s new product, which provides a visual map showing which devices can communicate with each other.

1 second of 27 secondsVolume 0%

Meanwhile, the company’s visibility feature provides automated software bill-of-materials (SBOM) analysis of all connected devices on the network, comparing them to known vulnerabilities and issuing alerts when CVEs (Common Vulnerabilities and Exposures) are discovered.

Beyond simple design flaws, medical IoT devices also present access control issues – many vulnerable devices are located in public hospital wards and clinics, meaning it’s often easy for bad actors to gain physical access to them. The pandemic has only exacerbated the situation by prompting many healthcare providers to offer telemedicine and virtual care services.

“The security challenges of medical devices make them attractive targets for cyberattackers,” Anand Oswal, senior vice president of product at Palo Alto, said in a statement accompanying the product launch. “An attack on these devices could expose patient data, halt hospital operations, lead to reduced levels of care, and ultimately jeopardize patient health.”

Palo Alto said its medical IoT security products will be available in January 2023. It will be sold as a paid add-on to the company’s core firewall products, which are available in hardware, virtual machine or cloud-delivered form factors. During the service period, the price is based on a percentage of the list price of the firewall device used with it. Application licenses can be purchased for a specific period of time.

Kontakt