The Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) has provided expanded guidance in a new Analyst Note on internet of things (IoT) security risks and suggested mitigations.
The reasons for the increased focus on IoT security are compelling. Today, there are about 7 billion IoT-connected devices, and estimates project this will increase to over 20 billion devices in 2025.1 In July of this year, the vendor SonicWall observed a 123% spike in IoT malware attack volumes impacting healthcare. An earlier report by CrowdStrike and Medigate determined that approximately 80 percent of the surveyed healthcare organizations reported IoT security events within the previous 19 months.2
Healthcare today relies on many interconnections, and this number is expected to grow rapidly. As the number of interconnections increase, so does the available attack surface. The number of cyberattacks impacting IoT will continue to expand. Adding IoT to an organization can increase the attack surface if the network isn’t segmented into secure zones.
Network segmentation is highly recommended by HHS HC3. Network segmentation splits the network into subnetworks or zones which can limit access, reduce congestion, and limit failure.
Network segmentation can help isolate vulnerable IoT devices from other information technology equipment in use. Network segmentation reduces risk of compromise and is part of building out a Zero Trust architecture.
Common IoT attacks can include privilege escalation, eavesdropping, man-in-the-middle attacks, brute-force attacks, physical tampering with IoT devices, DDoS attacks, firmware hijacking, and more.
Suggested mitigations offered by HHS HC3 to help protect IoT devices include:
- Implement a zero trust architecture. Refer to the National Security Agency guidance on zero trust security.
- Change default router settings.
- Pick a strong password—NIST provides guideline 800-63.
- Try not to use Universal Plug and Play (UPnP) as it can render devices more vulnerable to cyberattack.
- Timely and complete software and firmware patches and updates are essential to eliminating the great majority of known vulnerabilities.
Healthcare Remains in the Center of the Bullseye
Healthcare remains one of the biggest targets for cyberattacks globally. Healthcare data is
comprehensive and provides all the materials cyber criminals need to support identity theft and falsify financial applications. Ransomware attacks continue to impact healthcare institutions globally, and continue to jeopardize the availability of critical services in hospitals and provider organizations.
IoT devices generally have minimal security. If controls like segmentation are not in place, IoT-connected devices have large and virtually unprotected attack surfaces. Once malware circulates within the hospital networks, it can easily infect a multitude of IoT devices, possibly medical devices, provider laptops and desktops, mobile devices, ambulatory physicians, and the interconnected healthcare ecosystem. Close visibility and inspection of the traffic emanating from these devices can help identify and shut down IoT-based threats and others before they can result in a reportable data breach or extortion of funds.
Threat intelligence and enhanced DNS security capabilities can help healthcare institutions potentially find new ways to reduce the risk of data exfiltration. This, in turn, may assist with efforts to meet health care compliance, which is regulated by the Health Insurance Portability and Accountability Act of 1996.
Protecting Healthcare Institutions with BloxOne Threat Defense
BloxOne Threat Defense protects enterprise users, devices, and systems no matter where they are, strengthening and optimizing your security posture from the foundation up. Its hybrid architecture extends protection across your on-premises, remote locations, and teleworking environment. It detects and blocks phishing, exploits, ransomware, and other modern malware, and it prevents workers from accessing objectionable content restricted by policy. Unique patented technology prevents DNS-based data exfiltration, to keep protected data safe, monitors for advanced threats (including lookalike domains) and automates incident response so that your security ecosystem can remediate any incidents quickly.
Infoblox controls enforce your policies and protect all the employees and devices in a healthcare institution, both on-premises and remote. Using DNS as an essential control point ensures that every Internet request, either from a medical worker’s laptop or from a connected healthcare device, is inspected to determine if it is malicious. DNS also gives you scalable web and content filtering and reduces your overall threat defense costs.
From an IoT perspective, EDR/XDR solutions have limited to no visibility on these devices and endpoint security can’t always be deployed on them. This is where BloxOne Threat Defense and DNS security comes into the picture to offer protection against malware and data theft, without the need for agents.
More data on Infoblox solutions for healthcare are located here.
Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners. Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks. Every organization—large and small—must be prepared to respond to disruptive cyber incidents. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks. When cyber incidents are reported quickly, we can use this information to render assistance and as a warning to prevent other organizations and entities from falling victim to a similar attack.
Organizations should report anomalous cyber activity and/or cyber incidents 24/7 to firstname.lastname@example.org or (888) 282-0870.