Zingbox and Nuvolo team up to help combat healthcare IoT cyberthreats
Zingbox reports that hackers have accessed medical systems via insecure MRI scanners and other devices.

Zingbox and Nuvolo team up to help combat healthcare IoT cyberthreats

Edge security company Zingbox has announced a partnership with cloud security specialist Nuvelo, which will see Zingbox’s IoT Guardian offering integrated with Nuvolo’s medical device security platform.

The new service will combine the ability to discover, secure, and optimise IoT devices with a modern, cloud-based, single system of record for medical device inventory data, said the companies in a joint announcement.

The firms explained that integration of the two systems will tackle one of the biggest challenges faced by healthcare providers today: how to streamline workflows to monitor, secure, and optimise their clinical assets.

The combined solution will bring together a rich device data model with dynamic device profiles to identify threats and reduce risks, said the vendors.

Medical security issues

The lax cybersecurity of networked medical devices is one of the biggest threats affecting the healthcare industry today – an attack surface that can only grow as more and more connected devices are introduced in hospital environments to support operations and patient care.

According to figures from Gartner, by 2020 the number of connected medical devices requiring deeper security measures will increase by 45 percent. Zingbox’s own threat research reveals that imaging systems account for more than half of all the security breaches related to connected medical devices.

In terms of technology management and security, the challenges in the sector can be significant. Many healthcare companies rely on a guesstimate of the number of devices they deploy, and are often unaware of the underlying security problems associated with connecting specialist hardware.

A further problem is that there are multiple systems of record among healthcare companies, with non-standard naming conventions, fields, forms, and location IDs – many of which are outdated and may introduce unnecessary risks, the security firms said.

Xu Zou, CEO of Zingbox, said that the integration of the Zingbox and Nuvolo products delivers the “benefits of real-time discovery, security, and optimisation of connected medical devices with the trusted source of medical device contextual data, workflow, and orchestration.

“Our two companies deliver a simple deployment capability that addresses a pervasive and growing cybersecurity threat plaguing the healthcare industry,” he added.

Tom Stanford, CEO of Nuvolo, added that the platform has a set of capabilities to identify IoT threats and vulnerabilities, and this would enable a “rapid and informed response, and proactively identify other at-risk devices in advance of them being exploited”.

“The enabler for these essential capabilities is access to contextual medical device data and orchestration capabilities that initiate, track, and manage remediation activities in response to a threat. Trusted and reliable enterprise capability in these areas has not been attainable until now,” he said.

Internet of Business says

Edge security specialist Zingbox was one of the Dell partners presenting at Dell’s IoT strategy launch event in New York City last October. At that event, the company explained how hackers had already managed to gain entry to hospitals’ central data systems in the US via unsecured medical devices, such as scanners, and had not only been able to access patients’ records, but also to change their drug dosages remotely.

Part of the security challenge is that some medical devices were never designed to be connected to the internet, while others are old, but can’t simply be replaced for budgetary reasons. More, medical devices are tightly regulated, and so can’t be constantly updated or modified with ease, as most IT devices can.

This is why new approaches are essential in medical cybersecurity – solutions that tackle the challenge holistically in the edge environment, by looking for unusual behaviours and non-standard requests, rather than by attempting to secure thousands of individual devices.

The Internet of Health conference takes place in Boston, USA, June 26 & 27, where you can learn more about how emerging technologies are disrupting healthcare.

Internet of Health