In the wake of enormous digital transformation in the healthcare sector, healthcare delivery organizations (HDOs) now face more challenges to secure the many devices within their networks than ever before. A healthcare organization’s cyber-physical systems (CPS) contain an unprecedented number of connected devices, including traditionally unmanaged assets like medical devices, IoT devices, and building management systems.
With all these devices comes the responsibility to reduce risk and minimize exposure. Key to this is improving security postures with greater asset visibility, which allows healthcare organizations to monitor, evaluate, and mobilize against threats. Once you’re aware of all the devices on your network, next comes the real opportunity: a comprehensive exposure management program.
Understanding the importance of exposure management in healthcare environments is foundational to securing healthcare networks. Let’s explore what exposure management is, why it’s so critical for healthcare organizations, and the top considerations when putting it into practice.
What is exposure management in healthcare?
In cybersecurity, the state of being vulnerable to potential cyber attacks due to weaknesses in the CPS environment is referred to as exposure. Therefore, exposure management refers to a cybersecurity approach that aims to identify, assess, and address vulnerabilities before they are discovered and exploited by attackers.
With so many different types of devices connected to a healthcare network, the goal of exposure management within health organizations is to reduce the attack surface by identifying vulnerabilities on the network and taking appropriate action to minimize risk.
Why should healthcare delivery organizations prioritize exposure management?
Healthcare organizations contain many different types of complex assets in their network. This can make the network all the more difficult to secure.
Claroty found that of 20 million devices analyzed within our existing data, there is what can be considered a “vulnerability management blind spot”. By taking a CVSS approach, as many traditional vulnerability management programs do, a subset of your highest-risk devices on your network are not being properly identified. These devices are connected to the internet with insecure access and tend to have at least one Known Exploited Vulnerability (KEV).
By shifting from traditional CVSS-based vulnerability approaches to a continuous threat exposure management program, from the attackers point-of-view, healthcare cybersecurity programs can continuously mitigate this blindspot and better protect patient care.
With clinical devices and IoMT assets connected to building management systems (BMS), prioritizing the safety of patients and staff is essential and traditional methods may not suffice. Protecting BMS is particularly important now as more and more cyber incidents are impacting building automation systems.
Exposure management is a proactive approach to securing your organization’s CPS in order to maintain the integrity of your clinical environment, protecting patients, staff, infrastructure, and your devices.
Top Exposure Management Considerations for Healthcare Organizations
It’s clear how critical exposure management is to protecting your healthcare organization, now let’s dive into the top considerations in applying this approach.
1. Healthcare industry and regulatory pressures
Advancements in legislation, from the PATCH ACT to version 5 of FedRAMP, NIS2, and several regional IoMT regulations, have emphasized the significance of the need for stronger cybersecurity controls. Other industry pressures include software bills of materials (SBOMs), which provide visibility into potential threats that may arise from embedded vulnerabilities. Unique insights from medical devices can be gathered from Medical Device manufacturers (MDM) through VEX documents, MDS2 forms, and more.
Healthcare organizations, on average, navigate more than 360 unique patch certification programs from medical device manufacturers. The challenge lies in finding solutions that possess both the expertise and the appropriate knowledge of the healthcare sector to effectively trace the entire attack path, address vulnerabilities and exposures, and facilitate efficient compliance.
2. Tailored asset visibility methods
The safeguarding of medical devices requires a distinct strategy that involves the discovery, verification, and execution of a program that utilizes a wide range of data gathering methods.
Beyond just medical devices, Claroty found that 30% of cyber incidents within hospitals in the last year have affected other CPS, including building management systems. To identify these extended CPS, which are typically not managed by IT, requires both passive and active discovery methods, ensuring detailed insight into vulnerabilities and exposures.
Different devices require different methods of discovery, and what works in IT may not work with OT devices. This is why when applying active discovery methods, it’s critical to use a tool that is purpose built for OT devices and is able to utilize the right protocols to query each device in order to ensure no disruption or downtime.
3. Managing risk requires a dynamic approach beyond vulnerability management
Traditional methods of vulnerability management don’t offer the level of exposure management necessary to secure all the different types of devices connected to a healthcare organization’s network.
Consider the fact that Claroty’s Team82 found that 38% of the riskiest assets are overlooked by traditional, CVSS-based vulnerability management approaches. This analysis of over 20 million assets reveals an incredible blind spot that can easily be exploited by bad actors.
Instead, exposure management for healthcare environments must highlight the highest-risk devices to prioritize and guard against potential attacks.
How Claroty xDome Manages Exposures in Healthcare
Adopting a robust exposure management program requires a deep understanding of medical device workflows accompanied by smooth operations across Information Security, Clinical Engineering and Facilities teams, along with swift detection and remediation abilities.
Claroty xDome offers robust exposure management capabilities with all of these considerations in mind. Claroty’s CPS exposure management process includes the following capabilities:
Purpose-built for CPS: Claroty xDome is purpose-built to protect all CPS devices in the healthcare environment, allowing your organization to prioritize the devices most critical to operations through exceptional visibility and management.
Multiple discovery methods: With both active and passive querying, Claroty xDome maps the communication paths and protocol usages of all the devices in your network, attributing vulnerabilities and monitoring for threats.
Prioritization for critical processes: Devices are assessed based on their likelihood of being exploited, the impact if they are exploited, and the compensating controls that have been applied. With these insights, Claroty’s solution provides recommended actions and allows users to prioritize remediation efforts determined by specific outcomes.
Validation of exposure scenarios: For expanded visibility, Claroty xDome can utilize SBOMs/VEX files to eliminate false positives, use additional discovery tactics like active scanning, or consult with OEM to verify risk.
Streamlined remediation: By integrating with leading IT cybersecurity, OT cybersecurity, and asset management solutions, Claroty xDome can streamline risk management processes through automated recommendations and detailed reporting.
Through years of experience working with healthcare organizations to strengthen their approach to CPS protection, Claroty’s approach to exposure management is the next step to bolstering your organization’s cybersecurity practices.
To see how applying a comprehensive exposure management program can better protect your healthcare organization, get in touch with our team for a demo.
