Blog / 6 min read
Like many other enterprises, healthcare delivery organizations (HDOs) are becoming increasingly interconnected. Today, digitized control systems are now relied upon in nearly every step of the patient care delivery process. For instance, electronic health records (EHRs), patient archiving and communication systems (PACs), and an explosion of telehealth systems and connected medical equipment are all devices used to monitor and support patient care. The cyber risks facing HDOs are growing exponentially as digital transformation takes off and as the devices mentioned are increasingly becoming connected to the internet. Aside from the control systems mentioned, an area that commonly lacks attention when discussing healthcare cybersecurity are the building management systems (BMS). Organizations rely on BMS to keep their assets running, while also maintaining a safe environment for patient care. However, these systems at times can be overlooked or not prioritized when establishing a comprehensive healthcare cybersecurity strategy.
As with other forms of enterprise technology, building management systems have undergone rapid digital transformation in recent years, shifting toward smart, connected systems to take advantage of performance improvements, reduced energy consumption, and cost efficiencies. But like all forms of digital transformation, connecting formerly isolated building management systems to the internet and an organization's internal network introduces additional cyber risk.
Cyber patient safety refers to the protection of patient information and healthcare systems from cyberattacks. Cyber patient safety has become increasingly important as the internet of medical things (IoMT) becomes more interconnected, and healthcare data and systems become a more valuable target for cyber criminals. Healthcare cybersecurity strategies must be established as the consequences of attacks can be significant, not only including the theft of patient data, but the disruption of healthcare services and potential harm to patients as well. This is especially true when establishing a healthcare cybersecurity strategy for BMS, as these systems are critical for maintaining efficient and safe operation of hospitals and healthcare facilities.
The concerning truth is that vast networks of cyber-physical systems — security cameras and physical access controls, HVAC systems, lighting, fire alarm systems, power, elevators, and other crucial mechanical or electrical equipment — form the backbone for healthcare delivery. In the event of a failure, healthcare delivery becomes more difficult and patient outcomes can suffer. Some real-life examples include:
The malfunction of a cryogenic freezer at a California hospital resulted in its failure to maintain the appropriate temperature, which caused custom stem-cell immunotherapies to be destroyed. The hospital was found civilly liable, but the worst outcome was that it had a serious impact on treatment for dozens of children fighting cancer. Temperature controls are also crucial for the storage of vaccines, and pharmaceutical giants like Pfizer trust Claroty to help them ensure the sensitive materials are kept safe throughout the supply chain.
The failure of the air-filtration systems at a hospital in Washington State to eliminate mold spores within its supposedly sterile operating rooms resulted in multiple patient deaths. It was found that the hospital had air handlers with a mold infestation, and mold spores ended up in an operating room, infecting patient surgical sites. The hospital was found negligent after some patients died from exposure to said mold spores.
An HVAC system failure at a California hospital caused the EHR to go offline, resulting in cascading issues that compromised patient care and caused enormous headaches for the hospital administration. Adding insult to injury, the incident occurred during an inspection from Joint Commission on Accreditation of Hospitals.
Multiple incidents have been documented involving elevator malfunctions at hospitals, which have led to patients and staff being stuck, seriously injured, or even killed. The ability to monitor specific indicators to ensure elevators are operating safely and reliably is thus critical to managing risk at medical facilities.
Building management systems are often overlooked as a potential weak point in an organization’s defense perimeter, because security teams are preoccupied with protecting more traditionally targeted assets. However, threat attackers now understand that BMS are not only critical to operations, but they can also serve as a pathway to other secured infrastructure and therefore are extremely valuable.
Government alerts and industry researchers enumerate vulnerabilities, as well as the tactics and techniques adversaries use to disrupt operations and steal confidential data via BMS. For example, in October 2021, the Cybersecurity and Infrastructure Agency (CISA) issued an advisory for a vulnerability present in a widely used building automation system for coordinating HVAC building controls. If exploited, the vulnerability could enable an adversary to inject code in the input forms used for web page generation. Once the malicious script is injected, the attacker can perform a variety of activities, including exfiltrating private information, launching phishing attacks, and gaining access to administrator credentials to tamper with control settings. This could result in a shutdown of computer systems that drive critical functions for patient care delivery.
Many facilities have aging building management systems, and many vulnerabilities, like the one described above, affect older HVAC systems that are nearing end of life. These systems predate today’s era of hypoconnectivity, and were not necessarily designed with cybersecurity in mind. The recommended mitigation to enhance healthcare cybersecurity in CISA’s advisory is to install updated firmware. But in contrast to software patches, firmware update cycles are typically much longer due to the risk of downtime and the complexity involved in implementing updates. Often, compensating mitigations are the only remediation strategy when the systems being connected to the internet are legacy.
The Claroty portfolio of solutions supports best practices and includes several capabilities focused on risk mitigation for BMS across critical infrastructure environments, including healthcare. Key benefits include:
Healthcare organizations often lack visibility into the various BMS assets they are connected to across their environment. At Claroty, we continue to expand our library of protocol parsers to add new depth to our knowledge of BMS devices. Our solutions can specifically highlight these critical devices, allowing users to zero-in on specific assets with comprehensive and accurate device profiles and communication mapping.
The critical nature of BMS and low tolerance for disruptive downtime often means that teams are only able to patch the vulnerabilities that pose a genuine threat to their organization. However, determining which vulnerabilities pose the greatest risk is often easier said than done. With accurate profiles for even more types of BMS devices, as well as automatic vulnerability correlation, identifying and managing vulnerabilities is efficient and effective. Claroty includes BMS devices as part of vulnerability assessment, reporting, and mitigating capabilities.
Ensuring each device is correctly assigned to an appropriate network segment is foundational to effective cybersecurity. With Claroty, hospitals can properly segment BMS and all other devices in their environments, enhancing protection and accelerating improvement of their overall security posture.
With the increasing use of IoMT, healthcare devices are now connected to BMS. Although this connectivity provides improved monitoring and control, it also increases the risk of cyber threats to patient safety. To mitigate these risks, healthcare delivery organizations need a strong healthcare cybersecurity strategy and a partner, like Claroty, who can help them to identify and address vulnerabilities in their critical systems. With Claroty solutions, HDOs can increase visibility, assess vulnerabilities, and segment BMS to ensure their unique environment is property protected.