Hospitals had a close call last week as the WannaCry ransomware campaign infected healthcare systems across more than 100 countries. The unprecedented cyberattack encrypted users’ data throughout Britain, Europe, and Asia and has forced IT managers to rethink how best to outsmart the next outbreak.

Why is the Healthcare Sector So Vulnerable?

Cybersecurity experts say connected healthcare devices are particularly vulnerable to attacks. Many connected devices were designed for enhanced convenience and remote management with little regard to security. Consequently, these devices are not easily field-upgradable and many remediation tasks we take for granted such as installing patches or upgrading applications/OS simply does not apply. The result: Healthcare systems are highly susceptible to cyber threats. Confirmed reports  reveal that medical devices from MedRad (Bayer), Siemens, and others have already been infected.

And the problem is more widespread. The National Health Service (NHS) in England reported about 45 hospitals were affected and patient safety was put at risk when doctors and hospitals were unable to access patients’ medical records and history. Not surprisingly, a recent study  of 42 NHS Trusts revealed 90 percent of NHS Trusts’ devices were still running the unsupported Windows XP operating system. Many of these devices are single-purpose systems (medical devices) that are not given enough TLC in the form of patches and updates. In fact, most medical devices use commercial off-the-shelf (COTS) operating systems, rather than tailoring a secure system to fit their needs.

Who’s Next?

A few days into the ransomware attack, other sectors have also been affected. A disproportionate number of special-purpose systems have become victims. Operational services at Telefonica, FedEx, Renault, Deutsche Bahn AG, and others have taken a major hit .

Special-purpose systems — such as medical devices and industrial controllers — share common challenges.

  • They’re hard to patch: Most devices are not easily upgradeable. Once deployed, they generally run the factory default software with no provisions to update it.
  • Have a long lifecycle: IoT devices have a long lifecycle compared to IT devices. Many loT devices have no security but are, nevertheless, deployed with a life expectancy of 15-20 years.
  • Are often unmanaged: The lack of endpoint agents results in blind-spots within the IoT infrastructure. With no logs from IoT devices, current security solutions, like SIEM, also remain blind to IoT threats.

Solutions & Security

While nearly all of a company’s security investment is geared toward protecting IT assets, half of a firm’s network infrastructure is made up of special-purpose systems (or IoT). Ignoring these systems come with severe consequences, as the recent healthcare scare makes clear.

Traditional security is not enough. The inherent characteristics of IoT devices makes it hard to discover, manage, patch, and upgrade the systems. We now know for a fact that traditional security controls are far less effective in securing IoT infrastructure. Traditional security tools lean too heavily on perimeter defense, signature-based threat detection, and security event correlation that do not sufficiently protect special-purpose systems.

Fortunately, special-purpose systems have a major advantage: They’re designed to perform select tasks using specific protocols. Security solutions with advanced machine learning algorithms can baseline the intended behavior, discover abnormal behaviors, and detect deviations to uncover hidden threats. Understanding the personality of a device enables an intelligent solution to detect when it’s misbehaving.

This article was written by Xu Zou, CEO and cofounder of ZingBox, an IoT security solutions firm in Mountain View, CA.