Cisco UK & Ireland Blog

There is a NAC to protecting medical devices, data and networks – Cisco Medical NAC

2 min read



A hyper-connected world

Connectivity permeates almost every area of our lives, with many of us almost continually online and connected to at least one network.

This is great for many reasons; it keeps us in touch with each other and helps ensure we have access to the information, platforms and systems we need – or want – for our work, study and social lives.

The health and care sector is no exception. From booking medical appointments to ordering prescriptions, many activities can now be completed online. Even consultations with GPs and consultants are increasingly taking place via video link. And from infusion pumps to blood pressure monitors, the type and number of connected medical devices in use has grown beyond our comprehension in a relatively short space of time.

Once restricted to large, static clinical diagnostic equipment such as MRI or CT scanners,  mobile medical devices play an increasingly vital role in the delivery of care while, enabling remote monitoring and access to telemetry-style information.

Paying the price

Unfortunately, it’s not all good news. Greater connectivity results in a larger attack surface, giving attackers more places to target and inevitably making health and care organisations more vulnerable. And the sheer volume of connected medical devices increases their reliance being on being connected in order to deliver effective patient care.

This is not just inconvenient; device, data and network compromise can have a severely negative impact on their ability to care for patients, as well as introducing risk across an entire network or organisation.

Orange Alert

There are several reasons why medical devices present such a risk.

Firstly and very sadly, the NHS is often an undeserving target. Secondly, devices are often bought and connected to the network by clinical teams rather than NHS IT experts, leading to a potential lack of visibility and control, as demonstrated in April 2018 by Orangeworm. This particular threat targeted several industries, including providers to the healthcare industry – and medical devices.

Bridging the gap between accessibility and security

In addition, not all developers fully understand how to secure. Therefore, security lessons learnt throughout the desktop operating system space over many decades (the need for patching and software lifecycle management for example), might not always be at the forefront of the design and development process in the case of new vendors.

The dichotomy for the NHS and other health and care organisations is fully exploiting the benefits of medical device connectivity while also ensuring security and data integrity. So, how can we bridge the gap between the two?.

Cisco Medical NAC – the NAC to protecting medical devices

Cisco Medical NAC identifies and protects medical devices as they connect to the network while monitoring and removing threat. It achieves this through instant fingerprinting of both medical and nonclinical devices, while providing easy onboarding services for guests, patients and staff for secure access to authorised resources across converged wired and wireless networks. Cisco Medical NAC also protects medical devices and records from non-clinical devices and from malware, and continually monitoring suspicious activity across the network.

Not only can all of the above help ensure data integrity and protect networks, but it can also support improved patient safety by protecting clinical devices.

Want to know more?

Whether at home or work, we owe it to ourselves to protect our precious phones, laptops, games consoles, etc. And also owe it to patients, staff and NHS networks to offer ensure the equipment used in care delivery not only works, but is secure and protected.

So, to find out more about how Medical NAC does all of the above, download the paper. And for general health and care security advice visit our new health and care security webpage, or contact us directly.

Authors

Mark Jackson

Principal Information Assurance Architect

UK Public Sector

Leave a comment