Healthcare Hero Image

Digital trust
for healthcare

What are the top cyber risks in the Healthcare industry?

The healthcare industry is the most complicated environment to secure—from the medical devices community, to healthcare providers, healthcare workers and government bureaucrats. This is the industry at highest risk because of the sheer volume of unmanaged or hard-to-manage devices and the consequences (life-or-death nature of the trade). The emerging nature of IoT devices and cybersecurity compliance requirements in the healthcare sector requires both equipment vendors and service providers to implement security policies that address the risks posed by cyber-attacks and insider threats. Mission critical production systems and medical devices require protection from unauthorized software updates or configuration changes, and secure authentication of field and remote operators. Legacy enterprise IT managed systems rely on password policies, multi-factor authentication and role based physical and network access. Such controls are inadequate against zero-day cyber-attacks on headless IoT devices that subvert threat intelligence-based intrusion and/or anomaly detection systems designed to prevent data breaches. Therefore, IoT solutions in the healthcare sector require a tamper-resistant system that provides built-in protection controls, trustworthy change management and continuous integrity verification—for high scalability and availability.

How do you build a strong healthcare cybersecurity strategy?

Digital trust for healthcare requires the following actions:

  • Securing the identity and integrity of medical devices at the grassroots level
  • Securing the integrity of data exchanges from devices to receivers (display stations and monitors)
  • Securing the digital secrets (keys and certificates) on the devices and receivers
  • Rotating the digital secrets at scale and as a managed maintenance activity—for device lifecycle management and transfer of ownership (e.g. remote patient monitoring platforms)
  • Tamper-resistant content delivery through the supply chain for traceability
Heart Monitor Image

How Do You Automate Security Lifecycle Management for Legacy Medical Devices?

Industry: Healthcare

Devices: Aging Legacy Medical Devices

Company: Medical Device Manufacturers

Challenge

  • Legacy devices running Windows XP and 7
  • Unsupported and un-patchable devices
  • Field technicians cost hundreds of dollars per dispatch to re-provision certificates and deliver updates
  • Manual process is vulnerable to insider threats, supply chain tampering, and man-in-the-middle (MITM) attacks

Solution

  • Mocana TrustCenter™
    • TrustEdge™ Clients
    • Buy (not build) protection
  • Interoperability with greenfield and legacy brownfield devices
  • Deploy on in-field devices
  • Work with customers and US FDA to ensure solution does not require an FDA re-certification of medical devices

Benefits

  • Simple solution to upgrade in-field medical devices
  • Solution automates the re-provisioning and management of digital certificates
  • Does not require an FDA re-certification
  • Reduces surface of attack
  • Reduces risk of MITM
  • Millions of dollars in forecasted savings in operational security costs

What healthcare connected devices are most vulnerable?

Aging medical devices such as imaging equipment, pumps, surgical equipment, implantable medical devices, hospital and home patient monitors, and medical IoT edge devices are vulnerable due to a lack of strong cryptographic controls. In healthcare, risk is measured in terms of loss of life, human safety and reliability of the systems. While data privacy is important, compromised systems directly impact patient care.

Doctors Image
Healthcare Stat

Which cybersecurity standards apply to the Healthcare industry?

Medical equipment manufacturers and healthcare providers must ensure compliance with HIPAA, HITECH Breach, and cybersecurity standards such as NIST 800-53, Revision 4, IEC 62443-3-3, and FIPS 140-3. Keeping up with these standards as well as emerging standards from the Industrial Internet Consortium (IIC) and Industrie 4.0 can be challenging. New regulations such as GDPR in Europe raise the stakes for non-compliance to more than €20 million per incident. Older protocols such as Modbus, DNP3 and BacNet can be difficult to secure.

How does DigiCert + Mocana deliver
Digital Trust for Healthcare organizations?

Healthcare Infographic

Used by more than 200 OEMs to protect more than 100 million devices.

Mocana’s end-to-end cybersecurity system is a FIPS 140-3 validated embedded cybersecurity software solution that ensures device trustworthiness and secure communications by giving industrial automation manufacturers, OEMs and critical infrastructure operators an easy way to harden electronic control units and controllers with multi-factor authentication and trust chaining, as well as secure boot to validate the firmware, OS and applications.

Learn more about DigiCert + Mocana solutions

Industry Icon 1

TrustCenter™

Control center for managing devices in the field

Industry Icon 2

TrustEdge™

Plug-and-play on-device clients that secure operations

Industry Icon 3

TrustCore™

SDK that simplifies business application development

Connect with an expert to help you establish,
manage and extend digital trust

By supplying my information and clicking submit, I agree to receive communications about DigiCert products and services, and I agree to DigiCert and its affiliates processing my data in accordance with DigiCert’s Privacy Policy.