Medical Device Security with Symantec CSP

 

Medical device security was at the forefront of the Healthcare Information and Management Systems Society (HIMSS) Conference in 2018.  The key message encouraged practitioners to apply a layered security approach which includes detailed firewall logging and patch management as part of that strategy.

Of course, this is generally recognized as good practice. However, the current state of medical devices in the field include systems running Windows 2000/XP/7 and Legacy Linux Distributions. In many cases these OS’s are no longer receiving patches from the OS vendor. Many orgs struggle with digesting the high costs of maintenance support from Microsoft with Custom Support Agreements.

Security researchers have found that manufacturers are sidestepping investments in the security of their legacy devices. Instead, they are focusing on reinforcing security for newer technologies.

Challenges

In addition to numerous challenges, there is a high cost of applying security patches to medical devices in the field, regardless of the age of the device. Think about it –  even if security patches were still being released, most of the devices do not have access to the internet or are not entirely connected to any network. This means that any patching must be performed manually by field techs touching every single device, and taking them out of production for the duration of the maintenance.

Patching doesn’t solve all security issues related to legacy devices. Many devices are running with root or system level credentials. Even if the devices are not connected to the network, they are still  susceptible to local access where you can easily gain full control of the device with just a single, exposed USB port. From there, you could effortlessly modify patient monitoring data in such a way that would influence how medical staff treat the patient because of the false readouts on the display.

Symantec CSP Success

Over the last few years, medical device manufacturers working on securing their legacy devices with Symantec Critical System Protection (CSP) have shown excellent results. With Symantec CSP, we have been able to secure legacy Linux and Windows based devices with a standalone agent and policy.

We have successfully achieved:

  1. Blocking the creation, modification, deletion of services or daemons

  2. Blocking the creation, modification, or termination of processes

  3. Blocking the creation, modification, or deletion of system files

  4. Blocking the creation, modification, or deletion of system and application configuration files

  5. Blocking the creation, modification, deletion of users

  6. Blocking the creation, modification, or deletion to the registry for any process other than the main medical device application

  7. Blocking of 3rd party, unknown, or malicious processes or scripts

  8. Blocking installation of new software and blocking uninstallation of existing software

  9. Blocking changes to the registry for any process other than the main medical device application

  10. Block all TCP and UDP ports not used by the main medical device application

  11. Block all access to removable media

  12. Block task scheduling

  13. Block access to modify the BIOS

  14. Block services or daemons from making any changes to files or registry

By placing every process in a security container, Symantec CSP gives you detailed, granular control over how the device behaves. We were able to turn the devices into purpose-built systems where the OS only served as support to the main medical device application. Regardless of the patch level of the device, it will remain secure from malicious or accidental tampering. We mitigated the need for constant patching of the operating system and effectively increased the level of security. As a result, reducing overall downtime and maintenance costs.

We were surprised to find that most of the manufacturers we spoke to were unaware of this option for securing their legacy medical devices, and that was their primary reason for focusing on the newer tech.

Now that you are aware that there is a cost-effective option for providing maximum security for your medical devices, are you ready to take the next step?

 

Get my customized solution for highly secure medical devices