Medical devices such as CT’s, MRI’s, ultrasounds and infusion pumps are vulnerable to malware, hacking attacks, and as a base for further network attacks. The nature of the FDA medical device approval process means patching and upgrading the software on these devices is difficult and cumbersome and often lags far behind the fast-moving world of internet security threats. And as more and more medical devices become connected to the Internet of Things (IoT), the problem becomes much more challenging.
So how do you protect these expensive devices that have direct interaction with patients and are prime targets for ransomware?
Firewall medical device VLAN’s
Since patching holes in the device’s operating system is often not an option, the next best solution is to stop unauthorized traffic from reaching the device in the first place. This requires placing devices on an isolated VLAN and then controlling access to that VLAN via a firewall. Ideally, you want to place each device on a single VLAN, but this is not always practical. As an alternative, you can place similar devices such as infusion pumps on a dedicated VLAN, and then have one set of access rules for that VLAN. Or you can place a department such as radiology onto a VLAN, and build access control rules for the entire department that better protects the devices on the VLAN. Another good approach is to create am isolated VLAN for each high-risk device such as CT’s and MRI’s, while using a shared VLAN for less expensive devices such as infusion pumps.
Each of these VLAN’s can be terminated at a Fortinet Fortigate firewall, which can then control traffic at wire speeds without impacting data flow. This is especially important to high-volumed data such as medical images. The Fortinet firewall can reside in your core data center and act as the access controller for all medical device VLAN’s, or you can push the firewalls out closer to the edge to reduce traffic back at your network core. Fortigate firewalls can be either dedicated hardware devices with custom ASICS designed for high throughput or they can be virtual devices running under a hypervisor such as VMWare. The design you choose depends on how your network is structured, and you can even have a mix of core firewalls and edge firewalls for medical devices.
Managing medical device security
In a complex medical network, managing all of these firewalls and access control rules can become difficult, cumbersome, and prone to error. For example, if you must edit each rule by hand at each device port, you may update a rule for ultrasounds at one port but forget to update the rule at all the other ports the ultrasound may use. While this was workable in a smaller environment, it was very difficult to scale, very labor-intensive, and prone to error.
Fortinet has made it much easier to manage the large-scale deployment of Fortigate firewalls by offering a product aptly named FortiManager. It is a web-based application that allows you to create device profiles (ultrasound, CT, MRI, HIS, RIS) and apply rules using an easy-to-understand graphical interface. You can set up rule templates that you can use over and over, and devices can link to these templates so that if you make a change to the template – for example, you have a new RIS system on a new IP address – you can make the change to the template one time and it is pushed out to all devices and ports that are based on that template.
The benefits to medical service organizations are many. Now you no longer need advanced, specialized training (Cisco CCNA for example) to implement and understand security in your environment. Since the rules are GUI-based and built around device names and profiles, it is easier to understand how security is implemented. Your Biomed engineers can now participate in your security implementation since they can better understand, see, and provide guidance on medical device security needs.
You can easily create enterprise-wide medical device access control rules in Fortimanager, Fortinet’s GUI-based global management system, and then push those rules out to all of your medical device firewalls regardless of their location. This makes it easy to manage and see the rules for all of our medical devices from a single pane of glass.
Customizing individual rules
Ideally, you will want to create global rules for medical device classes such as ultrasounds or infusion pumps. This makes it easier to manage these devices in a large environment. For example, all ultrasounds may have access to your PACS and RIS systems only.
In specific instances, you may want to apply a template firewall rule yet customize the rule for a particular device or VLAN. For example, you may have mostly Phillips ultrasounds where you create a rule allowing ultrasounds to access your RIS system, your PACS system, your IT management VLAN, and a VPN going to Phillips tech support. However, you may have a single GE ultrasound that needs a different rule to support access by GE tech support. Fortimanager makes managing these rules simple with an easy-to-use and understand GUI interface. While all the ultrasounds can inherit from the global ultrasound template, you can override the specific settings needed for your GE ultrasound.
Threat weight templates
Fortimanager offers a feature called “threat weight templates”. With these templates, you can choose to monitor a set of devices – such as ultrasounds – for a specific type of suspicious behavior – such as web requests in too many pings – and report on those attempts. You can determine the type of activity that is suspicious and the threshold for reporting. For example, you may want to report on any web requests from your CT, but only report on inbound pings if they happen more than 10 per minute. And as you gain knowledge of your network, you can tweak these threat weight templates and the devices assigned to these templates will automatically inherit the changes.
Automating Fortimanager with FortiNAC
You can combine Fortimanager with FortiNAC to automate rule creating and changes. For example, if your GE ultrasound moves from one VLAN to another, when you plug it into the new VLAN, FortiNAC will notice this movement, notify Fortimanager of this change, and adjust the firewall rules to now account for the new address of the GE ultrasound. This can be especially useful with mobile devices such as ultrasounds and infusion pumps.
Fortinet makes managing medical device security much easier in a complex network. You can build global security policies based on device types found by FortiNAC, deploy those to multiple firewalls simultaneously, employ overrides where necessary, and the easy-to-use and understand GUI allows your Biomed engineers to work with your network engineers and security personnel as a team to better develop and monitor your medical device security posture. You can have peace-of-mind knowing your expensive medical devices are safe from attacks and ransomware, and more importantly, that your patients are protected from malicious actors preying on a vulnerable security model.