Avoiding Medical Device Security MistakesDaniel dos Santos of Forescout Technologies on Best Practices
Many organizations that rely on network segmentation to help secure connected medical devices are making mistakes that put the devices, data and networks at risk, says Daniel dos Santos, research manager at Forescout Technologies.
"When we look closely at network segments, we see that they are not as secure as they should be," he says, describing findings of a recent Forescout Research Labs analysis of healthcare delivery organizations' device security practices.
"What we are finding is that devices with distinct purposes are in the same network segments when they should not be communicating with each other," he says. "We see medical devices and personal devices like smartphones, tablets and smartwatches in the same network segments. We also see a lot of mixture of healthcare and IT devices - so all these devices communicate with each other."
The biggest problem is not designing network segments based on the purpose of the device, he stresses.
Healthcare entities should follow best practices, including those described by the National Institute of Standards and Technology, for proper network segmentation, he says.
In the interview (see audio link below photo) dos Santos also discusses:
- Top security issues involving legacy medical devices and outdated operating systems;
- Additional steps healthcare organizations can take to improve the security of medical devices;
- Other key findings from Forescout's recent connected medical devices research report.
Dos Santos is a research manager leading the vulnerability and threat research team as Forescout Technologies. He holds a Ph.D. in computer science from the University of Trento, Italy, and has published over 30 journal and conference papers on cybersecurity. He has experience in software development, security testing and research.