Healthcare IoT Security 101

Sensitive Patient Information: Healthcare organizations store a vast amount of sensitive patient information, including personal identification details, medical histories, and financial data. This information is highly valuable to cybercriminals, making healthcare providers prime targets for data breaches.

Continuity of Operations: Cybersecurity incidents, such as ransomware attacks, can disrupt normal operations. This is particularly concerning in healthcare, where interruptions in service can impact patient care and the ability to respond effectively to emergencies.

Legal and Regulatory Compliance: Healthcare providers are subject to strict regulations and legal requirements regarding patient data protection. For example, in the United States, the Health Insurance Portability and Accountability Act (HIPAA) sets standards for the security and privacy of protected health information (PHI). Failure to comply with these regulations can result in severe penalties and legal consequences.

Patient Safety and Care: Cybersecurity breaches can have direct implications for patient safety and care. If attackers gain unauthorized access to medical records or alter patient information, it can lead to misdiagnosis, incorrect treatment, or other critical errors in healthcare delivery.

Ransomware Threats: The healthcare industry has been increasingly targeted by ransomware attacks, where cybercriminals encrypt the organization's data and demand a ransom for its release. These attacks can disrupt operations, compromise patient care, and result in financial losses.

Limited IT Resources: Many healthcare organizations have limited resources dedicated to IT and cybersecurity. This makes institutions more vulnerable to attacks, as they may lack the expertise, manpower, latest security measures, and means to keep up with evolving healthcare cyber threats.

Financial Consequences: Cybersecurity incidents can have significant financial implications for healthcare providers. The costs associated with investigating and mitigating a breach, as well as potential legal fees and fines, can be substantial. Additionally, the loss of trust from patients and the community can impact an organization's reputation and bottom line.

Interconnected Systems: Modern healthcare relies heavily on interconnected information systems and electronic health records (EHRs). While these systems offer efficiency and improved patient care, they also create more opportunities for cyber threats. A breach in one part of the system can potentially compromise the entire network.

Healthcare IoT and IoMT Visibility, Usage, and Security Gaps: Healthcare provider organizations face increased healthcare IoT and connected medical device growth. Numerous enterprise, healthcare, and medical IoT devices are unaccounted for and at risk. This expands the institution's attack surface, which presents considerable cybersecurity and compliance risks that impacts healthcare availability and operational integrity. It also diminishes resource allocation, optimization, and savings.

Healthcare cybersecurity refers to the practice of protecting healthcare systems, networks, and sensitive patient data from unauthorized access, cyberattacks, and data breaches. With the increasing digitization of healthcare information and the adoption of electronic health records (EHR), healthcare organizations have become more vulnerable to cyber threats. Elements of healthcare cybersecurity include IoT security, EHR security, network security, medical device security, access control, encryption, network segmentation, incident response planning, training and awareness, regulatory compliance, and continuous monitoring and auditing.

It’s useful to approach medical device cybersecurity as a five-stage process in which each stage builds on the previous stage to provide a more assured and comprehensive security posture - moving from reactive to proactive defense.

Step 1: Visibility
Visibility involves understanding the attack surface, identifying assets, and assessing vulnerabilities.

Example Activities:

• Network Discovery: Identify connected devices, servers, and medical equipment.
• Asset Inventory: Maintain an updated list of hardware and software assets.
• Data Mapping: Understand the flow of patient data across systems.
• Vulnerability Assessment: Regularly scan devices for vulnerabilities.

Example Workflow:

1. Identify Devices: Identify and document all devices connected to the network.
2. Maintain Inventory: Keep an updated inventory of assets and their configurations.
3. Analyze Data Flow: Understand how patient data moves within the organization.
4. Scan for Vulnerabilities: Use Cylera's passive scanning to identify potential vulnerabilities.

Step 2: Monitoring
Monitoring involves actively observing network and device behavior for anomalies.

Example Activities:

• Real-time Monitoring: Monitor network traffic and device behavior.
• Anomaly Detection: Identify abnormal patterns using AI-driven algorithms.
• Incident Logging: Log and categorize security incidents.
• Compliance Monitoring: Ensure compliance with industry regulations.

Example Workflow:

1. Monitor Network: Actively observe network traffic and system behavior.
2. Identify Anomalies: Look for unexpected patterns or behaviors in network activities.
3. Log Incidents: Document and categorize any security incidents.
4. Verify Compliance: Regularly check and ensure compliance with healthcare regulations.

Step 3: Threat Response
Threat Response involves customer-led actions to contain and investigate security incidents.

Example Activities:

• Incident Triage: Prioritize incidents based on severity.
• Containment: Isolate affected systems to prevent further damage.
• Forensic Analysis: Investigate the incident to understand its origin.
• Communication: Notify stakeholders if necessary.

Example Workflow:

1. Prioritize Incidents: Assess the severity of incidents and prioritize response efforts.
2.  Isolate Systems: Take affected systems offline or isolate them from the network.
3. Investigate Incidents: Use Cylera's insights to investigate the incident thoroughly.
4. Notify Stakeholders: Inform relevant parties about the incident and its impact if required.

Step 4: Risk Mitigation
Risk Mitigation involves proactively implementing measures to reduce vulnerabilities and enhance security.

Example Activities:

• Patch Management: Apply security patches promptly.
• Access Control: Implement strong authentication and limit access privileges.
• Security Training: Educate staff about cybersecurity best practices.
• Encryption: Encrypt sensitive patient data at rest and in transit.

Example Workflow:

1. Apply Patches: Regularly update systems with the latest security patches.
2. Strengthen Access Control: Implement multi-factor authentication and role-based access controls.
3. Educate Staff: Conduct training sessions to raise awareness about cybersecurity threats.
4. Implement Encryption: Ensure data encryption for patient information both at rest and during transmission.

Step 5: Continuous Immunity
Continuous Immunity involves ongoing efforts to adapt and improve security measures.

Example Activities:

• Threat Intelligence: Stay updated with the latest threat intelligence.
• Security Audits: Conduct regular security audits and penetration testing.
• Incident Drills: Simulate cybersecurity incidents to test response procedures.
• Policy Updates: Continuously update security policies based on lessons learned.

Example Workflow:

1. Stay Informed: Stay updated with the latest cybersecurity threats and trends.
2. Regular Audits: Conduct periodic security audits to assess the effectiveness of existing controls.
3. Drill Scenarios: Perform simulated incident response drills to assess preparedness.
4. Update Policies: Regularly review and update security policies and procedures based on audit findings and drills.

Healthcare IoT, also known as the Internet of Medical Things (IoMT), encompasses the full range of connected healthcare infrastructure and medical devices, enterprise hardware, and software applications designed for linking healthcare information technology. Healthcare IoT devices are commonly used for patient diagnostics, monitoring, and care – a material component of on-going healthcare modernization initiatives.

Internet of Medical Things (IoMT) or connected medical devices refers to medical equipment equipped with the ability to connect to other devices, networks, or systems, typically through the Internet. This connectivity enables them to collect, exchange, and analyze data, providing healthcare professionals with real-time information, supporting patient care, and facilitating patient monitoring.

Securing healthcare Internet of Things (IoT) devices is crucial to protect sensitive patient data and ensure the integrity of medical systems. Here are some strategies an organization can adopt to enhance the security of healthcare IoT devices:

Discover, Inventory, and Track IoT and IoMT Devices: Enabling continuous healthcare IoT and IoMT discovery, asset inventory, and continuous tracking is a key part of any healthcare security program.

Secure Communication: Implementation of strong encryption protocols for data in transit between IoT devices and other components of the healthcare system. This ensures that the data exchanged is secure and not susceptible to eavesdropping.

Authentication and Authorization: Enforcement of robust authentication mechanisms to ensure that only authorized personnel can access and control IoT devices.

Regular Software Updates and Patching: Keeping IoT device firmware and software up to date to address vulnerabilities.

Vendor Security Assessment: Prior to integrating any IoT devices into the healthcare infrastructure, conduct thorough security assessments of the devices. Assess the security measures implemented by the vendors and ensure they meet the organization's standards.

Device Lifecycle Management: Implementation of a comprehensive lifecycle management program that includes secure onboarding, monitoring, and decommissioning of IoT devices.

Network Segmentation: Segregating IoT devices into separate network segments to minimize the impact of a security breach. This helps contain potential threats and prevents lateral movement within the network.

Physical Security: Ensuring physical security for IoT devices by limiting access to authorized personnel and monitoring physical access points to prevent tampering or theft of devices.

Data Encryption: Encryption of sensitive data stored on IoT devices to protect it from unauthorized access in case the device is compromised.

Continuous Monitoring: Implementation of real-time monitoring solutions to detect abnormal behavior or security incidents promptly. Anomaly detection systems can help identify potential security threats and trigger timely responses.

Incident Response Plan: The development and regular updating of an incident response plan specific to IoT devices outlining the steps to be taken in the event of a security incident.

Regulatory Compliance: Ensuring that the organization complies with relevant healthcare regulations and standards and understanding the specific requirements for securing healthcare data and IoT devices in each jurisdiction.

User Training and Awareness: The education of healthcare staff on the risks associated with IoT devices and provide training on security best practices.

Examples of IoMT or connected medical devices include:

• Patient Monitoring Devices: Devices for monitoring patients’ vital signs and conditions such as diabetes, hypertension, or cardiac issues.
• Devices that Support Medical Procedures and Patient Care: These include smart beds, ventilators, infusion pumps, anesthesia machines, blood gas instruments, and surgical systems.
• Implantable Devices: Some medical implants, such as pacemakers or insulin pumps, can be connected to networks for monitoring and adjustment.
• Imaging Devices: Modern imaging devices, such as MRI or CT scanners, often have connectivity features for transmitting images and data to other systems.
• Medical Diagnostic Devices: Modern diagnostic devices, such as MRI or CT scanners, often have connectivity features for transmitting images and data to other systems.

Governments, device manufacturers, and Healthcare Delivery Organizations (HDO) have been progressing medical device cyber risk mitigation efforts.

Device manufacturers are improving their own product lifecycle management and security programs with mandates from the FDA to increase transparency in the form of better responding to detected vulnerabilities and threats, as well as maintaining Manufacturer Disclosure Statement for Medical Device Security (MDs2) forms, which communicate device details about the device security and privacy features.

Post-deployment, HDOs are ultimately responsible for patient safety as HDOs coordinate their response to security issues working with medical device manufacturers.

Healthcare providers, through their security teams and, for some, extended to their biomed staff, are responsible for the devices and data on the healthcare provider’s network.

Many security organizations have matured their security programs (and improved their security posture) by applying frameworks such as NIST, CSF, and HITRUST CSF to manage risk, support compliance, and adhere to best practices.

In March of 2023, the FDA invoked FDA rule changes for the acceptance of new medical devices – a major step in the right direction toward improving the security of medical devices. Manufacturers of medical devices are now held to a much higher standard of security regarding the design, manufacture, and support of the devices they produce and sell or lease to providers. This includes the broader sharing of security information, including a Software Bill of Materials (SBoM) of the components within each device and the testing and disclosure of any known vulnerabilities. Manufacturers now have a legal duty of care to support the devices they produce. This change goes into effect on Oct 1, 2023, and sets a new standard of acceptance by the FDA. Devices submitted that do not adequately demonstrate adherence to the new requirements will likely be refused acceptance and will not be cleared for use.

The unique healthcare requirements of managing medical devices have challenged the security team’s ability to apply best practices, forcing them to take a more passive stance – solely relying on North-South security (essentially security monitoring of traffic leaving or entering the network) or some network segmentation. Deep Packet Inspection (DPI) technology allows for broader behavior monitoring of all communications going to or from healthcare IoT devices to identify anomalies and indicators of compromise (IOC).

While healthcare operations teams do investigate vendor reputation, read industry research, and request security assessments of manufacturers prior to procurement, once medical devices are connected to the network, the above security challenges and issues persist.

In late 2022, the federal Food, Drug, and Cosmetic Act was amended to include section 524B, Ensuring Cybersecurity of Devices. The new regulation, which went into effect in October 2023, requires medical device manufacturers to - demonstrate that their devices meet cybersecurity standards by submitting a plan to monitor, identify, and address vulnerabilities and potential exploits; adopt processes to assure the security of devices; and provide a software bill of materials that includes all the software components related to each device. The regulation applies only to new devices submitted for FDA approval.

At the state level, New York is implementing new regulations for hospital cybersecurity programs. Expected to go into effect in 2025, the new regulations will require each hospital in the state to conduct an annual risk assessment and establish a comprehensive cybersecurity program.

Thousands of unknown, unmanaged, and at-risk connected medical devices are on healthcare provider networks – devices that must be available and are often connected to patients. These new and legacy medical IoT devices, many brought online without proper due diligence or security maintenance, have vulnerabilities that can and have been exploited. While institutions gain tremendous value by adding more IoMT devices, the unintended consequence is an ever-increasing attack surface and significant exposure to cyberattack, availability, data privacy, and compliance risks.

Data protection and privacy regulations, such as the California Consumer Privacy Act (CCPA), the Health Insurance Portability and Accountability Act (HIPAA) in the United States, the UK Data Protection Act (DPA), and the General Data Protection Regulation (GDPR) in Europe all place stringent requirements on healthcare providers to safeguard the protected health information (PHI) of patients. Unsecured medical devices provide an opportunity for malicious actors to gain access to the healthcare organization’s network and illegally access patients’ PHI.

The Internet of Things (IoT) is a broad concept that refers to the network of interconnected devices and objects that can communicate and exchange data with each other over the Internet. These devices can include everyday objects such as home appliances, wearable devices, industrial machines, and more. Healthcare IoT, on the other hand, is a specific application of IoT technology in the healthcare industry. It involves the use of connected devices and sensors to collect and exchange health-related data, with the goal of improving patient care, monitoring, and overall healthcare management. Unlike most IoT devices, healthcare IoT devices face greater security and privacy challenges because they must adhere to healthcare data privacy laws, such as the Health Insurance Portability and Accountability Act (HIPAA), and healthcare organizations are particularly vulnerable to ransomware attacks.

While IoMT serves to modernize healthcare delivery, including improving patient outcomes and streamlining processes, it also introduces security risks that can impact healthcare providers.

By the numbers in 2023:

• U.S. healthcare reported 463 cyber breaches affecting more than 83M+ citizens
• $10M is the average end-to-end cost of recovering from a healthcare data breach in 2023
• 43% of healthcare organizations experienced downtime due to cyber attack
• 42% of healthcare organizations experience data leakage due to cyber attack
• 45% of healthcare organizations impacted patient care due to cyber attack

Here are some ways in which IoMT security risks can affect healthcare providers:

Data Breaches and Patient Privacy: IoMT devices generate and transmit sensitive patient data. If these devices are not properly secured, there is a risk of unauthorized access and data breaches. This can lead to the exposure of patients' personal health information, violating privacy laws and eroding patient trust.

Resource Constraints: Healthcare organizations may face resource constraints in terms of budget, personnel, and expertise to implement and maintain robust cybersecurity measures. This can leave them vulnerable to cyber threats, especially as the complexity of the IoMT ecosystem continues to grow.

Medical Device Vulnerabilities: Many IoMT devices, such as connected medical implants, wearables, and infusion pumps, can be vulnerable to cyberattacks. If these devices are compromised, it can have serious implications for patient safety. For example, attackers could manipulate drug infusion rates or disrupt the functionality of critical medical equipment.

Network Security Concerns: IoMT devices are often connected to hospital networks. If these networks are not adequately secured, they can become entry points for attackers to infiltrate the broader healthcare system. This can lead to the compromise of electronic health records, medical imaging systems, and other critical infrastructure.

Ransomware Attacks: Hospitals and healthcare providers are attractive targets for ransomware attacks. If IoMT devices are connected to the same network as other critical systems, a successful ransomware attack could lead to the disruption of medical services, affecting patient care and potentially putting lives at risk.

Lack of Standardization and Regulation: The rapid proliferation of IoMT devices has led to a lack of standardization in terms of security protocols. Additionally, the regulatory landscape for IoMT security is still evolving. This can create challenges for healthcare providers in ensuring that the devices they use meet adequate security standards.

Legacy Systems and Compatibility Issues: Healthcare environments often rely on legacy systems that may not have been designed with modern cybersecurity considerations. Integrating new IoMT devices with these legacy systems can create compatibility issues and increase the risk of security vulnerabilities.

Security risks can negatively affect patients in several ways. Insecure devices may be taken out of service, reducing the number of devices available to treat or monitor patients and putting some at risk. A device compromised by malware may malfunction. Ransomware attacks can disable servers, crippling hospital operations and forcing acute patients to be rerouted to other institutions, putting their health in further jeopardy. One recent study showed that, among healthcare organizations that reported cyberattacks, 70% experienced longer hospital stays and delayed tests and procedures, 36% had increased complications from procedures, and 22% saw increased death rates. Another 2023 study showed that:

• U.S. healthcare reported 463 cyber breaches affecting more than 83M+ citizens
• 45% of healthcare organizations impacted patient care due to cyber attack

Healthcare organizations are required to comply with a wide array of governmental and industry regulations. These regulations require healthcare organizations to demonstrate compliance by maintaining accurate records, producing reports, and submitting to regular auditing. Due to the proliferation of connected medical devices and resource constraints, many healthcare organizations are challenged to maintain detailed and accurate records on the thousands of connected medical devices that connect to their networks. Maintaining these records, which are necessary to demonstrate compliance and audit-readiness, is time-consuming and labor-intensive.

Several common security frameworks are applicable to IoMT to ensure the confidentiality, integrity, and availability of healthcare data. Here are some ways IoMT security aligns with common security frameworks:

National Institute of Standards and Technology (NIST) Cybersecurity Framework: IoMT security supports the NIST framework's core functions: Identify, Protect, Detect, Respond, and Recover, to enhance overall cybersecurity posture.

ISO/IEC 27001: IoMT security aligns with the ISO/IEC 27001 standard, which provides a systematic approach to managing sensitive information. This standard emphasizes risk management, continuous improvement, and the implementation of security controls, all of which are relevant to IoMT security.

CIS 18: Formerly the SANS Critical Security Controls (SANS Top 20), the CIS Critical Security Controls (CIS Controls) is a popular, widely used, pragmatic framework that includes inventory and control of assets, data protection, secure configuration, continuous vulnerability management, audit log management, network monitoring and defense, and malware defense. IoMT security platforms support these CIS controls.

Health Information Trust Alliance (HITRUST): IoMT security measures can be mapped to HITRUST controls to ensure a holistic approach to healthcare information security.

Common Security Framework (CSF) by the Center for Internet Security (CIS): IoMT security can leverage the CIS CSF to identify and implement security controls relevant to medical devices and healthcare systems.

European Union Agency for Cybersecurity (ENISA) Guidelines: IoMT deployments in Europe may need to adhere to ENISA guidelines, which provide recommendations for securing personal data and critical information infrastructure. IoMT security measures can align with ENISA guidelines to address specific regional requirements.

IoMT security solutions support many of the common compliance specifications that protect confidential patient data by:

• Reducing the attack surface to help prevent cyberattacks that capture patient data
• Inventory of hardware and software assets
• Continuous vulnerability management
• Identifying at-risk and compromised connected medical devices
• Risk assessment and prioritization
• Enabling IT, security, and BioMed personnel to efficiently resolve exposures and threats
• Facilitating network segmentation to reduce threat propagation
• Providing evidence that aligns with secure operations and risk management

These capabilities support the following compliance mandates:

• Health Insurance Portability and Accountability Act (HIPAA)
• General Data Protection Regulation (GDPR)
• Data Protection Act (DPA)
• California Consumer Privacy Act (CCPA)
• Health Information Technology for Economic and Clinical Health (HITECH) Act
• NHS Data Security Protection Toolkit (DSPT)The Joint Commission (TJC) Standards
• National Institute for Standards and Technology (NIST) Guidelines

The NIST Cybersecurity Framework provides an effective, technology-neutral security model based on global standards and best practices. IoMT security supports each of the five elements of the NIST framework:

• Identify: IoMT security supports the identification of assets, the implementation of asset management policies, the identification of asset vulnerabilities and security threats, and the implementation of risk management strategies.
• Protect: IoMT security helps protect against cyberattacks by continuous monitoring and the support of device-specific security policies that reduce the attack surface.
• Detect: IoMT security supports detection through continuous monitoring of network traffic, the identification of malicious activity, performing vulnerability scans, and communicating event detection information.
• Respond: IoMT security leads the response effort by containing and mitigating incidents, determining their impact, prioritizing threats, and
• Recover: IoMT security aids recovery by locating devices impacted by a cyber event so that they can be updated as needed and moving quarantined devices back to the normal network environment after remediation work has been completed.

There are several ways in which IoMT security can support HIPAA and HITECH compliance:

Data Encryption: IoMT devices should implement strong encryption protocols to secure the transmission of sensitive health information. This aligns with HIPAA's Security Rule, which requires the protection of electronic protected health information (ePHI) during transmission.

Access Controls: Implementing robust access controls ensures that only authorized personnel can access and modify patient data. This is a fundamental requirement under the HIPAA Security Rule.

Authentication and Authorization: IoMT devices and systems should employ strong authentication mechanisms to verify the identity of users.

Audit Trails: IoMT security solutions should maintain comprehensive audit trails, documenting access to patient data and system activities. This supports compliance with the HITECH Act, which mandates the implementation of audit controls for electronic health records (EHRs).

Device Security: Securing IoMT devices themselves is essential. This includes implementing device-level security features, regular software updates, and vulnerability management.

Risk Assessment and Management: Conducting regular risk assessments is a requirement under HIPAA. Organizations using IoMT devices should identify and address potential security risks to ePHI. This includes assessing vulnerabilities in the IoMT ecosystem and implementing measures to mitigate these risks.

Incident Response: Having a robust incident response plan is crucial for both HIPAA and HITECH compliance. IoMT security can help organizations be prepared to detect and respond promptly to security incidents. This includes notifying affected parties and reporting breaches as required by law.

IoMT security supports the privacy requirements of the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) in the following ways:

Data Encryption: IoMT devices should employ robust encryption mechanisms to protect data during transmission and storage. This helps meet GDPR and CCPA requirements for safeguarding sensitive information.

Access Controls: Implementing strict access controls ensures that only authorized personnel can access and manage health data. This aligns with the GDPR's principles of data protection by design and default.

Authentication and Authorization: Strong authentication methods, such as two-factor authentication, enhance security by ensuring that only authorized individuals can access and modify patient data. Authorization mechanisms control what actions users are allowed to perform.

Data Minimization: Following the principle of data minimization outlined in privacy regulations, IoMT systems should only collect and store the necessary patient information. Unnecessary data should be avoided to reduce the risk of unauthorized access.

Auditing and Logging: IoMT systems should maintain detailed logs of data access and modifications. This is essential for compliance with GDPR's accountability principle, which requires organizations to demonstrate their compliance efforts.

Consent Management: Implement mechanisms to manage and track patient consent for data processing. This is particularly important under GDPR, where explicit consent is often required for processing sensitive health data.

Data Portability: IoMT systems should facilitate the easy transfer of patient data, as mandated by GDPR's data portability requirement. Patients should have the ability to access and move their health data to other healthcare providers.

Incident Response and Reporting: Establishing a robust incident response plan helps organizations comply with GDPR's requirement to report data breaches within a specified timeframe. Prompt reporting of incidents is also crucial for CCPA compliance.

Cybersecurity asset management (CSAM) is a crucial component of an organization's overall cybersecurity strategy. It involves identifying, classifying, and managing all the assets within an organization's IT infrastructure to ensure a comprehensive understanding of the digital environment. Assets in this context refer to any technology-related component that plays a role in the organization's information processing, storage, or communication. Key aspects of cybersecurity asset management include: Inventory and Discovery, Classification and Categorization, Risk Assessment, Lifecycle Management, Configuration Management, Patch Management, Monitoring and Incident Response, and Compliance.

Medical device security involves the implementation of tools and practices to thwart unauthorized access or control of medical devices and the data they produce. The security needs of medical devices are greater than other IoT devices due to the highly sensitive nature of information generated or stored by medical devices, which pose an elevated risk to patients and healthcare organizations.

Healthcare IoT asset intelligence refers to capabilities that capture the complete spectrum of information about connected medical devices, including device specifications (make, model, OS, vendor, network services, SBoM attributes), location, security posture, relationships, in-use status, usage data, telemetry, network segmentation status, network traffic, compliance audit-readiness, and more. The more intelligence an organization has about its IoT assets, the better it can utilize and protect them.

An effective healthcare IoT security solution should be able to capture the device specifications (make, model, OS, vendor, network services, SBoM attributes), location, security posture, relationships, in-use status, usage data, telemetry, network segmentation status, network traffic, compliance audit-readiness, and more.

ITAM and CCM systems are designed to handle traditional IT assets such as computers, servers, and networking equipment. However, they may face challenges in capturing details related to IoMT for several reasons:

Diverse and Specialized Devices: IoMT devices vary widely and are often specialized for healthcare purposes, such as medical sensors, infusion pumps, or wearables. Conventional ITAM tools may not have built-in support for these diverse and specialized devices, making it challenging to capture and manage their details.

Unique Data Formats and Protocols: IoMT devices often use unique data formats and communication protocols specific to the healthcare industry. ITAM tools may not be equipped to understand and interpret these specialized data formats.

Agent vs Passive Agentless Monitoring: IoMT devices have manufacturer, operational, and regulated restrictions on what software can be loaded and running on the device – which often precludes the use of agent-based monitoring technology. Additionally, these devices are sensitive to network probing and vulnerability scanning which can affect their operation and impact patience care. Advanced, passive agentless monitoring is among the preferred method and best practice for IoT device security.

Unique Vulnerability and Remediation: IoMT devices often have unique vulnerability issues and remediation requisites that conventional vulnerability and ITAM tools may not be equipped to understand or provide.

Lifecycle Management Challenges: IoMT devices have different lifecycle management requirements compared to traditional IT assets. Tracking the lifecycle of medical devices, including maintenance schedules, software updates, and calibration, may require specialized features that are not present in conventional ITAM tools.

Real-time Monitoring and Alerts: Many IoMT devices require real-time monitoring and immediate response to critical events. Conventional ITAM and CCM tools may lack the necessary capabilities for real-time monitoring and alerting specific to healthcare scenarios.

Healthcare IoT security solutions can capture a wide range of vulnerability information, including:

Device vulnerabilities: Identification of outdated firmware or software versions; known vulnerabilities in the device's operating system or third-party software; and insecure default settings or configurations.

Network vulnerabilities: Weaknesses in network protocols and communication channels; misconfigurations in network devices such as routers and switches; unauthorized access points or insecure wireless networks.

Data security vulnerabilities: Inadequate encryption mechanisms for data in transit and at rest; weak authentication mechanisms or easily guessable passwords; lack of proper access controls and authorization mechanisms.

Physical security vulnerabilities: Unauthorized physical access to IoT devices; lack of tamper-evident features or protections; inadequate safeguards against device theft or destruction.

Supply chain vulnerabilities: Risks associated with compromised devices entering the supply chain; lack of secure update mechanisms for devices.

Software vulnerabilities: Identification of vulnerabilities in the software running on healthcare IoT devices; known security flaws or weaknesses in custom applications or firmware.

Configuration vulnerabilities: Incorrect or insecure configurations that could expose the system to risks; failure to follow security best practices in configuring devices and systems.

Patch management vulnerabilities: Identification of devices that are missing critical security patches; ineffective or non-existent patch management processes.

Compliance and policy violations: Detection of deviations from regulatory requirements and internal security policies; non-compliance with industry standards and guidelines.

Behavioral anomalies: Detection of abnormal or suspicious behavior that may indicate a security threat; anomalies in data transmission patterns or device interactions.

Some common healthcare IoT and IoMT device vulnerabilities include:

Inadequate authentication: Many IoMT devices do not require authentication for use, while others require only passwords and not strong authentication. This makes them vulnerable to unauthorized access.

External device access: Many medical devices are designed to be accessed by computers or other devices. A malicious actor may use an external device to gain access to the IoMT device.

Software update issues: Delayed software patches are a common vulnerability. A cybercriminal can discover weaknesses in an IoMT device’s software and exploit them before a new security patch has been installed.

Unsecured network access: When an unsecured IoMT device is on the same network as the rest of the organization’s infrastructure, it makes both the device and the rest of the network vulnerable to attack.

Inadequate device tracking: IoMT devices can be lost or stolen. If they fall into the hands of malicious actors, they can be used as entry points into the IT infrastructure.

Among the reasons for healthcare IoT and IoMT device vulnerabilities:

• Rapid Growth and Adoption: The IoT industry has experienced rapid growth and widespread adoption, and many devices are being brought to market quickly to meet demand. This fast-paced development can lead to oversights in security.
• Diversity of Devices and Manufacturers: IoT encompasses a wide range of devices from different manufacturers, each with its own specifications, operating systems, and security measures. This diversity makes it challenging to establish universal security standards and increases the likelihood of vulnerabilities.
• Limited Resources: Many IoT devices are designed with limited resources such as processing power, memory, and storage. This can make it difficult to implement robust security measures without compromising the device's primary functions.
• Lack of Security by Design: In some cases, security is not prioritized during the design and development phases of IoT devices. Manufacturers may focus more on functionality and cost, neglecting crucial security considerations.
• Insecure Communication Protocols: Some IoT devices use insecure communication protocols, making it easier for attackers to intercept and manipulate data. Weak encryption or no encryption at all can expose sensitive information.
• Poor Update Mechanisms: Many IoT devices lack effective mechanisms for updating their software and firmware. Even if security vulnerabilities are identified, users may be unable or unwilling to update their devices, leaving them exposed to potential exploits.
• Default Credentials: Manufacturers often ship IoT devices with default usernames and passwords, and users may not change them. This makes it easier for attackers to gain unauthorized access to the devices.
• Physical Security Challenges: Some IoT devices are deployed in physically insecure environments, making it easier for attackers to physically tamper with the devices.
• Legacy Systems: Older IoT devices may still be in use, and these devices may not receive security updates or may be more susceptible to known vulnerabilities.
• Lack of Regulation and Standards: The IoT industry lacks comprehensive and enforceable security standards and regulations. Without clear guidelines, manufacturers may not feel compelled to invest in robust security measures.

Addressing these challenges requires collaboration among manufacturers, policymakers, and cybersecurity experts to establish and enforce security standards, improve device design practices, and enhance user awareness about the importance of securing IoT devices.

Patching an IoMT device involves applying updates or patches to the device's software or firmware to address vulnerabilities, improve functionality, and enhance security. Here's a general guide on how to patch an IoMT device:

• Understand the device: Identify the specific IoMT device and understand the manufacturer's guidelines and recommendations for patching.
• Check for updates: Regularly check the manufacturer's website for updates, patches, or firmware releases and subscribe to notifications from the manufacturer.
• Backup Data: Before applying any patches, back up critical data stored on the IoMT device and ensure a recovery plan is in place.
• Read release notes: Review the release notes accompanying the patch to understand the changes, improvements, and any potential issues, and identify if the patch addresses specific security vulnerabilities.
• Follow manufacturer's Instructions: Some devices may have specific procedures or requirements for patching.
• Network security: Ensure that the IoMT device is on a secure network during the patching process; use secure and trusted networks to download patches.
• Authentication and authorization: Ensure necessary authentication and authorization to apply patches and use strong, unique passwords for accessing the IoMT device.
• Apply the patch: Follow the provided instructions to apply the patch via a computer, a dedicated patching tool, or following an over-the-air (OTA) update process.
• Verify successful patching: Confirm that the update was successful, the IoMT device is functioning correctly, any reported vulnerabilities have been addressed.
• Monitor for Issues: Check the device's performance post-patching and monitor for any unexpected issues or changes in functionality.
• Document the patching process: Maintain records of the patching process, including dates, version numbers, and any issues encountered.
• Establish a routine for regularly checking and applying updates.
• Automate the update process where possible to ensure timely patching.

An Indication of Compromise (IoC) in the context of IoT refers to evidence or signs that a security incident involving an IoT device may have occurred. IoCs indicate that an IoT device may have been compromised by unauthorized access, malware, or some other security threat. Identifying IoCs is crucial for detecting and responding to security incidents promptly.

Healthcare IoT security solutions capture IoCs such as - unusual network traffic, unexpected device behavior, abnormal resource usage, unauthorized access or login attempts, changes in configuration, security alerts from other solutions, exploitation of known vulnerabilities, and unexpected communication protocols.

The most common healthcare IoT and connected medical device (IoMT) security risks are:

• Data breaches
• Unauthorized access
• Privacy issues related to patient confidentiality
• Data integrity concerns due to data tampering
• Interoperability challenges resulting from a lack of standards
• Device vulnerabilities resulting from a lack of updates and patches
• Network security due to vulnerabilities in Wi-Fi networks, Bluetooth connections, and other communication channels.
• Device theft or tampering
• Lack of staff training

Zero Trust is a security concept that assumes no trust by default, even for entities inside the network perimeter. In a traditional security model, once an entity is inside the network, it is often assumed to be trustworthy, and security measures focus on defending the perimeter. However, with the increasing sophistication of cyber threats and the growing number of insider threats, the Zero Trust model advocates for a more rigorous approach to network security. This serves to limit unauthorized access and communications, reduce the propagation of threats, and limit the extent of movement and breach impact of threat actors. Key principles of Zero Trust network security include: identity verification, least privilege access, continuous monitoring, multi-factor authentication, dynamic access policies, encryption, and network/micro-segmentation.

Zero Trust in the context of IoT security is primarily a process to establish and enforce a policy of segregating healthcare IoT and connected medical devices within a healthcare provider’s networks. The segregation policy is usually a combination of attributes such as location, department, and device type. Not all segregation technology, such as Firewalls, Network Access Control (NAC), and microsegmentation tools, can discover IoMT devices in real-time, properly classify the IoMT device, or capture enough specialized information about the device to properly invoke IoMT segmentation. Healthcare IoT security solutions overcome these issues and work with segregation technologies to enable Zero Trust.

Implementing effective network segmentation of IoT and IoMT devices in healthcare infrastructure requires:

• Risk assessment to identify potential vulnerabilities and threats
• Data classification based on sensitivity and importance
• Compliance with healthcare-specific regulations such as HIPAA
• A network architecture that supports segmentation via zones
• Ability to capture detailed attributes of IoT and IoMT devices to support access policies.
• Segmentation policies and tools that restrict communication between different network segments
• Access controls and Authentication mechanisms.
• Behavior monitoring systems to monitor network traffic and detect any unauthorized or suspicious activities and set up alerts and responses to potential security incidents
• Encryption mechanism to protect unauthorized data access

For security, operational, compliance, and inventory purposes, it’s important to catalog every IoMT device on an organization’s network. Unlike agent-based asset discovery, which requires software to be installed on each device – typically not permitted on connected medical devices, agentless asset discovery handles the discovery, categorization, and inventory process using Deep Packet Inspection (DPI). DPI is the preferred method and best practice to continuously, and in real0time inspect communications to each healthcare IoT and IoMT device as well as communications emanating from each device.

Agent-based asset discovery can provide more detailed information about a device, but it requires more time and effort to deploy and maintain, as the agent software must be installed and updated on each device. In many cases, there are manufacturing, regulatory and operational limitations that will not allow an agent to be running on a IoT and IoMT device. In addition, older devices may not support an agent because of operating system incompatibilities. Agentless discovery can collect device information and metrics without the need to be deployed on each device, saving time and resources, and agentless discovery can capture information from unknown and older legacy devices, which agent-based solutions may not.

Agentless, passive discovery is advantageous to healthcare organizations for several reasons. First, it requires fewer resources to deploy and maintain, which can be helpful to healthcare organizations without large IT security teams. Additionally, agentless discovery can identify all devices on the network – even those that staff may have lost track of. This supports asset management for operational purposes and ensures that the institution’s attack surface is reduced. In addition, because it is a passive method of discovery, it does not disrupt operations or network traffic – avoiding potential obstruction of patient care delivery.

Deep Packet Inspection (DPI) is a technology used in computer networking and telecommunications to inspect and analyze the content of data packets as they pass through a network. Unlike traditional packet inspection, which examines only the header information of packets, deep packet inspection delves into the actual payload or content of the packets. This enables content analysis, protocol analysis, the detection of malicious activities, policy enforcement, and more.

DPI requires a network tap, a device that provides a way to monitor and capture network traffic in real-time. A network tap operates by physically intercepting and copying the data flowing through network cables without disrupting the network's normal operation. After being inserted into a network segment, it passively monitors the network without introducing any additional traffic or affecting the normal operation of the network. The network tap then copies the data passing through it to one or more monitoring or analysis devices. This allows administrators and security personnel to inspect the network traffic for performance monitoring, security analysis, or other purposes.

DPI systems start by capturing network packets as they traverse the network infrastructure. These packets contain information such as source and destination addresses, header information, and the actual data payload. The captured packets are then parsed to extract relevant information from the packet headers. This includes details like source and destination IP addresses, port numbers, protocol type, and other metadata. DPI then inspects the payload of the packets, examining the actual content of the data being transmitted. This allows DPI systems to identify specific applications, protocols, or even detect patterns indicative of malicious activities. DPI systems also use pattern-matching algorithms and predefined signatures to identify known applications, services, or threats within the payload. DPI can then perform content analysis to understand the context and meaning of the data. Based on the analysis, DPI systems can enforce network policies. This might involve blocking or allowing certain types of traffic, shaping bandwidth for specific applications, or triggering alerts for suspicious activities.

Unlike DPI-based systems that rely on protocol decoder libraries, Cylera’s DPI uses Adaptive Data Type Analysis to extract context from each device based on IoMT traffic sent over known and unknown protocols. The enables immediate and complete IoMT device inventory with more accurately identified devices and more granular classification context per device.

Cylera users benefit from five unique capabilities of Cylera’s platform technology:

Adaptive Data Type Analysis: This patented technology readily extracts context per device from IoMT traffic sent over known and unknown protocols while avoiding the limitations of DPI-based systems that rely on protocol decoder libraries. The result is immediate and complete IoMT device inventory with more accurately identified devices and more granular classification context per device.

Network Traffic Emulation: This patented technology creates identical virtual IoMT devices that can “stand in” for actual devices during active scans and probing. This enables rigorous, safe, and out-of-band IoMT device vulnerability detection.

Smart Threat Prioritization: This technology applies Machine Learning (ML) to correlate multi-source device, IoC, and in-service data to identify and prioritize actual threats with resolution guidance. The benefits are reduced alert fatigue and increased response efficiency with greater triage and remediation insight.

Flexible System Integration: Cylera provides no-code, self-service integration to popular systems such as FW, NAC, SIEM, Vulnerability Management, SOC, Network Management, ITSM, and CMBD/CMMS. This adds value to existing IT and security tool investments by providing real-time IoMT contextual data for asset management, policy-enforcement, incident response, and analytics.

Segmentation Policy Generator: This technology provides precise rule generation, new IoMT device auto-enrollment, and policy monitoring. This reduces the attack surface and threat propagation while simplifying network segregation policy modeling, implementation, and monitoring of IoMT devices.

Cylera’s agentless approach to healthcare IoT asset intelligence and security overcomes technical limitations, as it does not rely on agents, network scanning of devices, and untimely manufacturer updates – nor does the solution sit inline or disrupt patient care.

With Cylera, an institution can apply best practices to keep all devices secure and clinically safe by satisfying the objectives of meeting device security standards at a level similar to traditional security tools, and by making a healthcare organization’s existing security, IT, and healthcare management tools smarter by sharing greater connected medical device context.

To modernize care delivery healthcare service providers are increasing operational connectivity and medical device innovation. This requires thousands of connected medical devices operating on healthcare networks that must be available and protected for patient care.

Unfortunately, institutions lack visibility, inventory, and adequate security management of their IoT devices, from smart beds, ventilators, infusion pumps, anesthesia machines and blood gas instruments to expensive MRI and CAT scanners, 3D imagery machine, and surgical systems.

These unknown, unmanaged, and at-risk connected medical devices have expanded healthcare providers' attack surface and exposed institutions to cyber-attack, data privacy, and compliance risks.

Cylera’s healthcare IoT asset intelligence and security solution provides accurate discovery, categorization, assessment, and monitoring of known and unknown IoMT assets with high fidelity.

Cybersecurity and biomed engineering professionals gain unparalleled asset inventory, usage telemetry, risk prioritization, analytics, and guided threat remediation.

As a result, organizations can advance cybersecurity program maturity, increase operational efficiency, mitigate risk, and enable compliance audit-readiness.

The Cylera IoT intelligence and security platform provides a range of functional benefits:

• It enables organizations to optimize care delivery, service availability and cyber defenses across diverse connected medical device and healthcare infrastructure.
• It discovers, categorizes, assesses and monitors known and unknown IoMT assets with high fidelity.
• It delivers comprehensive asset inventory, telemetry, risk prioritization, analytics, and threat mitigation.
• It provides an efficient, less disruptive means to prevent and resolve healthcare IoT security issues while providing security and biomedical staff with different skill sets the means to remediate security threats more easily.
• It enriches other asset management, CMMS, network, and security systems with connected medical device intelligence that serves to progress compliance audit-readiness and network segmentation policy generation.

These benefits support healthcare organizations in their efforts to:

• Reduce operational and security risk to fortify care delivery.
• Gain comprehensive connected medical device discovery, inventory, and telemetry
• Mitigate threats more easily and efficiently with the least disruption
• Accelerate healthcare cybersecurity program maturity and compliance audit-readiness
• Obtain comprehensive IoMT data to help operations optimize allocation, procurement, and governance.

Cyber Breaches:

• 463 US healthcare organizations reported cyber breaches in 2023, affecting more than 83 million people. U.S. Dept HHS Breach Notification Portal
• 89% of healthcare organizations admitted to at least one cyberattack in a recent 12-month period.
• 70% of healthcare provider security incidents impacted patient care.
• A single cyberattack can cost up to $4.4 million.
• 55% of healthcare organizations have experienced at least one supply chain attack.

Connected Medical Device Security:

• On average, organizations have more than 26,000 network-connected devices.
• 64% of healthcare organizations are concerned with medical device security. 2022 Ponemon Research, Cybersecurity In Healthcare

Healthcare IT Vulnerabilities:

• Healthcare IT vulnerabilities rose nearly 60% in 2023 with a four-fold increase in weaponization of those vulnerabilities year-over-year.

Healthcare IoT Vulnerabilities and Security Issues:

• Class II devices accounted for 30% of all healthcare IoT vulnerabilities. Health-ISAC Aug 2023 Report
• 82% of healthcare organizations are concerned that their IoT devices are targeted.
• 84% of healthcare organizations experienced an IoT device-related attack.
• 43% of healthcare organizations have experienced downtime and 42% have experienced data leakage due to a cyberattack.
• 42% of healthcare organizations cited IoT devices as the source of prominent vulnerabilities.
• Only 52% of IoT device manufacturers offer security updates beyond their device warranty.
• 46% of healthcare organizations cited the need for better cybersecurity expertise. Vanson Bourne. Aug 2019 Protecting the Internet of Medical Things

Compliance Issues:

• 50% of organizations failed at least one audit over the last three years. ESG Research: 2023: State of Data Privacy and Compliance

Vulnerability Detection:

• 49% of organizations identified a need for improvement in IoT/OT vulnerability management.
• Only 24% of organizations are scanning for IoT/OT device issues. Cybersecurity Insiders 2023 Vulnerability Report

Alignment to NIST and Health Industry Cybersecurity Practices (HICP) Standards:

• 42% of healthcare organizations have below average maturity in asset management.
• 50% of healthcare organizations have below average maturity in connected medical device security coverage.
• < 60% configure some medical devices only with known processes and executables. 2023 Klas Research – Healthcare Cybersecurity Benchmarking Study

Skill Shortages:

• 46% of organizations are experiencing a cybersecurity skill shortage and 71% state that the shortage has impacted their operations. 2023 ISSA Cyber Security Professional eBook
• 53% of healthcare organizations lack in-house security expertise.
• 46% of healthcare organizations have insufficient staffing. 2022 Ponemon Research, Cybersecurity In Healthcare

Implementing a healthcare IoT security solution can be justified by considering the following factors:

Patient Safety and Trust: IoT devices are increasingly vital to healthcare delivery and ensuring the security of these devices is crucial to prevent unauthorized access or tampering that could compromise patient well-being.

Regulatory Compliance: Implementing an IoT security solution helps meet compliance requirements, reducing the risk of legal and financial consequences associated with non-compliance.

Risk Mitigation: Investing in IoT security supports risk mitigation. By identifying and addressing potential security vulnerabilities before they can be exploited, the organization can reduce the overall risk of security incidents.

Data Protection: An IoT security solution helps safeguard patient records, ensuring confidentiality, integrity, and availability of healthcare information. The cost of the solution is far less than the financial and reputational costs associated with data breaches, as these incidents can lead to legal liabilities, loss of patient trust, and damage to the organization's reputation.

Operational Efficiency and Reliability: A secure IoT environment contributes to operational efficiency. Uninterrupted access to medical devices and patient data is crucial for providing timely and effective healthcare services.

Long-term Cost Savings: Preventing security incidents and data breaches can save the organization from the financial burdens associated with legal actions, regulatory fines, and the costs of recovering from a security incident.

Insurance Premium Reductions: Some insurance providers offer reduced premiums for organizations that demonstrate a commitment to cybersecurity. Implementing a robust IoT security solution can be seen as a risk reduction measure, potentially leading to lower insurance costs.Advantage: Positioning the healthcare organization as a leader in cybersecurity can provide a competitive advantage. It can be an attractive feature for patients, partners, and stakeholders who prioritize security when choosing healthcare providers.

The DSPT is an online self-assessment tool by which organizations can measure their performance against the National Data Guardian’s 10 data security standards:

1. All staff ensure that personal confidential data is handled, stored and transmitted securely, whether in electronic or paper form. Personal confidential data is only shared for lawful and appropriate purposes.
2. All staff understand their responsibilities under the National Data Guardian's Data Security Standards including their obligation to handle information responsibly and their personal accountability for deliberate or avoidable breaches.
3. All staff complete appropriate annual data security training and pass a mandatory test, provided through the revised Information Governance Toolkit.
4. Personal confidential data is only accessible to staff who need it for their current role and access is removed as soon as it is no longer required. All access data to personal confidential data on IT systems can be attributed to individuals.
5. Processes are reviewed at least annually to identify and improve processes which have caused breaches or near misses, or which force staff to use workarounds which compromise data security.
6. Cyber attacks against services are identified and resisted and CareCERT security advice is responded to. Action is taken immediately following a data breach or a near miss, with a report made to senior management within 12 hours of detection.
7. A continuity plan is in place to respond to threats to data security, including significant data breaches or near misses, and it is tested once a year as a minimum, with a report to senior management.
8. No unsupported operating systems, software or internet browsers are used within the IT estate.
9. A strategy is in place for protecting IT systems from cyber threats which is based on a proven cyber security framework such as Cyber Essentials. This is reviewed at least annually.
10. IT suppliers are held accountable via contracts for protecting the personal confidential data they process and meeting the National Data Guardian's Data Security Standards.

All organizations with access to NHS patient data and systems must use this toolkit to provide assurance that they are practicing good data security and that personal information is handled correctly. The Toolkit servers to helps to protect sensitive data and also protect critical services, patient care, privacy, safety, and business continuity which may all be affected by a disruption to critical IT systems and medical devices (such as in the event of a cyberattack).

When there is a high severity cyberattack alert, NHS England's Data Security Centre (DSC) will inform relevant NHS organizations of the actions they should take. NHS organizations are required to acknowledge and record their response to the alert. An IoMT security solution should make it easy to process all cyber alerts to make it rapid, easy, and efficient for NHS Trusts to manage threats and respond to all alerts.

To provide these capabilities, a healthcare IoT security solution should:

• Support patient information data protection and the integrity of data transmitted between devices and systems. This aligns with DSPT's focus on patient data privacy.
• Identify potential issues with access controls and authentication mechanisms to ensure that only authorized network access to connected medical devices and their data. This aligns with DSPT's focus on controlling access to systems and data.
• Ensure secure communication protocols and facilitate network segmentation to help prevent unauthorized access to critical healthcare systems. This aligns with DSPT's recommendations for securing the infrastructure that supports digital services.
• Deliver robust vulnerability and behaviour monitoring and logging capabilities. This aligns with DSPT's emphasis on continuous monitoring and learning from incidents to improve security practices.
• Ensure that IoMT security measures are integrated with incident response plans, helping healthcare organizations identify and respond to security incidents promptly and consistently. This aligns with DSPT's focus on managing incidents effectively.
• Provide unified IoT asset intelligence to improve collaboration and enable accurate information sharing on IoT and connected medical device inventory, emerging threats, vulnerabilities, and active exposures within their healthcare ecosystem. This aligns with DSPT's focus on collaboration to improve overall system security.

The Cylera platform supports DSPT by:

• Automating the identification and categorization of all known and unknown heal devices on the network.
• Identifying all risks and vulnerabilities on healthcare IoT devices that are relevant to NHS Cyber Alerts.
• Reducing alert noise and prioritizing alert responses based on severity and impact on patient care.
• Easing DSPT compliance reporting with accountability of alert acknowledgment and threat response.

Cylera healthcare IoT security also includes a feature created expressly for DSPT. The Cyber Alert Dashboard was developed directly in response to feature requests by clients seeking real time help for tracking NHS Digital Cyber Alerts, a requirement in the DSPT. A major timesaver for IT teams, this feature assists in keeping all departments coordinated and aware of cyber alert concerns and their status in the workflow. Cylera's cybersecurity and analytics solution is designed to deploy quickly and seamlessly integrate into client networks.

The Cylera Cyber Alert Dashboard supports DSPT by:

• Providing all new and historical NHS Alerts, organized by date and severity
• Highlighting any equipment in the Trust that is affected by the alert(s)
• Providing the ability to toggle between viewing all alerts from the NHS feed or only those relevant to the Trust's estate
• Facilitating the tracking of the resolution workflow, individual device status, and resolution of alerts
• Offering the ability to export status to provide evidence/feedback to NHS or auditors about the organization’s alert response

These capabilities accelerate the organization’s response to NHS Digital Cyber Alerts as required by the DSPT.