Cybersecurity Practices for Health Care Organizations~ RJ BLANCHARD BENEFIT SERVICES

Page 93

To conduct such an exercise, it is best for the cybersecurity team to work with the clinical engineering teams and establish a profiled scan template in the vulnerability management software. This template should allow the scan to be executed only against a specific nonproduction network and only by specific individuals. To provide further assurance that the vulnerability scan cannot cause harm to the medical device while it is connected, the scanners’ IP addresses scanners should be blocked as part of the segmentation strategy noted above. When these preparations are complete, the clinical engineering teams can be granted access to the scanning software in a restricted manner that allows the scan to be run only against the network used for preventative maintenance. Vulnerabilities discovered can be shared with the information security office to determine the relative risks. Upon classification of these risks, the teams should contact the device manufacturer and work together to develop and implement a remediation plan. 9.L.B

Security Operations and Incident Response

NIST FRAMEWKORK REF: PR.IP-9, DE.CM-8, DE.CM-1, DE.CM-7

Expanding on the SOC and IR processes found in Cybersecurity Practice #8: Security Operation Center and Incident Response, HDOs can provide better monitoring, detection, and response activities around their medical device ecosystems. Using the segmentation strategy outlined above, HDOs should monitor for malicious activity into and within the segment. To provide visibility into the daily operations of the medical device systems, the following sources should be configured to send logs to the HDO’s log management systems, SIEMs, or both: 

Firewalls providing segmentation to the medical device network segment

Information systems that control the operation of the medical devices

Netflow data from the medical device network segment

Intrusion prevention systems in front of the medical device network segment

Logs from any deception technology deployed in the medical device network segment

Using these logs as a source, plays can be enumerated and added into IR playbooks, as described in Table 13. Table 13. Incident Response Plays for Attacks Against Medical Devices

93


Turn static files into dynamic content formats.

Create a flipbook

Articles inside

Appendix B: References

3min
pages 105-108

Table 13. Incident Response Plays for Attacks Against Medical Devices

8min
pages 93-96

Table 15. Acronyms and Abbreviations

0
page 100

Table 14. Example Cybersecurity Policies for Consideration

0
page 97

Cybersecurity Practice #9: Medical Device Security

10min
pages 87-91

Table 12. Timeframes for Resolving Medical Device Vulnerabilities

1min
page 92

Table 11. Roles and Responsibilities for an Organizational CIRT

17min
pages 79-86

Table 9. Factors for Consideration in Penetration Test Planning

6min
pages 69-72

Cybersecurity Practice #6: Network Management

15min
pages 57-64

Cybersecurity Practice #8: Security Operations Center and Incident Response

4min
pages 73-74

Table 10. Example Incident Response Plays for IR Playbooks

5min
pages 75-78

Cybersecurity Practice #7: Vulnerability Management

5min
pages 65-67

Cybersecurity Practice #5: IT Asset Management

8min
pages 52-56

Table 7. Expanding DLP to Other Data Channels

3min
pages 49-51

Table 6. Data Channels for Enforcing Data Policies

2min
page 48

Table 3. Example of a Data Classification Schema

1min
page 43

Table 5. Security Methods to Protect Data

6min
pages 45-47

Table 4. Suggested Procedures for Data Disclosure

1min
page 44

Cybersecurity Practice #4: Data Protection and Loss Prevention

1min
page 42

Cybersecurity Practices at Medium-Sized Health Care Organizations

4min
pages 4-6

Table 1. E-mail Protection Controls

19min
pages 15-23

Cybersecurity Practice #3: Identity and Access Management

23min
pages 31-41

Cybersecurity Practice #2: Endpoint Protection Systems

1min
page 24

Table 2. Basic Endpoint Controls to Mitigate Risk at Endpoints

9min
pages 25-30

Cybersecurity Practices at Large Health Care Organizations

3min
pages 7-8

Cybersecurity Practice #1: E-mail Protection Systems

1min
page 14

Introduction

0
page 3
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.