Home > News > featured news > Palo Alto Networks Announces Medical IoT Security to Protect Connected Devices Critical to Patient Care

ENTERPRISE IOT

Palo Alto Networks Announces Medical IoT Security to Protect Connected Devices Critical to Patient Care

Palo Alto Networks | December 12, 2022 | Read time : 05:21 min

As healthcare providers use digital devices such as diagnostic and monitoring systems, ambulance equipment, and surgical robots to improve patient care, the security of those devices is as important as their primary function. Today, Palo Alto Networks (NASDAQ: PANW) announced Medical IoT Security — the most comprehensive Zero Trust security solution for medical devices — enabling healthcare organizations to deploy and manage new connected technologies quickly and securely. Zero Trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust by continuously verifying every user and device.

"The proliferation of connected medical devices in the healthcare industry brings a wealth of benefits, but these devices are often not well secured. For example, according to Unit 42, an alarming 75% of smart infusion pumps examined on the networks of hospitals and healthcare organizations had known security gaps, This makes security devices an attractive target for cyberattackers, potentially exposing patient data and ultimately putting patients at risk."

Anand Oswal, senior vice president of products, network security at Palo Alto Networks

While a Zero Trust approach is critical to help protect medical devices against today's innovative cyberthreats, it can be hard to implement in practice. Through automated device discovery, contextual segmentation, least privilege policy recommendations and one-click enforcement of policies, Palo Alto Networks Medical IoT Security delivers a Zero Trust approach in a seamless, simplified manner. Medical IoT Security also provides best-in-class threat protection through seamless integration with Palo Alto Networks cloud-delivered security services, such as Advanced Threat Prevention and Advanced URL Filtering.

The new Palo Alto Networks Medical IoT Security uses machine learning (ML) to enable healthcare organizations to:

Create device rules with automated security responses: Easily create rules that monitor devices for behavioral anomalies and automatically trigger appropriate responses. For example, if a medical device that typically only sends small amounts of data unexpectedly begins to use a lot of bandwidth, the device can be cut off from the internet and security teams can be alerted.
Automate Zero Trust policy recommendations and enforcement: Enforce recommended least-privileged access policies for medical devices with one click using Palo Alto Networks Next-Generation Firewalls or supported network enforcement technologies. This eliminates error-prone and time-consuming manual policy creation and scales easily across a set of devices with the same profile.
Understand device vulnerabilities and risk posture: Access each medical device's Software Bill of Materials (SBOM) and map them to Common Vulnerability Exposures (CVEs). This mapping helps identify the software libraries used on medical devices and any associated vulnerabilities. Get immediate insights into the risk posture of each device, including end-of-life status, recall notification, default password alert and unauthorized external website communication.
Improve compliance: Easily understand medical device vulnerabilities, patch status and security settings, and then get recommendations to bring devices into compliance with rules and guidelines, such as the Health Insurance Portability Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and similar laws and regulations.
Verify network segmentation: Visualize the entire map of connected devices and ensure each device is placed in its designated network segment. Proper network segmentation can ensure a device only communicates with authorized systems.
Simplify operations: Two distinct dashboards allow IT and biomedical engineering teams to each see the information critical to their roles. Integration with existing healthcare information management systems, like AIMS and Epic Systems, helps automate workflows.
Healthcare organizations are using Palo Alto Networks products to secure the devices that deliver cutting-edge care to millions of patients all over the world.

"Establishing and maintaining acute situational awareness of the Internet of Medical Things (IoMT) environment is paramount to establishing an effective enterprise cybersecurity program. The ability to accurately detect, identify and respond to cyber threats is critical to ensuring minimal operational impact to clinical operations during a cyber event," said Tony Lakin, CISO, Moffitt Cancer Center. "Palo Alto Networks IoT capability seamlessly integrates with our continuous monitoring processes and threat-hunting operations. The platform consistently provides my teams with actionable information to allow them to proactively manage the threat surface of our medical device portfolio."

"With thousands of devices to manage, healthcare environments are extremely complex and require intelligent security solutions capable of doing more. Palo Alto Networks understands this requirement and is leveraging machine learning (ML) for Medical IoT security. Adding intelligence will enable providers to improve operational efficiency, which will enhance patient and practitioner experience and alleviate the burden of an ongoing IT skills shortage," said Bob Laliberte, principal analyst, ESG.

"Healthcare providers continue to be high-value targets for attackers. This reality, combined with the diversity of medical IoT devices and their inherent vulnerabilities, points to a real need for device security that is purpose-built for healthcare use cases. The ability to defend against threats targeting critical care devices while maintaining operational availability and strengthening the alignment of device governance responsibilities between IT and Biomed engineering teams is quickly becoming a necessity for the protection of patient data and lives," said Ed Lee, research director, IoT and Intelligent Edge Security, IDC.

About Palo Alto Networks

Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.

At Palo Alto Networks, we're committed to bringing together the very best people in service of our mission, so we're also proud to be the cybersecurity workplace of choice, recognized among Newsweek's Most Loved Workplaces (2021), Comparably Best Companies for Diversity (2021), and HRC Best Places for LGBTQ Equality (2022).

Spotlight

Accelerate Business Transformation with Lexmark IoT

The Internet of Things offers countless opportunities for manufacturers— provided they can master all of the data generated by these connected devices. Capitalizing on IoT insights can lead to new revenue streams, improved customer experiences, and innovative product designs which can be further leveraged for competitive advanta

More featured news

Spotlight

Accelerate Business Transformation with Lexmark IoT

Related News

ENTERPRISE IOT, SOFTWARE AND TOOLS

ST Engineering iDirect Delivers IoT Solution to ARSAT, to Bridge Digital Divide in Remote Areas

ST Engineering iDirect | January 27, 2023

ST Engineering iDirect, a leader in satellite communications, has given its top Internet of Things (IoT) solution to the national telecommunications company of Argentina, ARSAT. The IoT solution is designed to enable organizations and businesses in remote areas to benefit from sensor technology and big data management developments. Customers in hard-to-reach areas will now be able to use strong IoT connectivity thanks to the combination of ST Engineering iDirect's innovative satellite communications technology and ARSAT's reliable network infrastructure. The solution includes an IoT-optimized waveform, a cloud-based network management system, and technology from hiSky, which is a strategic partner of ST Engineering iDirect. This will help ARSAT deal with a variety of problems in the country across different vertical markets. With this cutting-edge solution, customers of ARSAT will have access to a range of IoT solutions, from remote monitoring and asset tracking to smart agriculture and energy management. Regional Vice President, Americas, ST Engineering iDirect, Darren Ludington, said, "As we move towards a new, interconnected era in industry, we can see the plethora of opportunities that IoT can bring to the widest range of industries, businesses, and organizations." He added, "ARSAT is a service provider that aims to stay ahead of the curve and provide its customers with advanced technologies." He further added, "With our IoT solution, we are providing ARSAT with an easy-to-deploy, agile and flexible solution with which they can test the market and expand as and when they are ready to." He concluded, "We are excited to see the positive impact of our solution on ARSAT's business and its end users." (Source - PRNewswire) The solution will also be a very useful tool for disaster recovery and prevention. Users will be able to see important data about things like rainfall and river levels, wildfire threats, deforestation, lack of water, earthquakes, and volcanoes. With the introduction of this advanced solution, ARSAT will be able to provide customers with valuable insights into natural disasters, helping them take preventive measures and prepare for potential disasters. AboutST Engineering iDirect Engineering ST iDirect, a division of ST Engineering, is a world leader in satellite communications (satcom). It offers technology and solutions that help customers grow their businesses, make their services stand out, and improve their satcom networks. It is committed to shaping the future of how people connect around the world. For more than 40 years, it has been coming up with new ideas to solve satellite's biggest economic and technological problems. The iDirect product portfolio represents the highest standards in performance, efficiency, and reliability, allowing its customers to provide the best satcom connectivity experience anywhere in the world. ST Engineering iDirect is a market leader in critical industries such as mobility, broadcast, and military/government. iDirect Government was founded in 2007 to better serve the US government and defense communities.

ENTERPRISE IOT, INFRASTRUCTURE

Identiv Signs Exclusive Strategic Agreement with Trace-ID

Identiv | February 16, 2023

On February 15, 2023, Identiv, Inc., a global innovator in digital identification and security in the Internet of Things (IoT), entered an exclusive strategic agreement with Trace-ID, a leading provider of UHF RFID technology and solutions based in Spain. As a result, it will become the exclusive provider of Trace-ID's entire line of specialty and industrial UHF RFID in North America. The partnership with Trace-ID expands Identiv's manufacturing footprint, allowing the company to add to its already-extensive product line and bolstering its position as a worldwide leader in specialty RFID technology. In addition, it will enable Identiv to deliver industrial UHF RFID solutions for many use cases in numerous industry sectors. This agreement will make best-in-class specialty and industrial UHF RFID available at competitive prices. It also gives Identiv access to a European manufacturing facility with a direct line of sight to 1 Bn units of specialty UHF capacity. Identiv's integrated ecosystems put IoT in motion by assigning digital identities to every physical object. Its innovative RFID team is responsible for research, design, software development, and manufacturing. As a result, tags, inlays, and labels are embedded in billions of commonplace items, including pharmaceuticals, luxury brands, medical devices, specialty retail, athletic apparel, industrial applications, and many more. Amir Khoshniyati, VP and GM of IoT Business at Identiv, said, "Identiv continues to gain global demand for higher-value designs of UHF solutions for specific applications, including industrial and specialty applications." He added, "This exclusive manufacturing and partnership agreement allows us to expand our growing product portfolio even further, reaching new markets at a very competitive price point." (Source – Business Wire) About Identiv Identiv is a global leader in authentication and security solutions headquartered in Fremont, California. It authenticates frictionless access and operations anywhere, safeguards identities from hacking attempts, protects intellectual property, and boosts IoT innovations. RFID and NFC, cybersecurity and the entire range of physical access, video, and audio security are provided by the platform. It is relied upon by a prestigious group of partners and progressive clients in various vertical markets worldwide. From critical infrastructure to government agencies, hospitals to schools, airports to seaports, startups to corporations, it safeguards the people and locations that fuel daily lives.

ENTERPRISE IOT, DEVICES

Nozomi Networks Releases New Content Pack for ISA/IEC 62443 Compliance Reporting and Security Checks

Nozomi Networks | March 24, 2023

Nozomi Networks, the leader in OT and IoT security, today announced a new content pack for organizations working toward ISA/IEC 62443 compliance and certification. The ISA/IEC 62443 Content Pack makes it possible for Nozomi Networks platform users to quickly create custom queries and reports that help confirm their industrial automation and control systems (IACS) meet ISA/IEC 62443 standards. The Content Pack can also be used to assess an IACS’ security posture against ISA/IEC 62443 standards, identifying areas that align with the standards and areas that must be addressed in order to be compliant. “Nozomi Networks’ ISA/IEC 62443 Content Pack technology brings everyone together around a set of reports and queries that helps users access the details they need to reach compliance,” said Chris Grove, Nozomi Networks Director of Cybersecurity Strategy. “Rather than reinvent the wheel each time a customer needs this data, a user can create and distribute a single file where it can then be imported into a Guardian, run as-is or edited, and then re-distributed to the public, across Guardians, or to partners, collaborators, user groups, wherever you want to share it.” The ISA/IEC 62443 series of standards, developed by the International Society of Automation 99 committee (ISA99) and adopted by the International Electrotechnical Commission (IEC), provides a framework to address and mitigate current and future security vulnerabilities in IACSs. The committee draws on the input and knowledge of security experts across the globe to develop consensus standards that are applicable to all industry sectors and critical infrastructure. Nozomi Networks’ Content Packs are owned by Nozomi Networks’ user community and make it possible to export a combination of queries and reports into a single JSON file that can be shared in a completely separate environment. Content Packs do not contain any proprietary information and are safe to share. This allows Nozomi Networks and its customers to quickly share custom reports or queries internally or with the Nozomi Networks user community. The new ISA/IEC 62443 Content Pack covers parts 2-1 (security program best practices) and part 3-3 (definitions for system security requirements and security capabilities levels). About Nozomi Networks Nozomi Networks accelerates digital transformation by protecting the world’s critical infrastructure, industrial and government organizations from cyber threats. Our solution delivers exceptional network and asset visibility, threat detection, and insights for OT and IoT environments. Customers rely on us to minimize risk and complexity while maximizing operational resilience.