New Offering Adds Clinically-Aware Threat Detection Capability for Continuous Monitoring of Healthcare Network Risks.
Claroty, the cyber-physical systems (CPS) protection company, announced at the annual HIMSS24 conference the release of the Advanced Anomaly Threat Detection (ATD) Module within the Medigate Platform from Claroty. The new capability provides healthcare organizations with the clinical context to properly identify, assess, and prioritize threats to connected medical devices, IoT, and building management systems (BMS).
The capabilities of the Advanced ATD Module are built on Claroty’s specialized knowledge of healthcare environments and foundational, in-depth CPS device visibility, including:
- Agentless, clinically-aware threat detection and context to address known indicators of compromise in CPS
- Threat detection at deeper levels of the clinical network beyond areas where firewall solutions are deployed
- Continuous monitoring of device communication hardening measures and compliance controls
According to the Germany-based healthcare network Ortenau Klinikum, with the Advanced ATD Module, “We now know what is in our network at any given minute. Especially with our medical devices, it has turned what was once a blurry picture into a high-quality one.”
As connectivity in healthcare environments expands, cyberattacks against the healthcare industry continue to increase yearly, impacting medical devices and BMS that keep hospital operations running. In fact, according to Claroty’s 2023 Global Healthcare Cybersecurity Study, 78% of healthcare organizations experienced at least one cybersecurity incident over the last year, and 60% of these incidents had a moderate or severe impact on patient care delivery.
Not only is the proliferation of attacks driving healthcare organizations to adopt stronger cybersecurity postures, but the changing regulatory environment is another factor driving change. For example, the U.S. Department of Health and Human Services (HHS) recently published Healthcare and Public Health (HPH) Cybersecurity Performance Goals (CPGs) that include a measure specifically for detecting and responding to relevant threats and tactics, techniques, and procedures (TTP), to “ensure organizational awareness of and ability to detect relevant threats and TTPs at endpoints” and to “ensure organizations can secure entry and exit points to its network with endpoint protection.”
Claroty’s Advanced ATD Module empowers healthcare to strengthen their cybersecurity postures and achieve regulatory compliance with features including:
- Signature-based detection enhances threat detection, analysis, and response based on known signatures and Indicators of Compromise (IoCs). Signature content can be viewed for investigation purposes and enabled or disabled to tune the system.
- Custom communication alerts understand and alert on device communication patterns across the network to identify abnormal behavior and traffic across connected devices, such as a BMS communicating with a guest network or an IoMT device using an unsecured protocol.
- Device change alerts pinpoint significant device changes within healthcare environments for further investigation, such as when a device reappears after being offline for a significant period, has a significant change in risk profiling, or undergoes a network status change.
- MITRE ATT&CK for Enterprise threat mapping gives further context and remediation information by mapping alerts to various tactics and techniques within the MITRE ATT&CK framework. This helps responders better understand the goals of malicious actors so that they can more swiftly and appropriately respond and streamline processes by aligning with a framework they may already be using.
“Healthcare Delivery Organizations have been facing an uphill battle for years, with the threat of the next ransomware attack always looming. Cyberattacks against clinical devices and OT assets in HDOs have real-world consequences to providing patient care,” said Grant Geyer, chief product officer at Claroty. “The capabilities offered within the Advanced ATD Module help healthcare organizations take a critical step toward achieving full visibility, with in-depth understanding and transparent view of the greatest threats against them. When clinical workflows and patient care are involved, there is no room for blind spots.”
The release of Claroty’s Advanced ATD Module for the Medigate Platform comes as new research from Team82, Claroty’s award-winning research team, finds that healthcare organizations are facing extreme gaps in medical device security. This new research can be found in the inaugural edition of “The State of CPS Security Report: Healthcare 2023.”
For more information about the Advanced ATD Module and Team82’s new report, visit Claroty at HIMSS Global Health Conference, booth #1627, March 11-15 in Orlando, Fla.