Cryptographically secure OT/IoMT workloads prevent network breach through connected devices

Diagram of Internet of Medical Things (IoMT)

Healthcare IT is faced with a growing cybersecurity vulnerability that threatens data, applications, devices, operations and patient care. It is the growth of unsecure OT, IoT and IoMT devices which use IT networks to transmit data.

Juniper Research analysts expect 7.4 million IoMT devices to be deployed globally by 2026, with over 3,850 per smart hospital. 3.2 million IoMT devices were deployed as of 2021. Based on this data, smart hospitals could see an increase of 231% in the number of IoMT in their facilities over the next 4 years.

Though the growth in adopting these devices has risen to meet increased consumer demand, address workforce needs, and provide operational efficiencies in healthcare organizations, it has created a significant security problem.

According to an analysis on more than 10 million IoMT devices in more than 300 hospitals in the U.S., approximately 53% had critical cybersecurity vulnerabilities.

Many devices that have frequent use, like connected intravenous fluid pumps, had at least one vulnerability that could impact patient health and welfare, as well as result in data loss, if a bad actor (internal or external) were able to gain access. In the case of intravenous fluid pumps specifically, these devices were about 38% of the average hospital’s typical IoT footprint, and yet 73% had at least one critical vulnerability.

What is a better solution to protect these devices, data, workloads and systems from breach, while minimizing downtime?

With connected devices, the key is to be able to intercept the data as it leaves the device, perform microsegmentation, and then secure each workload as it moves through a network or the cloud to close potential gaps and prevent unauthorized access.

It is not enough to just secure the tunnels between sites or networks. You need to maintain discrete segments for classes of devices, no matter where the workloads end up traveling.  In short, you need to be able to maintain one segmentation scheme across every type of network access, and across every type of device. Otherwise, the gaps in your security policies and segmentation scheme will become the crease in which attackers penetrate and then spread within your network.

When you think of how data from devices travel, it can move over WiFi, Private 5G, Wired or LiFi to either a Premise Cloud, Edge Cloud or Public Cloud, or perhaps move across all three. Each cloud environment will have its own security rules for workloads. Therefore, you need to be able to prevent gaps or creases in security to ensure that your workload is protected from breach. 

So, how can you do this when data moves outside your network or cloud environments wherein you have some control over the security rules?

Right now, the best way to achieve device/edge to cloud security is by using a network overlay, built with Zero Trust principles, that cryptographically secures OT/IoT workloads, so they cannot be corrupted from point-to-point.

Onclave TrustedPlatform™ Network Overlay Protects Healthcare IoT, IoMT, OT and IT Networks

The Onclave TrustedPlatform™ is a network overlay that identifies IoT and IoMT devices, microsegments the workloads, and then wraps each workload into a cryptographically secure enclave. This creates secured point-to-point communications aggregated into virtual networks with their own root of trust. This is more optimal than the workloads adopting the security rules of whatever cloud they are in. 

Another benefit of the TrustedPlatform™ is its use of continuous monitoring and ability to isolate bad actors before they gain access to the network.

Traditional cybersecurity solutions monitor for attacks and alert administrators to intrusions so they can mitigate the damage. Onclave Networks provides healthcare organizations with an agentless Zero Trust microsegmentation and endpoint security solution that prevents threats to the network from vulnerable connected devices. 

Onclave achieves this by using Zero Trust architecture in its TrustedPlatform™. Trust is verified at each endpoint before any request for access is granted to a system, device, or user. If the workload demonstrates any abnormal behavior, the TrustedPlatform isolates it and quarantines it – preventing the attacker from moving laterally through the network.

Lastly, since the Onclave TrustedPlatform is a network overlay, it requires no changes to an organization’s existing infrastructure, and can identify and secure workloads from devices and systems regardless of their age or operating system. 

Overall, Onclave gives healthcare IT professionals the ability to more easily and confidently deploy a robust security solution that will eliminate the OT, IoT and IoMT attack surface and better protect their data, applications and devices from breach, malware and ransomware.

To learn more about how the Onclave TrustedPlatform™ can better protect your healthcare network, schedule a security risk assessment or strategy session with our team. For more information and to download our whitepapers, visit our website: