Medical information is facing a huge challenge such as data leakage, OT security
In recent years, the levulin attack caused most of the enterprises and the unit operation. In the past, it has been infected with a bird page. When the user is browsing, when the file is browsed, the document is grouped, and the user’s file will not be able to start with the quick encryption method, and the picture cannot be started. Unlock. However, in recent, more and more targeted attacks, target active attacks, with the first time the expansion method, the latency is penetrated and collected in units of intranets, and the opportunity to initiate an attack. In addition, many units and personal computers still use the old version of WIN7 systems that have not been supported updated, which is also a source of major security risk.
In September 2019, many hospitals have also suffered from lessen attack, mainly hackers first invading VPN networks, through the medical records of the Fufu Department, implanted in the extract of lessif virus in EEC Gateway, in EEC GATEWAY (Figure 1), and borrow Transferred by Jianjian VPN, first latent the implantation of [OT’s ring control host], and wait for the WINDOWS SERVER Synchronous to start attack. Since the VPN network used by the EEC is the internal network of major hospitals, they are not split VLAN, resulting in rapid spread.
Figure 1: Strioptics of hospitals suffering from ECC
Medical security scope is not limited to IT environments, but also include OT
In the current Taiwan Most Hospital Building, the organization is very large, some will also be rehabilized, children’s medical, emergency, cancer center, health medicine independent, and the server equipment used by the light may be nearly 100, not to talk A wide variety of devices to be managed may go to tens of thousands. In the face of these equipment, it is necessary to manage it; if you need to put the audit the action, the network, wireless network, the network, the network, the terminal network, the terminal network, and the VPN between the terminal network, and each point are also undoubtedly It is a big challenge. General hospitals are managed by firewall equipment, intrusion equipment, mail protective equipment, traffic detection or identification identification. However, the hospital pays attention to the scope of security is not just IT, and also includes internal OT (Operaon Chnology). In order to promote intelligent medical care, accelerate the transmission and analysis of medical data, the hospital is bound to use Cable-on medical instruments, but this Also become a security. Medical security protection is not to manage personal and server, but also pay attention to the information security testing of medical instruments, such as nursing work carts, computer fault scanning equipment, medical testing instruments, etc.Figure 2: Wei Fu Department also began to promote medical OT security testing
The health of the medical field is wide, data leakage, OT security is also challenging
In 2018, it is not only alert to the high-tech industry, but also lets security issues in the OT field, and the hospital has such problems to face (Figure 3), for example::
1. Computer host operating system for medical institutesIn some client computers in the medical institute, there are still systematic and hardware old conditions, and even new version of antivirus software cannot be supported, these should be a problem that the medical industry must face.
2. Unable to support new version of anti-virus software
Many malicious attacks are performed through the vulnerability of the operating system. So the old system that cannot be updated is required to change, and should be installed with legal antivirus software, or at least update to and open the built-in Windows Defender protection.
3. Vulnerability of medical equipment
Commissioner manufacturers are updated to this. When using the device, the function provided by the device should be checked and the permissions that the user can access.
Independently use the link to the VPN of the VPN, which should be interposed with any connection form, such as a wired network link, a wireless network link, and through the mobile Internet access. In addition, it is also necessary to avoid the computer to serve the medical system for special VPNs for the hospital.
Figure 3: Focus on all OT device networking security
Transfer from OTS-600 on the internal network layer layer, improve medical network security
With the increase of the security threat, the environmental changes, the status of the security threat in the stage has been greatly different from the past, such as the OT (Internet of Things) equipment, has become a hacker, malware attack Target, the hospital must seek new generation of information on the new generation to solve the status of the new state, and the first OTS-600 internal net protective equipment is also launched to assist users in facing possible information.High-standard hardware design
To ensure online security, Sharetech OT products support a variety of forms of Internet and SCADA connections, including WiFi, 3G / 4G, serial (-232 / 485). They also have industrial, including DIN rail mounting, desktop device appearance, 24V DC power input, and support the most demanding deployment wide temperature range.
Strengthen OT network traffic inspection
All-to-OT equipment can detect traffic in existing network environments with malicious activities, such as external non-allowable users to contact into various medical buildings through illegal remote logins; or user’s computer is malicious Software penetration and infection, allowing hackers to have a manufacturing area through internal networks. Sharetech OT equipment can perform passive, detection, identification and reactions, etc. Abnormal data appears. Build block protection, strengthen internal network security
In order to strengthen the internal network security, the medical system network must be divided into smaller “block protection”, and the mechanism of defense is deeper into the internal network to monitor network traffic. If there is an attacker invaded team member, they should not be on the network. The events enter the unit-sensitive host (patient). OT protective devices can detect these actions that try to access systems outside the user’s conventional activities, and issue a corresponding warning message, which can be combined with the exchanger to block from malicious activity threats or BOT penetration attacks.Complete online coordination defense mechanism
In order to strengthen the security of the internal network, we integrate the exclusions and wireless base station management, with the SHARETECH OT Management Interface Perform a unified control, the Sharetech OT device in addition to the input of the network, and extends down to the exchanger and Wireless base station. Allows all the wired / wireless access to the network service to accept the Sharetech OT control, which can be successfully deployed to the required resources.
The public to control the security of the internal network and the external network, that is, the solution to the Sanji passenger, which integrates the L2 level information into the firewall through the integrated switch and AP, and confirms the switch on the switch. Each port traffic, online member and network class topology, etc .; AP part can not only see wireless users, but also as an AP controller, unified send SSID, password, etc., no need to log in every Taiwan AP is going to make settings, coupled with the firewall abnormal flow, IPS mechanism diffusion.
Remote access security
The more external service ports, the representative increases the risk factors that exposes ourselves, so for known online objects, regardless of the use of dynamic or fixed IP addresses, you can use the firewall general IPsec VPN to establish secure The VPN channel delivery information does not need to reach an online demand in port.
OPC intrusion defense mechanism
Collect all IT, OT network packets and signals, and use depth packet detection (DPI) to compare, analyze each level in the communication protocol, and master the behavior of abnormal data. All exception events will be fully recorded, and through the recording query, you can master the time, source, purpose and attack type of the event, which makes it easy for the manager to track.
Virtual Patch Protection
In order to avoid the customer’s important host, the Virtual Patch is also available in the Sharetech OT solution. It can prevent the vulnerability invasion in the medical machine operating system or software. Virtual Patch, avoiding hospital medical equipment has been maintained, vulnerabilities, Sharetech OT safety gateway protective equipment.
Unconside into threat intelligence – war room
Threat Information – Warring Room Let OT and IT managers fully understand the architecture of all data transfer, collect through OT and IT’s device data, and record all risk type data, let OT managers understand the factory network Security condition. When there is a resantage incident, the identification survey can be launched through detailed risk record analysis. In addition, provide the operating equipment of the OT network, showing its IP and asset content, display the specific protocol used between the devices, and highlight potential risks.
Complete OT network management platform, fast deployment, simple management and easy maintenanceEven with the most complex OT network, the Sharetech cloud management platform can also make operating administrators and network security professionals, perform the work of protecting the monitoring network in a single platform.
Cloud management platform is different from
Complete presented OT equipment operation status
Support most proprietary communication protocols for ICS equipment
Real-time monitoring and message notification
Risk warning message notification
Indirect online monitoring management mode does not affect the operation of OT equipment network
Profile backup, restore mechanism
Support device setting backup mechanism
CMS service management function also provides