Home / Experience / Case Studies / Healthcare

Industrial cyber security for Healthcare

Device Robustness Testing

Overview

SIS’ specialist industrial cyber security testers applied the latest exploit tools and techniques to perform stress and penetration testing of network connected  medical device technologies, to assess risks to the reliability of devices, and ultimately the safety of patients.

Challenge

Network connectivity of medical devices has broadened functionality, yet there is now increased cyber vulnerabilities that may potentially lead to unacceptable risk of harm to patients. For cyber adversaries, it has never been easier to compromise everyday medical devices that the health sector relies so heavily upon every day to stay in operation. Healthcare providers ultimately have a duty of care to protect patients from device malfunction or shutdown, and therefore must ensure connected medical devices are resilient to the threat of cyber attack.

A metropolitan hospital management firm required specialised security services to conduct an assessment to review the robustness of medical devices, in order to protect medical equipment in hospitals from being compromised by an adversary.

The requirement was to conduct the assessment by reviewing (any) known weaknesses and vulnerabilities in the devices, before performing stress and penetration testing, in an attempt to exploit discovered vulnerabilities in a controlled test environment. 

Solution

SIS endeavoured to achieve the objectives of the assessment by researching known vulnerabilities in the devices, along with consideration of vulnerabilities with other similar appliances. With intricate knowledge of the construct of industrial devices, SIS testers were capable of conducting stress and black-box penetration testing to assess the robustness of the devices, and also demonstrate any attack scenarios to test and verify that vulnerabilities identified could be exploited.

Black-box penetration testing simulates a hostile element attempting to cause damage/harm to the device. This methodology is carried out without prior knowledge of the development, application architecture, defense mechanisms, administrative user accounts or any other relevant information.

SIS’ team is staffed with highly technical security specialists, constantly involved with industrial cyber security testing. The team has an extensive background in various platforms and expertise that allows them the ability to tackle configurations from the perspective of a real-world adversary attack.

If you’d like to know more about our many years of experience in providing industrial cyber security solutions,

Get in touch >

More Case Studies

Sector Scope
Power

SIS’ bespoke approach towards the assessment of critical infrastructure enabled a UK power company to determine compliance to the EU NIS Directive, and to develop an improvement plan towards strengthening resilience to cyber threats.

View Case Study

Oil & gas

Via a technical vulnerability and risk assessment of OT infrastructure for a gas pipeline company, SIS successfully assisted the gas pipeline company to understand their current-state risk posture in order to determine what an appropriate risk appetite (risk level) is, and the prioritisation of mitigation actions in order to reduce the level of risk exposure to cyber threats

View Case Study

Transport

SIS’ industrial cyber security audit services enabled a government statutory authority to benchmark the security posture of state transport agencies, identifying cyber security risks and prioritisation of key actions for risk mitigation.

View Case Study

Water

As a result of SIS’ Operate and Maintain services, a regional water agency in Australia was able to implement a Cyber Security Management System (CSMS) provides the organisational rigour to ensure infrastructure is resilient to escalating cyber threats, and ensuring the right security controls are in place to mitigate risk.

View Case Study

Mining

SIS adopted a top-down, risk-driven approach to develop an enterprise-wide security architecture for a resources company, driven by, and integrated with the organisation’s broader business strategy, focused on technology optimisation to deliver secure mine operations.

View Case Study

Critical Manufacturing

SIS’ industry-leading industrial cyber security training was able to help a metals manufacturer create a stronger culture of security, harmonising with the organisation’s rigorous safety culture, fostering a commitment to industrial cyber security from plant operators and administrators, encouraging users to act responsibly and thus operate more securely

View Case Study

Health

SIS’ specialist industrial cyber security testers applied the latest exploit tools and techniques to perform stress and penetration testing of network connected  medical device technologies, to assess risks to the reliability of devices, and ultimately the safety of patients.

View Case Study