Free Services to help you during COVID-19 Learn More

Support Request a Demo Contact Us Blog

Medical Device Discovery & Monitoring

Protect Patient Safety with Behavior Based Security Analytics

Medical devices are under increasing threat from ransomware attacks and other cyber threats that jeopardize patient health.

In the past, medical device security was not a common problem. Manufacturers built medical devices with proprietary firmware that were unlikely targets of a cyberattack. Now, however, manufacturers develop cheaper and more scalable medical devices that run easily compromised operating systems, such as Windows, that are frequent targets of ransomware attacks.

In addition to cyberattacks on their devices, healthcare organizations must also deal with unexpected changes in device configurations, broken or malfunctioning equipment, and “lost” devices that are unaccounted for in inventory.

Since the first publicly reported cyberattack against a medical device occurred in 2017, the medical device threat vector has grown in proportion to the number of medical devices used. According to the IBM Institute for Business Value the estimated number of connected medical devices is expected to increase from 10 billion to 50 billion by 2027.

“You have less control over connected medical devices than any other aspect of your technology environment. Many times, vendors control patch and update cycles, and vulnerabilities persist that require segmentation from your network. Considering that many of these devices are in direct contact with patients, this is a major concern.”

“Best Practices: Medical Device Security”
by Chris Sherman and Salvatore Schiano, Forrester Research Inc., May 21, 2019

Protect Critical Medical Devices with Gurucul User and Entity Behavior Analytics

With such a rapidly expanding scale it is impossible to ensure the security of these devices manually. It is equally fruitless to sort through the myriad of alerts generated by rules-based security tools like SIEM to efficiently find and stop legitimate threats.

In the healthcare industry, patient safety and health must always come first. Identifying malfunctioning medical devices and threat detection, or subsets of these two fundamental cause scenarios, are critical in healthcare.

Gurucul Medical Device Security Use Cases
  • Identify the various kinds of devices, and use behavior patterning to understand where they should live and how they should operate on the network
  • Establish an early warning system by providing indicators that a device is not behaving normally
  • Detect anomalous behaviors associated with devices that may be targets of ransomware or malware attacks
  • Determine when to safely patch medical devices by understanding their usage patterns
  • Predict when devices are about to malfunction and need to be serviced or replaced

Gurucul User and Entity Behavior Analytics (UEBA) keeps your medical devices secure by establishing baseline behavior profiles so you can detect activities that are outside the normal patterns. Once you know these standard behaviors, it’s possible to identify unusual trends that indicate the device has been compromised. These anomalous behaviors trigger UEBA’s risk-based alerts so that the IT group can intervene to prevent damage.

Gurucul UEBA is available as a standalone product or as part of Gurucul Unified Security Analytics

“We use Gurucul to identify the behavior patterns of a medical device. So just like we look at human behavior patterns, medical devices – or really any type of IOT device – have their own behavior patterns as well. If we can baseline those behavior patterns, we can detect when there is an anomaly.”


William Scandrett
CISO, Allina Health

The IT Operations Benefits of Behavior Analytics for Medical Devices

Medical devices must be managed from an operational perspective as well as a security perspective. Gurucul UEBA can act as an early warning system to provide indicators that a device is not behaving normally. That’s critical information to have because if a device is malfunctioning, it cannot be allowed to connect to a patient.

It’s also beneficial for medical staff to know when a device is out of rotation. One of the major operational issues regarding medical devices is determining when it is safe to patch. There’s always a chance that the patching process might disable a device and disrupt patient care. The device shouldn’t be connected to a person at such times.

Gurucul UEBA can determine when a device is out of rotation, and when it’s safe to perform maintenance, like patching. For example, Gurucul UEBA can learn that between the hours of 8 PM and 6 AM, a particular device is never used. Knowing this, IT can perform maintenance activities during those known ‘off hours’ so as not to interfere with patient care.

Ensuring Patient Safety

The security and maintenance of medical devices is truly mission critical. In most ransomware attacks, an organization might risk losing valuable data. But medical devices are connected to people, putting their health at stake.

The prospect of a patient being placed in harm’s way due to a cyberattack on a medical device or a medical device’s faulty behavior is not farfetched. Gurucul UEBA’s ability to establish baseline behavior risk profiles for medical devices provides significant value for healthcare organizations.

Share this page: