Baptist Health, Louisville, Ky., has selected the Sepio Systems HAC-1 solution to add a layer of defense against rogue devices used by cybercriminals to evade traditional threat-detection tools.

A health system including nine hospitals, Baptist Health will integrate Sepio’s HAC-1 system with existing network security controls to defend its more than 400 locations in Kentucky and southern Indiana against proximity-based attack vectors. Sepio also adds protections for its home-based workers.

The U.S. Department of Health and Human Services reports that healthcare is the most targeted sector for data breaches, and that ransomware attacks were responsible for 50% of those incidents in 2020. Many of the most common attack vectors are addressed by standard security systems, and threat actors are evolving their tactics to exploit weaknesses such as physical security controls, according to Sepio Systems.

Rogue hardware-based attacks can bypass some protections, including advanced authentication, by spoofing legitimate devices. The physical layer is a weak point in cybersecurity, and cyber criminals are now turning their attention toward it as overall IT hygiene improves, Sepio Systems notes.

Medical devices are acutely vulnerable, but 60% of all medical devices do not have available security patches, according to the Open-Source Cybersecurity Intelligence Network and Resource.  Organizations may also fall prey to supply chain attacks, where criminals target specific organizations with rogue hardware brought into the facilities either deliberately or via unforeseen supply chain manipulations.

“Baptist Health is proud to be among the first healthcare systems to deploy this important technology to mitigate hardware security related risks,” says Michael Erickson, chief information security officer for Baptist Health. “We found Sepio Systems’ HAC-1 solution to be a good addition to our cyber defense systems. Sepio HAC-1 is easy to deploy and lets us quickly determine whether there’s an issue with wired and wireless peripheral devices. Those were key factors in our decision to choose Sepio.”

The Centers for Medicare and Medicaid is considering new requirements for protecting medical devices. Baptist Health’s adoption of HAC-1, Sepio System’s Zero Trust Hardware Access solution, addresses key physical layer vulnerabilities ahead of potential government regulations. The concept of zero trust requires devices to be continuously authenticated and validated using device risk scoring. Sepio HAC-1 is applying this principle to the physical layer in new ways, according to the company.

“Sepio Systems is delighted to partner with Baptist Health as their vision and committed approach toward adopting the newest cybersecurity solutions places them as an industry leader,” says Bentsi Ben Atar, chief marketing officer for Sepio Systems. “Baptist Health cybersecurity team feedback was priceless and helped us to make our HAC-1 solution the best fit and recommended solution for other healthcare providers.”