OT Hacking Cybersecurity Security Credentials Zero Trust Healthcare Innovation

QWERX Has the Rx to Prevent Attacks to the Internet of Medical Things

John Ellingson
John Ellingson
x-ray image of a pacemaker installed in a body

Fifty years ago if someone was diagnosed with cancer, there was only a fifty percent chance of survival for five years. Since that time, there have been incredible changes in the medical science and technology to fight cancer. The human genome and consequent sophisticated chemotherapy treatments and immunotherapies have been discovered and exploited.

However, when it comes to cyberthreats, the legacy technology systems of the 1970s are still being used to protect emerging medical devices in the new era of the Internet of Medical Things (IoMT). The “security” of trusted credentials was invented in the 1970s and has existed ever since.

While medical science has made tremendous strides in addressing the health risks of threats like cancer, the science and technology that has developed new devices to support those advances is still relying on a security paradigm of static credentials and trust that emerged and is largely unchanged since 1975. It is time that security technology caught up to diagnostic and treatment technology.

According to an article in the CISO Times penned by FTI Consulting's experts, "When it comes to medical devices and other Internet of Medical Things (IoMT), the pervasiveness, variety and connectivity of these products make them an ideal target for threat actors seeking to inflict maximum pain. Not only is the frequent exchange of health information potentially at risk in IoMT cyber attacks, but especially for those wireless, Internet- and network-connected devices that remotely deliver potentially life-saving treatments to patients, the stakes could not be higher. Think of the operational, legal, reputational and – above all – patient safety havoc a cyber attack could inflict on blood glucose devices, pacemakers and infusion pumps."

QWERX has the Rx for that.

How QWERX Solves IoMT Security Challenges

External network breaches stem from public key infrastructure (PKI) and static certificates. Indeed, any medical device or network requiring credentials is vulnerable to hacking, theft and spoofing. QWERX technology eliminates the risk by using dynamic, ever-changing credentials for permanently securing hardware. It’s easy to deploy across your medical device ecosystem, as it installs directly on network devices and is managed through a central console. 

QWERX Enterprise Secure Perimeter (QESP) creates a Zero Trust network using frequently rotating symmetric keys that are never exchanged or stored. It improves medical device cybersecurity by preventing adversary attacks using quantum-proof keys and collecting threat intelligence to understand trends and vulnerabilities.

Benefits of Using QWERX To Secure IoMT

Already the sheer number of devices impacts hospitals and medical systems. According to experts, large hospitals can have as many as 85,000 non-IT medical devices and 15 to 20 networked devices per bed. Furthermore, Gartner estimates that “by 2023, the average CIO will be responsible for more than three times as many endpoints” as they managed in 2018.

QWERX reduces the challenges associated with securing your hardware by eliminating the need for an individual to remember or keep a password secret. It integrates seamlessly with your existing tools, alleviating outdated software and firmware concerns. The devices themselves perform the handshake to authenticate. Not humans. And unlike PKI, there isn’t an algorithm to hack

Health care organizations can reduce patient safety issues related to connected equipment that’s life-sustaining or life-supporting. They also lower the chances that a compromised device will bring down the hospital network, resulting in service disruptions. 

Protect IoMT With QWERX

Connected medical hardware enables healthcare organizations to serve patients better. Significant threats exist, though, affecting patient safety and the institution’s reputation. Ensure your medical device cybersecurity is top-notch with quantum-proof device authentication. Learn more about QWERX by contacting us today.
John Ellingson

John Ellingson

Follow me on LinkedIn Follow me on LinkedIn

John Ellingson is the Chief Technology Officer at QWERX. John started his digital career with the Boeing Company working on the 747 aircraft in the late 1960s. He became a computer-literate attorney performing what is today known as forensic accounting. As the founding chairman of the ABA/YLD Subcommittee on Tax Treatment in Bankruptcy, John worked with the Congressional Joint Tax Committee to create the Internal Revenue Code Provision enabling the tax-free merger and acquisition of debtor corporations. This law became part of the Bankruptcy Tax Act of 1980. John had a national M&A practice in this area and obtained the first IRS Private Letter Ruling on this Code section. As a result of this practice, he observed a frequent element of white-collar crime in many bankruptcy cases, and he subsequently developed and patented a method to detect identity fraud. The product derived from that patent is still deployed at most retail banks throughout the U.S. today. This success started John on a path of protecting digital systems and identity management. He continued in this role with American Operations Corporation and ASM Research before founding infOsci LLC and later QWERX, Inc. John holds numerous method patents in digital system security. John was appointed to the United States Air Force Academy and medically separated before graduation. He holds a Bachelor of Science degree from the University of Wisconsin and a Juris Doctor degree from Seattle University. For 20 years John served as a liaison officer with the United States Naval Academy and the United States Military Academy. He also served on the Service Academy Selection Boards for two U.S. Senators.

Leave a Comment