At the annual HIMSS24 conference, Claroty, a leading cyber-physical systems (CPS) protection company, unveiled the Advanced Anomaly Threat Detection (ATD) Module within the Medigate Platform. This new capability is designed to bolster the cybersecurity of healthcare organizations by providing clinical context for identifying, assessing, and prioritizing threats to connected medical devices, IoT, and building management systems (BMS).
The Advanced ATD Module leverages Claroty's specialized knowledge of healthcare environments and deep visibility into CPS devices to offer agentless, clinically-aware threat detection. It extends threat detection beyond traditional firewall solutions to deeper levels of the clinical network and enables continuous monitoring of device communication hardening measures and compliance controls.
The Germany-based healthcare network Ortenau Klinikum praised the module, stating, "We now know what is in our network at any given minute. Especially with our medical devices, it has turned what was once a blurry picture into a high-quality one."
As cyberattacks against the healthcare industry continue to rise, impacting not only medical devices but also the BMS critical to hospital operations, the need for robust cybersecurity measures has never been greater. Claroty's 2023 Global Healthcare Cybersecurity Study revealed that 78% of healthcare organizations experienced at least one cybersecurity incident in the past year, with 60% of these incidents having a moderate or severe impact on patient care delivery.
The changing regulatory landscape, such as the recent publication of Healthcare and Public Health (HPH) Cybersecurity Performance Goals (CPGs) by the U.S. Department of Health and Human Services (HHS), is also driving healthcare organizations to strengthen their cybersecurity postures. Claroty's Advanced ATD Module is designed to help healthcare organizations meet these regulatory requirements and enhance their cybersecurity defenses.
Key features of the Advanced ATD Module include signature-based detection for analyzing known threats, custom communication alerts for identifying abnormal device behavior, device change alerts for monitoring significant changes in healthcare environments, and MITRE ATT&CK for Enterprise threat mapping for contextualizing and remediating threats.
Grant Geyer, chief product officer at Claroty, emphasized the importance of the new module, stating, "Healthcare Delivery Organizations have been facing an uphill battle for years, with the threat of the next ransomware attack always looming. The capabilities offered within the Advanced ATD Module help healthcare organizations take a critical step toward achieving full visibility, with an in-depth understanding and transparent view of the greatest threats against them. When clinical workflows and patient care are involved, there is no room for blind spots."
The release of the Advanced ATD Module comes as Claroty's award-winning research team, Team82, finds significant gaps in medical device security in healthcare organizations. This research is detailed in the inaugural edition of "The State of CPS Security Report: Healthcare 2023."