Industry 4.0, the IIoT, and IT/OT convergence are complicating the cybersecurity requirements for the medical manufacturing industry and making effective protection increasingly imperative. And since the expanded risks are relatively new, they’re not always an obvious concern — much less a primary concern — until it’s too late. But the costs, reputation damage, and regulatory penalties that can result from cybersecurity breaches in this industry can be especially devastating. Learn more about relevant cybersecurity risks, costs, and threats as well as effective cybersecurity strategies and essential solutions for achieving robust, reliable protection.
Miguel Gudino, Associate Application Engineer, RS
The medical manufacturing industry faces numerous challenges that hinder efficiency, productivity, and profitability. Satisfying this industry’s stringent quality and safety regulations is likely the most obvious and enduring challenge. But today’s medical device, pharmaceutical, and pharmaceutical equipment suppliers also face challenges related to embracing Industry 4.0 and automation technologies, addressing sustainability concerns, managing large volumes of data, and improving IT/OT cybersecurity. As the medical manufacturing industry contends with digitization and digitalization trends fueled by Industry 4.0, the IIoT, and IT/OT convergence — translating analog information into digital formats and leveraging digital technologies to transform processes — effective cybersecurity becomes increasingly imperative. Overcoming the security challenges elicited by all of this digital data tends to require thoughtful planning and an initial investment, but — as is the case with all of these challenges — implementing the right tools, techniques, and technologies is much less costly than failing to modernize and falling behind in this highly competitive market.
The rise of digital medical records and telehealth made cybersecurity a primary concern in the healthcare segment of the massive medical market. The implementation of intelligent automation and IIoT technologies in the medical manufacturing segment, the demand for smarter medical devices and equipment, and the colossal amount of data that these technologies generate and leverage (including intellectual property, confidential research and development data, and patient data) has opened manufacturers to the same serious cybersecurity risks. But since these risks are relatively new, they’re not always an obvious concern — much less a primary concern — until it’s too late. At that point, the resulting costs, reputation damage, and regulatory penalties can be devastating, especially for an industry facing fierce competition and rapidly eroding profit margins.
Cybersecurity Risks in the Medical Manufacturing Industry
The benefits of implementing Industry 4.0 technologies like intelligent automation systems and IIoT devices in medical manufacturing facilities are abundant and include improved efficiencies, flexibility, safety, productivity, and profitability. However, these technologies rely on densely populated networks that integrate information technology (IT) and operational technology (OT), and the fact of the matter is that every piece of connected technology introduces another point of vulnerability to cybersecurity attacks.
Since IT/OT convergence is relatively new, some hackers are specifically targeting smart manufacturing facilities in hopes of leveraging production network vulnerabilities to gain access to corporate networks. In fact, a 2017 study conducted by Kaspersky, an international cybersecurity company, revealed that roughly one out of every three internet connection sharing (ICS) computers subjected to a cyberattack was part of an industrial automation system. Similarly, in a 2019 survey about OT security challenges conducted by the Ponemon Institute and Tenable, 90% of the 701 global IT and IT security decision-makers polled said that their organizations had experienced at least one damaging IT or OT cyberattack in the previous 24 months, and 62% said that they’d experienced two or more. The prevalence of cybersecurity attacks in the manufacturing industry continues to increase in proportion to the ubiquity of networked technologies. Today, hackers frequently succeed in exploiting vulnerabilities in IIoT networks to gain access to company data and infrastructure.
The Cost of Medical Manufacturing Cybersecurity Incidents
Ransomware and data loss or theft are the most common types of cyberattacks in the industrial manufacturing industry. In 2021, the average ransomware incident caused more than 20 days of disruption to affected businesses, and while downtime of that magnitude would be costly for any manufacturer, it can be especially costly for medical manufacturers. For instance, if the target were a pharmaceutical manufacturer, compounding factors could include the market impacts of production losses for high-demand drugs and the loss of competitive advantage due to a delayed treatment rollout. The former of these scenarios could lead customers to turn to alternatives or — if alternatives weren’t available — cause numerous patients to suffer, and the latter could seriously impact the company’s return on investment and diminish its ability to reinvest in research and development that could play a critical role in healing, comforting, and protecting people.
The medical manufacturing industry is also highly susceptible to inflated costs resulting from lost or stolen data. Historian data and batch records are essential for determining and verifying the results of manufacturing trials and ensuring the safety of the patients using the treatment. So, losing the ability to verify production processes can cost medical manufacturers millions of dollars in product losses.
The NotPetya cyberattack of 2017, which Wired called “the most devastating cyberattack in history,” caused nearly $10 billion in global damages. Although widely regarded as a politically motivated attack against Ukraine, it ended up infecting companies around the world with malware that looked like ransomware but didn’t have a recovery feature and, as such, functioned as a wiper. Merck, an American multinational pharmaceutical company, was one of the hardest hit. The company initially reported $870 million in damages, which included losses resulting from the halted production of its HPV vaccine and other drugs, and later won a lawsuit against several insurers and reinsurers for a total of $1.4 billion in NotPetya-related losses.
However, while those losses were undeniably astronomical, stolen medical manufacturing data can be even more costly than lost data. For instance, new drug development is an especially competitive segment of the pharmaceutical manufacturing market. So, the theft of even a single ingredient or data point could reveal confidential information about proprietary formulas and production methods, be the single differentiating factor between a highly effective new drug and monumental financial losses, and even cause newer and smaller pharmaceutical developers to fail.
Criminals are also stealing institutional and HIPPA-protected patient data from the steadily increasing array of connected medical devices, and the FDA has signaled that it plans to hold medical device manufacturers accountable for the vulnerabilities that allow this to happen, which could also be staggeringly and devastatingly expensive.
In addition, cyberattacks have successfully manipulated and damaged physical manufacturing equipment, which can further extend production downtime and increase incident-related costs.
Medical Manufacturing Cybersecurity Threats
The medical manufacturing industry — and especially industrial automation systems, IIoT networks, and medical devices — is susceptible to four main types of cybersecurity threats:
- Malware, which is a broad category of malicious software including viruses, adware, spyware, ransomware, Trojans, worms, bots, mobile malware, fileless malware, and rootkits. Malware can originate from external attackers on the internet or personnel who either accidentally or knowingly click a malicious link or connect infected removable media and other external hardware to the system.
- Denial of Service Attacks, which is when hackers overload your internet-connected network with vast amounts of bogus traffic to prevent legitimate users from accessing internal or external resources.
- Intrusion, which is when an attacker gains unauthorized access to network systems and infrastructure. Intrusions can originate from hacked applications in the production environment, extranet, or cloud. Remote access solutions, which are increasingly popular in Industry 4.0 environments due to persistent labor shortages and skills gaps, are particularly vulnerable. Another common threat is unauthorized smart devices that connect to production networks via a wireless local area network (WLAN) interface.
- System Exploitation, which is when hackers attack IT systems based on outdated and un-patched hardware and software by leveraging the inherent vulnerabilities of inadequately protected technologies.
A Defense in Depth Approach to Cybersecurity
Although cybersecurity threats are abundant and every connected device increases network vulnerability, a coordinated IT/OT approach to cybersecurity can effectively protect even large-scale industrial automation environments with densely populated networks.
IT includes the computing, networking, and storage technologies used to generate, collect, store, manipulate, analyze, and deliver data within and between organizations. It’s comprised of both hardware and software and is characterized by its ability to be programmed and reprogrammed to satisfy the needs of users, applications, and networks.
OT includes the computing, networking, and storage technologies used to monitor, process, and relay information about and control physical processes in industrial workflows and is also comprised of both hardware and software solutions. But unlike the virtually limitless possibilities offered by IT, OT is often designed to execute a specific task, such as monitor mechanical performance, control heat, or trigger emergency shutoffs, and wasn’t traditionally connected to the internet.
IIoT devices have created a profusion of connected OT and have made it more essential than ever for network security teams to protect every connection against failure, sabotage, and data loss or theft and the subsequent ramifications. One of the best ways to do this is to implement a defense in depth (DiD) strategy. DiD strategies use multiple layers of IT and OT protection and security controls to better protect networks, devices, and other applications from attacks and intrusions. Each security layer — such as firewalls, virtual local area networks (VLANs), and devices with robust user access controls — represents another obstacle that can help prevent hackers from getting through and wreaking havoc, even if a layer or two becomes compromised.
Essential Cybersecurity Solutions
Essential elements of an effective DiD approach to cybersecurity include:
Keeping Your Systems Updated: Outdated systems are at extreme risk of exploitation and will only grow more vulnerable with time.
Network Simplification and Segmentation: Eliminating gratuitous connections and splitting large networks into smaller segments using VLANs or firewalls makes it easier to control data exchange between various zones, like the factory floor (OT) and the corporate office (IT), and limits vulnerabilities to outside threats. Secure routers or Layer 3 switches can facilitate communication between the various network segments and protect against typical network errors like malware and viruses to prevent them from spreading. However, it is worth noting that segmented networks take longer to design and manage and can make it challenging for even permitted users to access data.
Secure WLAN Password Assignment: To protect your WLAN and connected equipment from unauthorized traffic stemming from the internet or unapproved smart devices, employ WLAN components with automated key management protocols or perimeter networks called demilitarized zones (DMZ). Key management protocols exchange several messages between various network nodes to generate cryptographic keys and one-time passwords that can’t be remembered or saved for future access, while DMZs add an extra layer of security to WLANs.
Encryption: Use firewalls to connect your automation equipment to the internet and encrypt your wide-area connections. Firewalls restrict incoming and outgoing traffic to authorized connections and encryption, which can be accomplished using virtual private networks (VPNs) and internet protocol security (IPsec), can prevent criminals from accessing, altering, erasing, or stealing your data.
Secure Industrial Routers: Industrial routers equipped with integrated security features like configurable firewalls, secure VPN connections, and access control lists help protect industrial networks from cybersecurity threats. For example, Phoenix Contact’s FL mGuard security routers facilitate efficient and secure communication with the local network and provide a flexible and scalable solution for network infrastructure management. The series is equipped with stateful inspection firewalls and network address translation, anti-spoofing, anti-virus, and stealth mode features. It also supports high data throughput of roughly 1,000Mb/s, which is essential for satisfying the real-time data demands of monitoring and control processes in pharmaceutical manufacturing applications, and enables easy and efficient system configuration, maintenance, and operation backed by long-term software maintenance, regular updates, and security patches. Manufacturers who employ Phoenix Contact mGuard routers are also likely to need Ethernet cables, RJ45 connectors, crimping pliers, controller SD cards, configuration software, and a secure VPN client.
Industrial routers equipped with access control lists stipulate which kinds of traffic (e.g., which specific IP or MAC addresses) are allowed to access the system and are often placed between incoming traffic and the rest of the network or a DMZ. Most also log unsuccessful attempts and other unusual activity and immediately alert network administrators so control engineers can be activated to limit damage or downtime.
Secure Remote Access: To prevent unauthorized access to your machinery and ensure that any system changes made from a remote location are made to the right machinery, encrypt outbound equipment communications. Many devices can help with this, including the SKF Axios. This simple, wireless, cost-effective, cloud-based, and scalable end-to-end condition monitoring solution is powered by Amazon Web Services (AWS), which encrypts data both at rest and in transit and offers access control and network security features. The fully automated SKF Axios system combines SKF expertise in rotating machinery and predictive maintenance with AWS’ industrial AI services to collect vibration and temperature data used to detect equipment anomalies and improve machine learning, securely deliver data via an intuitive app interface, and enable smarter decision making.
Managed Ethernet Switches: Managed switches facilitate communication between Ethernet devices and allow users to configure, manage, and monitor traffic on a local area network (LAN), control how data travels over the network, and who can access it. They also offer security features that unmanaged switches can’t, including 802.1X authentication, port security, and private VLANs to help control who can access the network, monitor for attacks, prevent infected hardware from transferring malware to the network, and help rectify any breaches.
Moxa’s EDS 408A Series Layer 2, eight-port, entry-level managed switches are especially designed for industrial applications like medical manufacturing. The series provides industrial-grade reliability, network redundancy, and security features based on the IEC 62443 standard and supports a variety of useful management functions, including Turbo Ring, Turbo Chain, ring coupling, internet group management protocol (IGMP) snooping, IEEE 802.1Q VLAN, port-based VLAN, QoS, remote monitoring, bandwidth management, port mirroring for online debugging, and email or relay warnings. It also supports PROFINET and EtherNet/IP communications and Moxa’s MXstudio visual and intuitive industrial network management suite.
Secure Protocol Converters: Protocol converters, which are also called protocol or IoT gateways, enable interoperability between devices or systems with incompatible communication protocols by converting one communication protocol to another. They’re essential for bringing legacy production equipment into IIoT networks and supporting predictive maintenance strategies but could introduce serious vulnerabilities into production networks if they’re not equipped with integrated security features.
Red Lion’s DA10D and DA30D protocol conversion and data acquisition systems allow users to unlock valuable data from orphaned or legacy equipment and share it with production networks and enterprise or cloud platforms. They communicate with over 300 protocols to easily convert between serial and Ethernet devices in multi-vendor environments with ease, exhibit rugged resistance to shock, vibration, and a wide range of operating temperatures, and offer optional real-time data, event, and security logging with cryptographic signature support. They also offer powerful integration capabilities, a user-friendly web server, and an optional expansion port for select add-on network modules. Manufacturers who employ these solutions may also need serial cable adapters, power cords, and power adapters.
Medical device manufacturers may also want to consider incorporating blockchain technology. Blockchain Technology uses private keys to encrypt information like protected health information (PHI) and device data but allows anyone with the right keys to access the information at any time.
RS: A Trusted Partner for Securing Medical Manufacturing Networks
The digitization and digitalization trends fueled by Industry 4.0, the IIoT, and IT/OT convergence are complicating the cybersecurity requirements for the medical manufacturing industry and making effective protection increasingly imperative. And since the expanded risks are relatively new, they’re not always an obvious concern — much less a primary concern — until it’s too late. But the costs, reputation damage, and regulatory penalties that can result from cybersecurity breaches in the medical manufacturing industry can be especially devastating. Implementing effective cybersecurity solutions can improve the resiliency of industrial medical and pharmaceutical manufacturing networks and prevent cyberattacks that could lead to production losses, new drug development delays, and the loss or theft of crucial operating and development data.
RS offers a comprehensive suite of advanced solutions designed to address the key challenges faced by customers in the medical and pharmaceutical manufacturing industries, including cybersecurity threats.
Our strong supplier relationships and omnichannel capabilities provide medical manufacturers with a distinct competitive advantage and empower them to get compliant, enhance productivity, optimize efficiency, reduce downtime, ensure data integrity, and improve both time to market and quality.
Our portfolio of industrial cybersecurity infrastructure includes industrial routers, managed Ethernet switches, protocol converters, and remote access solutions that incorporate robust security features ranging from firewalls, VPNs, and access controls to intrusion prevention and detection, industrial protocol filtering, port security, and encryption — all of which are essential to an effective DiD cybersecurity strategy.
For more information about the RS portfolio of medical manufacturing solutions, as well as expert insights into and advice about medical and pharmaceutical industry applications, please visit the embedded links. For assistance identifying, procuring, deploying, and maintaining cybersecurity solutions that can effectively reduce the risks inherent to your smart medical manufacturing facilities and protect you from the all-to-common and often devastatingly expensive ramifications of a successful cyberattack, please contact your local RS representative at 1.866.433.5722 or reach out to our technical product support team.
