Attivo Networks Blogs

How deception can combat the cybersecurity threat to medical devices

digital health age

The chief deception officer at Attivo Networks Carolyn Crandall has suggested that industry could be more proactive when it comes to the cybersecurity of medical devices.

In an interview with Digital Health Age web content editor Ian Bolland, Crandall explained the issues that are affecting medical devices when it comes to cybersecurity, including being built on operating systems that were designed to be in networks that are not interconnected. While things are getting connected, the devices that are going onto networks were never designed to be secure in such a way, and the ownership of security is a contentious issue.

She said: “It’s causing a little bit of friction between the device manufacturers and the healthcare providers that pay.

“If a business buys the equipment they know that they have to manage the security and have made investments. They’ve accepted they’ve got to build defences and a strategy to try and protect their networks.

“This is an investment that healthcare providers have not sufficiently made so there’s a lot of friction going on: who owns them? Is it the device manufacturers that need to provide them with secure systems? Even if everything going forward was more secure, what do you do with the millions of pieces of equipment out there that maybe are not even patchable?”

Crandall has encouraged organisations to be more proactive when it comes to combatting hackers, though does highlight that security infrastructure at large means the industry’s defences are constructed to be more reactive.

She alluded to a prospect of setting various traps for a potential hacker to combat, making it easier to identify a hack and to track down whoever is behind it.

“The really interesting thing with Deception is the ability to build a pre-emptive defence. Through machine learning of the network we start to understand all of the characteristics and attributes of the network so we can set up the deception.

“By understanding how an attacker would move through the network to get to their target, you can start to build a pre-emptive defence. You can set up decoys throughout the network, you can set up the credential lures and bait to misdirect them.”

There is also the aspect of responsibility for security, whether that comes down to the manufacturers or regulators, and Crandall questions whether legislation is going to be put into place when it comes to driving standards – and the costs associated with it…


Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

3 × three =

Ready to find out what’s lurking in your network?

Scroll to Top