Sepio Systems, the provider in Zero Trust Hardware Access (ZTHA), announced today that Baptist Health has selected its HAC-1 solution to add a new layer of defense against rogue devices used by cybercriminals to evade traditional threat detection tools.
Louisville, Kentucky-based Baptist Health will integrate Sepio’s HAC-1 system with existing network security controls to defend its more than 400 locations in Kentucky and southern Indiana against a multitude of proximity-based attack vectors. Sepio also adds additional protections for its home-based workers.
The U.S. Department of Health and Human Services reports that healthcare is the most targeted sector for data breaches, and that ransomware attacks were responsible for 50 percent of those incidents in 2020. Many of the most common attack vectors are addressed by standard security systems, and threat actors are evolving their tactics to exploit weaknesses such as physical security controls.
Rogue hardware-based attacks can bypass some protections, including advanced authentication, by spoofing legitimate devices. The physical layer is a weak point in cybersecurity and cyber criminals are now turning their attention toward it as overall IT hygiene improves.
Medical devices are acutely vulnerable. Sixty percent of all medical devices do not have available security patches, according to the Open-Source Cybersecurity Intelligence Network and Resource (OSCINR). Organizations may also fall prey to supply chain attacks, where criminals target specific organizations with rogue hardware brought into the facilities either deliberately or via unforeseen supply chain manipulations.
“Baptist Health is proud to be among the first healthcare systems to deploy this important technology to mitigate hardware security related risks. We found Sepio Systems’ HAC-1 solution to be a good addition to our cyber defense systems,” said Michael Erickson, chief information security officer. “Sepio HAC-1 is easy to deploy and lets us quickly determine whether there’s an issue with wired and wireless peripheral devices. Those were key factors in our decision to choose Sepio.”
The Centers for Medicare and Medicaid is considering new requirements for protecting medical devices. Baptist Health’s adoption of HAC-1, the world’s first Zero Trust Hardware Access solution, makes it a frontrunner in medical cybersecurity, by addressing key physical layer vulnerabilities ahead of potential government regulations. The concept of zero trust requires devices to be continuously authenticated and validated using device risk scoring. Sepio HAC-1 is applying this principle to the physical layer in new ways.
“Sepio Systems is delighted to partner with Baptist Health as their vision and committed approach toward adopting the newest cybersecurity solutions places them as an industry leader,” said CMO Bentsi Ben Atar. “Baptist Health cybersecurity team feedback was priceless and helped us to make our HAC-1 solution the best fit and recommended solution for other healthcare providers.”
For more information about Sepio Systems and Baptist Health’s partnership initiative, please visit: https://sepio.systems/solutions/healthcare/
Baptist Health
Founded in 1924 in Louisville, Kentucky, Baptist Health is a full-spectrum health system dedicated to improving the health of the communities it serves. The Baptist Health family consists of nine hospitals, employed physicians and advanced practice clinicians, and a number of outpatient points of care. Learn more at BaptistHealth.com.
About Sepio Systems
Founded in 2016 by cybersecurity industry veterans from the Israeli Intelligence community, Sepio HAC-1 is the first zero trust hardware access control platform that provides visibility, control, and mitigation to zero trust, insider threat, BYOD, IT, OT and IoT security programs. Sepio’s hardware fingerprinting technology discovers all managed, unmanaged, and hidden devices that are otherwise invisible to all other security tools. Sepio is a strategic partner of Munich Re, the world’s largest reinsurance company, and Merlin Cyber, a leading cybersecurity federal solution provider. Learn more: www.sepio.systems.