February 18, 2025
In healthcare cybersecurity, asset visibility is a fundamental component of network protection, but it is only the beginning. Moving towards effective network segmentation requires not only an awareness of all connected assets but also a deep understanding of how, when, and with which other devices they communicate.
“Network traffic analysis is a crucial step in healthcare cybersecurity,” says Rashid. “Understanding device communication patterns is key to building an effective segmentation strategy that safeguards patient care and ensures uninterrupted operations.”
The importance of network traffic analysis in healthcare
Network traffic analysis refers to the process of monitoring and evaluating device communications across a network to detect abnormal activity and potential security threats. This capability plays a vital role in healthcare by strengthening network security across both clinical and non-clinical workflows.
According to Claroty’s Global Healthcare Cybersecurity Study, only 25% of healthcare organisations worldwide report having a mature approach to network segmentation. “Proper segmentation is essential to protect critical medical devices and patient data,” Rashid explains. “Without a structured approach, healthcare networks remain vulnerable to cyber threats that can disrupt care delivery.”
Cyber-physical systems (CPS) often represent security blind spots within healthcare networks. The State of CPS Security Report found that 22% of hospitals have devices that bridge corporate and guest networks, exposing them to potential attacks. Additionally, 4% of surgical devices operate on guest networks—the least secure environment for such mission-critical equipment. “For healthcare organisations, visibility into these devices and their communication patterns is paramount,” Rashid notes. “Asset visibility, combined with robust network traffic analysis, provides the foundation for effective segmentation and risk mitigation.”
The role of MDS2 in medical device security
“When it comes to securing medical devices, having clear, reliable information about their security features is non-negotiable,” says Rashid. “That’s where the Manufacturer Disclosure Statement for Medical Device Security, or MDS2, comes into play. This document, completed by the manufacturer, serves as a critical resource for healthcare providers looking to understand the cybersecurity posture of their devices.”
MDS2 offers a detailed breakdown of a device’s security capabilities, helping healthcare organisations make informed decisions when selecting new products or assessing existing ones. “It’s not just about checking boxes,” Rashid emphasises. “It’s about understanding how these devices interact within your network and what proactive measures you need to take to keep patient data safe. The MDS2 form gives hospitals and clinics the transparency they need to mitigate risks and strengthen their overall cybersecurity strategy.”
Best practices for evaluating network traffic
Before network traffic can be analysed, complete asset visibility must be established. CPS assets, such as medical devices, are notoriously difficult to detect with traditional IT methods. “Deep packet inspection (DPI) is an effective way to identify these assets and gather crucial data on operating systems, communication protocols, and device behaviours,” Rashid advises.
Once an asset inventory is in place, healthcare organisations must evaluate communication behaviours to establish a baseline for network traffic. “Understanding how devices interact within a network is key to detecting anomalies and enforcing security policies,” Rashid explains. A traffic baseline helps map device locations, identify normal network behaviour, and strengthen segmentation strategies.
To maintain security, real-time alerts must be integrated into monitoring systems. “A CPS protection platform that continuously tracks network traffic and flags suspicious activity ensures rapid response to threats and policy violations,” Rashid states. This also aids in compliance with regulatory standards and internal security protocols.
Effective network segmentation depends on leveraging existing security tools, including firewalls and network access control (NAC) solutions. “A well-integrated approach ensures that healthcare organisations can enforce policies without disrupting workflows,” Rashid adds. Selecting a solution that identifies CPS assets, analyses network traffic, and aligns with current infrastructure optimises efficiency and security.
Strengthening healthcare security with Claroty xDome & Connected Health
Connected Health collaborates with Claroty to deliver a purpose-built solution for protecting healthcare CPS assets. “By combining deep visibility with advanced network segmentation capabilities, this partnership ensures healthcare organisations can proactively secure their networks,” Rashid says.
Key functionalities include:
These critical functionalities support healthcare organisations in monitoring network traffic, implementing effective segmentation strategies, and enforcing security policies that protect connected devices and safeguard patient safety. “In an era where cyber threats are increasingly targeting healthcare, network traffic analysis and segmentation are not just best practices—they are essential,” Rashid concludes.
Rashid Mohiuddin, senior cybersecurity consultant, Connected Health, Wavelink
Rashid Mohiuddin is a Senior Security Consultant for Connected Health at Wavelink, bringing over 14 years of expertise in IT and cybersecurity. In his role, Rashid specialises in solution scoping, leading workshops and webinars, and delivering professional services for complex projects. He has held key roles in major blue-chip organisations, including Dell, Citibank, the NRMA Group, and Exclusive Networks, where he contributed significantly to IT and cybersecurity initiatives. Rashid holds a Bachelor’s degree in Electrical, Electronics, and Communications Engineering, as well as a Master’s in Information Systems, focusing on Computer Systems Networking and Telecommunications.
