Gyala recognized as  Sample Vendor in the Gartner's document“Emerging Tech: AI in CPS Security”  Read

Cyber Resilienza sanitaria:

The Zero Trust Experience of ASL Viterbo and the Need for an Integrated IT/OT Approach

source ForumPA

The Local Health Authority (ASL) of Viterbo, thanks to its collaboration with Gyala, has implemented an advanced cybersecurity model based on an Active Defense and Zero Trust strategy. The case highlights the effectiveness of methodological proactivity. This experience, combined with the implementation of integrated IT/OT architectures that Gyala has developed in other healthcare organizations, offers a valuable benchmark. The lesson learned underscores how the Zero Trust principle (as seen in Viterbo) and unified visibility (necessary in IT/OT environments) are essential to neutralize complex attacks and hidden vulnerabilities.

Preparation as an Advantage: The Method of ASL Viterbo

In collaboration with Gyala, ASL Viterbo initiated a structured path to strengthen security by adhering to international standards such as ISO/IEC 27005 for cyber risk management. This preliminary work was not a mere bureaucratic formality, but the foundation that enabled an effective response. The key steps included:

  • a meticulous Asset Inventory, essential for defining the defense perimeter;
  • a review and update of security Operational Procedures for staff and external suppliers;
  • the structured identification of areas for technological improvement.un meticoloso Asset Inventory, indispensabile per definire il perimetro di difesa;

The integration with the Gyala platform provided Viterbo with a comprehensive visibility and protection solution. The system is based on Agents (XDR) for internal process analysis, Security probes for traffic monitoring, and Time correlation for the identification of complex attacks. Initially installed in detection-only mode (to learn the normal behavior of the network), the infrastructure proved ready for the strategic shift imposed by external events.

Hidden Vulnerabilities: How to Address OT Critical Issues

Separate from the Viterbo experience, the monitoring activity conducted by Gyala in several other Italian healthcare facilities that have implemented the integrated IT/OT architecture revealed often latent critical vulnerabilities, emphasizing the urgent need for a holistic approach.

The observed cases are emblematic of the challenge:

  • The obsolete and the connected. The discovery of a lipid analyzer controlled by a PC running infected Windows XP, whose vulnerability was triggered by a simple Wi-Fi USB stick used by operators to connect the machine to the guest browsing network. A procedural error that creates an unauthorized bridge and nullifies all perimeter measures.
  • The dimensional anomaly. The detection, on a gas chromatograph, of an anomalous exchange of 32 Terabytes of data over the course of a month between two internal computers. A disproportionate and inexplicable volume, indicating a potential massive exfiltration or an out-of-control infection, which had gone unnoticed by traditional systems.

These episodes confirm that patient safety ultimately depends on the guarantee that the medical device does exactly what it was designed to do, without alterations or external interference.

The Path to Cyber-Resilient Healthcare

According to Gyala’s experience, there are three fundamental elements for building cyber-resilience:

  1. Proactivity. The methodological preparation and risk analysis conducted before the crisis were the factors that allowed ASL Viterbo not to succumb to the shockwave of the regional context, thanks to the adoption of its Zero Trust strategy.
  2. IT/OT unification is mandatory. Healthcare cannot afford compartmentalized security. Technological integration, such as that provided by Gyala in other environments, is the only way to protect the entire ecosystem, from the server to the electromedical device.
  3. Visibility is the first line of defense. You cannot defend what you cannot see. The ability to detect and correlate anomalies – whether it’s an unusual software action (Word opening a shell, as in the Emotet case detected in Viterbo) or an anomalous data volume (the 32 TB detected on OT devices in other ASLs) – is the true key to intercept and block complex attacks before they can cause irreversible damage.

Read the full article on forumpa.it