10 things healthcare providers can do to improve security

Sami Ammous, Sales Engineering Director, APAC, Avaya

Digital transformation is a trend that’s being seen in most industries, and healthcare – traditionally seen as lagging in technology adoption – is evolving one step at a time. Healthcare providers have been content to capture and store patient information, but it’s historically been dispersed, non-standard format and hard to access. 

Digital transformation has now set the standard for healthcare: the minimum patients expect is digitized, contextual healthcare information, stored on secure, resilient, and accessible platforms. This introduces novel opportunities for improved research and development in healthcare services, and discovery of new cures based on observational data that previously would have been hidden amongst the massive stores of sheets of paper.

While the greatest sources of insight and advancement will come from patient and treatment information, the ubiquity of sensors and connectivity in most things “hospital” are creating new avenues of exploration for improvements in healthcare. These sources come from devices – scanners, pumps, environmental controls – operating in a healthcare environment. This is the healthcare flavor of the Internet of Things (IoT)

The way medical equipment is being operated today, such as MRI machines or fusion pumps, enabling them to receive and feed data to a management server, or even a location-aware beacon that transmits its movement and location to a tracking program so staff can locate equipment or even patients without needing to make time-consuming searches, are all examples of IoT in healthcare.

However, the rate of change took healthcare providers by surprise, and thus their digital transformation adoption has not kept up with patient expectations. The healthcare industry is unique in that has to deal with issues of privacy, security, and reliability much more carefully (it’s ok if you can’t use your debit card for an hour – it’s not ok if an x-ray machine is offline for an hour). 

The increased use of technology helps bring practical benefits to staff and patients alike, but at the same time, it brings greater exposure to a multitude of vulnerabilities for healthcare providers. As many healthcare institutions begin their digital transformation journey, it is crucial that they protect the wealth of information that they have from a potential security vulnerability.

Setting reliability issues aside, what’s the exposure in terms of privacy? A recent Reuters article estimated that a person’s private healthcare record could be 10 times as valuable as credit card information in nefarious circles. This means that the stakes are higher for healthcare than most industries in all aspects of digital transformation, and this means a successful rollout of IoT or other aspects will require a comprehensive approach. This also means that relying on outdated IoT infrastructures exposes these organizations to unacceptable levels or risk – meaning revisiting network infrastructures from the ground up.

Ultimately, patient outcomes are driving digital transformation in healthcare, so the question isn’t if they transform, it’s how. Avaya has identified the following 10 for deploying a secure IoT network:

#10: Segment your network into secure zones. These zones would allow healthcare providers to recover more quickly or compensate damages from a possible attack

#9: Secure all medical device connection points. Hospitals must ensure that all medical device connection points should be dynamically secured to ensure that hackers can’t simply unplug a device from an Ethernet port, plug their laptop in and gain access to the network. Static network endpoints are inherently less secure than dynamic networks.

#8: Ensure third-party network access is secured. Hospital administrators, doctors, nurses, guests, patients, contractors, vendors, and auditors should get varying levels of access to the network. Segment and control their access centrally.

#7: Ensure devices are regulation-compliant. Implement and enforce policies for national healthcare regulations, including securing information crossing handheld devices.

#6: Secure your texts. Implement a secure texting solution to eliminate the possibility of accidentally sharing private information publicly.

#5: Ensure all staff is security-aware. Train all staff on the importance of physically securing their laptops and other devices, and what tools are acceptable to be used for sharing and collaboration

#4: Be aware of where devices are managed. All internet-connected devices should be centrally managed. This ensures that the devices have the highest degree of security since it can be monitored and managed efficiently.

#3: Be aware of all wearables. Establish electronic checkpoints for all wearable devices so that devices can be efficiently tracked, managed and shut down remotely.

#2: Ensure log-ins are secured. Establish a centralized log-in procedure for network-connected medical devices.

#1: Ensure security is regularly audited. Avoid potential security vulnerabilities by ensuring regular, systematic third-party security audits.

The possibilities for IoT in the healthcare industry are exciting and compelling, but as they open the door to innovation, they open it to privacy and security threats. It is with that in mind that digital transformation strategies set by such organizations must take early and comprehensive measures to counter these threats. There will not be a single point of securing the network, but it will be a multi-faceted approach.