Improve healthcare cyber security with holistic approach to technology design
Sixth in a series of excerpts from the IMEG executive guide, “The Importance of Healthcare Resiliency: Preparing Your Hospital for a Crisis.”
By Jeff Carpenter
All modern hospitals also need to be prepared for the significant threat posed by cyber-attack. Without thorough cyber security, you leave your hospital’s cyber infrastructure vulnerable to a malicious breech. It’s not just external hacking attacks that you need to worry about—threats can come from inside your network as well. For instance, intrusions can be introduced inside your network from an infected USB flash drive or through a vendor unknowingly creating an unprotected connection to the outside world.
The purpose of a healthcare cyber-attack is likely to be for one of two reasons: accessing electronic health records to sell on the black market or using ransomware to hijack systems and prevent access until a ransom is paid. Both types of attack can be devastating for your hospital’s reputation and ability to continue to function. Unfortunately, creating a secure cyber network in today’s hyper-connected world is a bigger challenge than many hospital IT departments realize.
More than any other building type, hospitals have a significant number of potential smart devices, building systems, clinical equipment, and other leading-edge technology that can be connected by the Internet of Buildings, or IoB. While designing your hospital to achieve this level of connectivity has many benefits, it also opens you up to greater vulnerabilities. Each device that is connected to your network represents a potential intrusion point from a cyber security perspective.
Hospitals can best protect their cyber infrastructure from malicious attack by taking a holistic approach to cyber security. This involves more than protecting the computers and tablets in your hospital. This starts with approaching the planning of the hospital with the understanding that designing information technology, building systems, and clinical equipment can no longer be carried out in silos. There must be a single, unified process that considers those systems holistically.
As the connectivity of devices and objects in their building grows, many hospitals also are utilizing cloud-based storage. Shifting the storage and processing of sensitive medical data and hospital servers to a third-party cloud provider with expertise in cyber-security also protects the data at a level that few hospital systems can match. In addition, any intrusion that could come through a device on the IoB at the local level would be impeded from accessing important patient data because of improved network segmentation.
However, this solution won’t be the right fit for every hospital. The decision to have portions of your network be cloud-based or on-premise involves multiple considerations.
To learn more about this topic, read the IMEG executive guide, “The Importance of Healthcare Resiliency: Preparing Your Hospital for a Crisis.” For summaries of other topics in the guide, read:
- Resilience in healthcare: Five key areas for reducing risk during a disaster
- 3 questions to help define the structural integrity of your hospital
- 4 key areas of MEP resilience reduce healthcare facility risk during a natural disaster
- Enhance hospital security through CPTED principles
- Prepare for mass casualty events and infectious outbreaks
- Bonus: 10 key areas for hospital disaster preparedness