Improve healthcare cyber security with holistic approach to technology design

Fifth in a series of excerpts from the free executive guide, “The Evolving Importance of Healthcare Resiliency: Preparing Your Hospital for a Crisis.” 

By Mike Zorich 

Like most industries, the healthcare sector uses connected networks to improve efficiency and leverage data. But with this connectivity comes major risk of cyber-attacks.  

Without thorough cyber security, you leave your hospital’s cyber infrastructure vulnerable to a malicious breech. And it’s not just outside hacking attacks that you need to worry about — intrusions can be introduced inside your network from an infected USB flash drive or through a vendor unknowingly creating an unprotected connection to the outside world.  

A healthcare cyber-attack likely occurs for one of two reasons:  

  1. Accessing electronic health records to sell on the black market 
  2. Hijacking systems and preventing access until a ransom is paid 

Both types of attacks can be devastating for your hospital’s reputation and ability to continue to function. Unfortunately, creating a secure cyber network in today’s hyper-connected world is a bigger challenge than some hospital IT departments may realize.  

The connectivity/vulnerability of the IoT 

The “Internet of Things,” or IoTrefers to all the daily devices and everyday objects we use that are now enabled with network connectivity. Objects that formerly were not connected to the network — like appliances, light switches, and televisions — now are all connected and are collecting and sharing massive amounts of data. This same concept can be applied to your hospital building through the “Internet of Buildings,” or IoB. 

More than any other building type, hospitals have a significant number of potential smart devices, building systems, clinical equipment, and other leading-edge technology that can be connected, providing countless opportunities for workflow and systems to be more efficient and easily controlled. Everything from window shades to thermostats can exist in technological harmony with building systems, information technology systems, and clinical systems on one unified network.  

However, while designing your hospital to achieve this level of connectivity has many benefits, it also opens you up to greater vulnerabilities. Each device that is connected to your network represents a potential intrusion point from a cyber security perspective. Your IT department may not even be aware of the access points to your network created by less-technical devices that wouldn’t fall under their purview.  

A holistic approach 

Hospitals can best protect their cyber infrastructure from malicious attack by taking a holistic approach to cyber security. This involves more than protecting the computers and tablets in your hospital. This starts with approaching the planning of the hospital with the understanding that designing information technology, building systems, and clinical equipment can no longer be carried out in silos. There must be a single, unified process that considers those systems holistically. 

As the connectivity of devices and objects in their building grows, many hospitals also are utilizing cloud-based storage. Shifting the storage and processing of sensitive medical data and hospital servers to a third-party cloud provider with expertise in cyber-security also protects the data at a level that few hospital systems can match. In addition, any intrusion that could come through a device on the IoB at the local level would be impeded from accessing important patient data because of improved network segmentation.  

However, this solution won’t be the right fit for every hospital. The decision to have portions of your network be cloud-based or on-premise involves multiple considerations. 

With so many systems with network connections — from audio/video systems, to security systems, to clinical equipment — your hospital may have hundreds of different types of devices that utilize some type of connectivity. Recognizing the vulnerability this creates and expanding your concept of cyber security to holistically protect against all potential threats is the first step in creating a more resilient hospital cyber infrastructure. 

Next: 10 key areas for hospital disaster preparedness

Also in this series: 

Download the entire executive guide, “The Evolving Importance of Healthcare Resiliency: Preparing Your Hospital for a Crisis.” 

Mike Zorich, PE, LEED AP, is IMEG’s national Vice President of Healthcare and a principal of the firm. He is a licensed mechanical engineer with more than 21 years of experience, all with IMEG.

Watch a three-minute Q&A video with Mike.

Categories: All Blogs | Healthcare | Security
You Might Also Like
Holistic Oversight: Protect your new building’s energy performance through holistic project oversight
The Quadruple Aim & the Built Environment: Healthcare’s Dynamic Duo (Podcast included)
Spouts, chutes, and transitions: Gravity flow design is critical for efficient operation of many dry bulk processing facilities