Improve healthcare cyber security with holistic approach to technology design
Fifth in a series of excerpts from the free executive guide, “The Evolving Importance of Healthcare Resiliency: Preparing Your Hospital for a Crisis.”
By Mike Zorich
Like most industries, the healthcare sector uses connected networks to improve efficiency and leverage data. But with this connectivity comes a major risk of cyber-attacks.
Without thorough cyber security, you leave your hospital’s cyber infrastructure vulnerable to a malicious breech. And it’s not just outside hacking attacks that you need to worry about — intrusions can be introduced inside your network from an infected USB flash drive or through a vendor unknowingly creating an unprotected connection to the outside world.
A healthcare cyber-attack likely occurs for one of two reasons:
- Accessing electronic health records to sell on the black market
- Hijacking systems and preventing access until a ransom is paid
Both types of attacks can be devastating for your hospital’s reputation and ability to continue to function. Unfortunately, creating a secure cyber network in today’s hyper-connected world is a bigger challenge than some hospital IT departments may realize.
The connectivity/vulnerability of the IoT
The “Internet of Things,” or IoT, refers to all the daily devices and everyday objects we use that are now enabled with network connectivity. Objects that formerly were not connected to the network — like appliances, light switches, and televisions — now are all connected and are collecting and sharing massive amounts of data. This same concept can be applied to your hospital building through the “Internet of Buildings,” or IoB.
More than any other building type, hospitals have a significant number of potential smart devices, building systems, clinical equipment, and other leading-edge technology that can be connected, providing countless opportunities for workflow and systems to be more efficient and easily controlled. Everything from window shades to thermostats can exist in technological harmony with building systems, information technology systems, and clinical systems on one unified network.
However, while designing your hospital to achieve this level of connectivity has many benefits, it also opens you up to greater vulnerabilities. Each device that is connected to your network represents a potential intrusion point from a cyber security perspective. Your IT department may not even be aware of the access points to your network created by less-technical devices that wouldn’t fall under their purview.
A holistic approach
Hospitals can best protect their cyber infrastructure from malicious attack by taking a holistic approach to cyber security. This involves more than protecting the computers and tablets in your hospital. This starts with approaching the planning of the hospital with the understanding that designing information technology, building systems, and clinical equipment can no longer be carried out in silos. There must be a single, unified process that considers those systems holistically.
As the connectivity of devices and objects in their building grows, many hospitals also are utilizing cloud-based storage. Shifting the storage and processing of sensitive medical data and hospital servers to a third-party cloud provider with expertise in cyber-security also protects the data at a level that few hospital systems can match. In addition, any intrusion that could come through a device on the IoB at the local level would be impeded from accessing important patient data because of improved network segmentation.
However, this solution won’t be the right fit for every hospital. The decision to have portions of your network be cloud-based or on-premise involves multiple considerations.
With so many systems with network connections — from audio/video systems, to security systems, to clinical equipment — your hospital may have hundreds of different types of devices that utilize some type of connectivity. Recognizing the vulnerability this creates and expanding your concept of cyber security to holistically protect against all potential threats is the first step in creating a more resilient hospital cyber infrastructure.
Also in this series:
- Resilience in healthcare: How to prepare your facility and reduce risk in the event of a disaster
- 3 questions to help define the structural integrity of your hospital
- 4 key areas of MEP resilience reduce healthcare facility risk during a natural disaster
- Enhance hospital security through CPTED principles
Download the entire executive guide, “The Evolving Importance of Healthcare Resiliency: Preparing Your Hospital for a Crisis.”