It’s an age old dictum: “First, do no harm”. It’s most often been attributed to ancient Greek physician Hippocrates and underpins the ethics of modern healthcare. While once solely focused on patient wellbeing, today that same idea has extended to include patient privacy and cybersecurity threats. In fact, HISA’s 2018 Cybersecurity in Australian Healthcare survey found that 95% of respondents recognise their personal responsibility for security and integrity of patient and corporate data 1.
The Healthcare sector wrestles with an array of challenges. Not only do they face the same operational complexities as other businesses, they must also take responsibility for ensuring patient safety, protecting patient data and keeping everything operational 24/7.
IoT is fundamentally changing IT in healthcare
IoT presents unique challenges for healthcare. The adoption of IoT is increasing as healthcare facilities recognise the ability of these technologies to improve patient care delivery and mobility, along with automation and data analytics capabilities. But as adoption increases – and with many of these devices lacking built-in security - they present an immense vulnerability within the network overall. Add to this that healthcare is becoming one of the preferred targets of cyber criminals with one recent report placing healthcare as the third most targeted sector globally 2.
Healthcare IoT devices come in all shapes and forms. Connected medical devices, such as MRI and CT scanners, wearable medical devices and remote patient monitoring devices, devices designed to record data on patient vital signs, temperature monitors and digitised shelf labels, security cameras and ID-enabled security doors, and Bluetooth enabled medical asset tracking tags. While there is no doubt these devices are improving processes and facility management, every IoT device adds a new, potential, entry point for attack.
Future-proofing IoT with network security & reliability
Trusted connectivity, network availability and reliability are critical security objectives for IoT systems. But how can these targets be achieved. Common questions asked include:
- How can we raise the overall security posture of IoT solutions?
- How can we gain visibility into all IoT devices?
- How can we secure all these new end points?
- Which vendors are addressing the challenge of IoT security?
Developing healthcare networks fit for the future
Networks are the lifeblood of any IT infrastructure, but planning and deploying reliable, secure, wired and wireless networks to support present and future technology demands can be a challenge – largely due to the extent of legacy networking and the need to keep this live whilst installing, or overlaying, new. In these existing networks, healthcare facilities are adapting their network architecture to include new levels of network intelligence, automation and security to ensure high availability, redundancy and security. In greenfields sites, where the scope to futureproof is unimpeded, the focus still remains on these three pillars.
Increasing endpoint visibility with intelligent device profiling
First, visibility into all devices on a network is critical. But a network can include thousands of IoT devices, and many have device ‘blind spots’ or offer only a partial view. Other times the device is generically labelled making it impossible to know what it is and its purpose. Then as more IoT devices are added, manually provisioning and managing all of these endpoints is complex, time-consuming and prone to errors.
Device profiling offers full visibility and identification of ANY network connected device. An innovative vendor in this space is Aruba with their newly launched ClearPass Device Insight. This solution addresses even the most stringent visibility requirements by providing the ability to accurately identify all wireless and wired devices connected to the network. This includes previously undetectable IOT devices that are now rapidly identified thanks to built-in machine learning-based AI, and a global crowdsourcing database that gathers and shares device fingerprints.
Establishing protection from attacks with behaviour identification
Staff members have far less awareness of the vulnerabilities inherent in IoT devices than IT. Their focus is on improving patient safety and health and so connecting a seemingly innocent device may not trigger for them to even involve IT. This, in turn, has the potential to create scenarios where the network could be threatened. In this case, IT must have proactive and automated solutions in place to mitigate these risks while ensuring critical healthcare devices and apps always get priority treatment.
Again, we can look at what Aruba offers in this space with IntroSpect User and Entity Behavior Analytics (UEBA) and Network Traffic Analysis (NTA). These solutions have the power to track down attacks involving malicious, compromised or negligent users, systems and devices – that have otherwise evaded standard perimeter defences - and remediates them before they damage the operations and reputation of the organisation.
The criticality of network availability and redundancy
Whilst many IoT devices connecting to the network can lead to a corresponding increase in network traffic, the overall concern is that network uptime in healthcare is absolutely critical. A light going out is unlikely to cause a catastrophic fallout, but let’s consider a blood fridge monitor. Blood must remain at a constant temperature to remain usable and safe so if the fridge temperature rises or falls – even by just a couple of degrees - that precious resource is lost. Then there’s medical equipment for monitoring a patient’s life. In this case, a dropout could have devastating consequences.
The planning required to reliably support healthcare’s mission-critical network of connected devices takes serious consideration. For wireless network deployments, a site survey to assess the Radio Frequency behaviour across an entire site is the first step when implementing optimal wireless coverage and performance. This includes both the volume and placement of access points to ensure there are no dead-spots and to ensure peak loads can be managed. For the wired environment, it’s important to deploy network switches that can scale to meet growing data needs, are centrally managed, and have redundant power supply, failover and redundancy. Moving into this data driven ecosystem means the network must proactively assess and self-heal or identify issues for remediation before they become a problem.
Unlocking the value of IoT, mitigating risk
Security of data, compliance with regulations and ensuring optimum patient outcomes – these are the items on the top of agenda’s in healthcare IT departments everywhere. Many are realising that while IoT devices oﬀer many advantages, these same devices are contributing to new risks for both patient privacy and organisational security, jeopardising the ability of these institutions to deliver the best patient outcomes.
Fortunately, new integrated security technologies have evolved to provide unprecedented protection for not just IoT devices, but everything on the network. We are starting to see the urgency of organisations to respond to cybersecurity threats whilst considering their entire network architecture - ensuring they have the scalability, intelligence and automation needed to run and protect their networks around the clock.
Request a Matrix IoT audit
With significant experience working with Healthcare providers all across NSW, we can offer an assessment of your network and IoT ecosystem to help you identify vulnerable areas and take the steps to confidently embrace IoT and network safety and security. Speak to a Matrix security specialist today.
1 HISA, Cybersecurity in Australian Healthcare Survey (2018) [ONLINE]. Available at: https://www.hisa.org.au/wp-content/uploads/2019/04/cybersecurity-for-healthcare-in-2019-1.pdf?x30583
2 NTT Security (2010), Global Threat Intelligence Report [ONLINE]. Available at: https://www.nttsecurity.com/docs/librariesprovider3/resources/2019-gtir/2019_gtir_report_2019_uea_v2.pdf?sfvrsn=be5bb88f_2