- Covered entities are quickly implementing more technology into daily operations, which could potentially open the door for cyber criminals or even unauthorized insider access. Healthcare network security measures must be current and comprehensive, ensuring that patient data does not fall into the wrong hands.
Ohio-based Fisher-Titus Medical Center implemented the Palo Alto Networks Next-Generation Security Platform to gain more control in medical device access. The organization wanted to prevent unauthorized applications from accessing its medical devices, and also better manage role-based individual user access to applications and systems.
Fisher-Titus Manager of IT Operations and Infrastructure Pete Jacob told HealthITSecurity.com that the organization’s previous platform was limited in its capabilities.
“One of the reasons that I chose to go with Palo Alto was the Layer 7 visibility,” Jacob explained. “One of my biggest thoughts is that it’s really hard to control and secure what you can’t see. With Palo Alto Layer 7 visibility, that just really allows us to do more with less.”
Jacob described how Layer 7 visibility could benefit healthcare. He gave an example of an individual trying to get on a torrent to illegally download movies. Approximately 10 years ago, if an individual attempted that, an organization would go into its firewall and block that port.
As that was going on, torrent clients were getting smarter, and then they used different ports,” he stated. “It was this cat and mouse game where you would block whatever port they were using, and then they got really smart and they decided to use, let’s say, port 80, which is basic web traffic. If I close the web traffic, then no one could browse the internet.”
Jacob added that Fisher-Titus does not have to worry about ports with Layer 7 visibility. Instead, the organization worries about the actual application.
“On my Palo Alto firewall, I could just block all torrent traffic,” Jacob explained. “No matter with port or whatever it’s on, it actually sees the application, which is Layer 7, rather than blocking ports.”
Many healthcare organizations are being asked to do more in terms of data security, but may not be given the means to implement numerous tools, Jacob noted.
“We’re able to manage our data coming in and coming out of the medical center better,” he pointed out. “One thing everyone needs to be concerned with is data loss prevention, and [the new security platform] helps with that.”
Jacob added that in the long-term, Fisher-Titus will likely continue to manage more with less, and then also integrate other Palo Alto products.
For example, Jacob said that the endpoint security tool Traps will be greatly beneficial in working with client devices. The organization can then use malware and exploit prevention measures to pre-emptively block threats.
Better healthcare network security helps Fisher-Titus gain visibility into numerous devices, Jacob explained.
“We can do more with less, have better visibility,” he stated. “When it comes to Windows clients, products like Traps – which is basically antivirus replacement –will actually work in conjunction with the firewalls. It will work as a part of a system, rather than just mixed devices working separately.”
Endpoint security is an incredibly large issue in healthcare, Jacob stressed. The necessary data security measures have greatly evolved in the last decade.
“Ten years ago when you got a computer, the first thing you do is you’d load an antivirus on it,” he said. “Since then, operating systems have become more secure. Browsers have become smarter, but we’re still using the same antivirus that’s based on really old technology signatures.”
Entities need to ensure that their edge devices, like firewalls, that have been invested in will talk and work with their client site software that’s helping to protect their computers.
For other providers looking into improving network security, Jacob advised that building a strong security team is an essential first step.
“We have a great team here at Fisher-Titus working on security,” he stated. “You want to leverage a layered approach and start looking at next-gen things. Keep in mind that you’re investing in a system rather than niche devices. You’re only going to be able to secure what you can see.”
Current network security measures can also help healthcare organizations avoid the ramifications of a ransomware attack.
Hugh Chatham Memorial Hospital utilized its network security measures to detect an attempted ransomware intrusion, disable the affected account, and restore files.
Hugh Chatham Network Administrator Rick Thompson explained to HealthITSecurity.com in a 2016 interview that the hospital utilizes Varonis Data Classification Framework, DatAdvantagefor Exchange and Windows, and DatAlert.
“As soon as we saw the alerts, we disabled the account and basically took what could have been a potentially disastrous situation and turned it into a very minor situation,” Thompson explained. “We still had to recover some files and we had to recover a couple servers…but we were able to isolate the incident and mitigate the damage, keep it contained, recover from it, do some education, and expand.”
Thompson also underlined the importance of recoverability in data security. Hackers only have to be successful once, while facilities have to be successful every time.
“The degree of your exposure has more to do with how your security is structured, how you’re protected, and how you can recover from various incidents,” he said.
When healthcare organizations implement network security measures that are able to aid daily operations and keep data secure, they can help ensure that sensitive data is protected. With regular employee training, entities can keep connected devices and their overall network properly secured.