- Patients come to your healthcare facility with a whole host of expectations.
They want personalized, quality care delivery. They want strong medical device security, knowing that all equipment is reliable, effective and safe.
They’re placing an incredible amount of trust in you and your facility. Their health and wellbeing is entirely in your hands.
Patients are also trusting your equipment, systems, and staff to keep their personal health information safe from cyberattacks.
Healthcare data is big money for hackers. Medical records are much more valuable to criminals than credit card numbers. Hackers want patient data - and it’s probably no surprise to hear that it’s vulnerable to attack.
The problem has its roots in a couple of different areas.
First, medical devices use a vast array of operating systems – or unpatchable systems – making it difficult to keep up with applying patches and updating software.
Second, even if your IT staff is installing medical devices behind a firewall on your internal network, the tedious configuration updates as devices move in and out of the network is complex. In many cases, your staff is relying on the device manufacturers to build and maintain the operating systems and security in those devices, which is a pretty high level of trust to place in someone whose components are so key to your operations.
Finally, the way healthcare professionals are deploying medical technologies is evolving faster than ever before in response to changing technology and patient expectations. Traditional approaches to cybersecurity just can’t keep up.
Picture this scenario: an ambulance crew responds to a major traffic accident. The crew is on scene in moments, caring for the victims and preparing them for transport back to a medical facility.
They’re recording patient data on their mobile device software, while also taking accident photos and connecting victims to Bluetooth-enabled heart monitors and other pieces of equipment.
The crew is likely relying on cellular networks to get that data from their devices onboard to hospital networks.
Without proper encryption, it’s not difficult for hackers to access that data off the cellular network, or from internal networks, and piece it together to create a complete patient record.
After that, the facility is in the headlines for the latest healthcare data breach.
How can you improve medical device security?
New security platforms are available that help protect critical IT systems and improve medical device security to prevent breaches before they start.
While we cannot stop hackers from trying to attack us, there is something that can prevent them from successfully breaching vital systems and gaining access to critical data.
These solutions allow organizations to add trusted medical endpoints and systems to a pre-approved “white list” and cloak them so that only approved devices are allowed access. Rather than basing security on traditional IP or MAC addresses, which hackers can easily “spoof” to compromise your networks, these security solutions base their trust of medical devices on hardened cryptographic identities that can’t be impersonated.
It’s like creating a unique fingerprint for each device that the secured network recognizes. Similar to human fingerprints, no two are the same and they can’t be duplicated. If the “fingerprints” don’t match, the network doesn’t let the device connect and your network stays secure.
Healthcare IT personnel, even those without advanced IT security experience, can help safeguard these device endpoints and segment their networks to ensure data is only being communicated between trusted devices with a security fingerprint and their secured systems. This keeps sensitive patient data from being stolen off insecure networks.
These security solutions effectively “cloak” all devices and network traffic within an identity-based overlay network, keeping these elements invisible to hackers by eliminating all external configuration footprints.
Moreover, these security technologies are protocol and topology agnostic, support any mix of wired Ethernet, cellular, Wi-Fi or satellite communications. This gives healthcare organizations flexibility without compromising data security.
The key is having an intuitive, drag-and-drop user interface that abstracts the complexities of network and security policies. Most healthcare data security incidents occur due to human error and the inability to keep up with all the change requests and vulnerability updates.
Your healthcare facility, including your entire network of facilities, can use its existing infrastructure to connect with remote sites and over shared networks without compromising security or increasing network complexity.
It’s purposely built to be simple for your staff to create new security “fingerprints” for devices, and to connect them securely to your existing networks.
It is not too good to be true. The stakes are too high for all of us not to look at new and different ways to keep our healthcare data secure.
Jeff Hussey has been the president and CEO of Tempered Networks since August 2014. Hussey also founded F5 Networks and maintains several board positions across a variety of technology, non-profit, and philanthropic organizations. He is currently the chairman of the board for Carena and chairman and co-owner of Ecofiltro and PuraVidaCreateGood.