Healthcare IT


Prepare for the Internet of ‘Healthcare’ Things

Hospitals in the region are increasingly looking to technology solutions to proactively advance patient care and improve outcomes. We can expect to see network-connected healthcare “aides” playing an ever-greater role in delivering healthcare. Just imagine, “smart beds” that automatically detect if they’re occupied – or if a patient has gone walkabout – and can track the quality of the patient’s sleep. Wearables and implants can measure a patient’s vital statistics, continuously log data and report, in real-time, any abnormalities to the appropriate clinical staff. Network-connected infusion pumps, imaging machines, blood-glucose sensors, and myriad of devices can automatically and collaboratively share valuable data with the patient’s electronic health record (EHR).

That time isn’t far off either – a report last year from IDC indicated that enterprise mobility will have penetrated over 80% of MEA healthcare organizations by 2017, with over a third of organizations having already deployed corporate smart devices. Perhaps unsurprisingly then, IT security was cited as the biggest concern by healthcare CIOs. While we are seeing major initiatives to leverage technology to improve healthcare delivery in the region, such as in the United Arab Emirates, which has included providing a worldclass healthcare system in its UAE Vision 2021 strategy, there is a need to understand the challenges and risks. Careful network planning is a must if adoption is going to be successful.

Of course, networked devices are prevalent in hospitals today – a growing number of nurses and doctors have already transitioned away from clipboards and paper to Wi- Fi-enabled communications devices and tablet computers. However, in the rush to introduce Internet-connected devices – the much-spoken of “Internet of Things” (IoT) – some hospitals are opening themselves up to additional risk. Left unsecured, these devices represent an additional point of exposure for the network.

Security
Hacks continue to dominate the headlines, as vulnerabilities are increasingly exposed in industries that have previously been, to an extent, cruising under the attacker’s radar. Healthcare providers, as the holders of highly sensitive – and highly marketable – information, have now become highvalue targets.

As the use of connected devices in healthcare expands, so too does the risk of a “Medjack”. This attack vector sees hackers exploiting old and insecure operating systems as launch points to move laterally through the borderless internal network. Typically, these attacks target back-end EHR and financial systems, but there are some hackers with more nefarious motives. Hacks are known to have been attempted where critical systems such as drug infusion pumps and cardiac implants are manipulated due to security flaws in hospital equipment and medical devices. It’s one thing to hold to ransom patient data, but things are taken to a whole new level when actual lives can be threatened.

The network represents one of the largest avenues of attack, and every reasonable effort must be made to secure it. On some legacy networks, anyone can connect devices without being prompted for authorization. In the most extreme cases, network administrators admit they have no idea exactly what devices are accessing their network at any given time. Going forward, hospitals must ensure that hackers can’t simply access an active Ethernet port, or surf the wireless network until they find a vulnerable node.

Attacks come in many forms and have evolved over time – from the so-called “Sneakernet” attacks using floppy disks and then USB keys, to infected devices brought in from home by oblivious patients or employees. Now, the major challenge is that Internet-connected devices and end-user applications are evolving faster than the legacy network. The traditional approach of securing the Internet gateway with a firewall is no longer enough. With conventional technologies, once a device is connected to the network with an IP address, all other devices on the same network segment are visible and exposed to a potential hacking attack.

Software-defined networking can deliver a crucial element of a multilayered, defense-in-depth security strategy. In these environments, traffic dynamically flows across the network, leveraging the shortest path to its destination. The network can be easily segmented into areas – zones – that remain invisible to devices at the edge. One physical network can support numerous virtual networks on the fly. Network connectivity is extended as approved devices attach and are authenticated, and dynamically retracts as those devices disconnect. Reducing the number of attack points, the size of the network attack profile, and obscuring network elements can provide important security benefits.

Secure segmentation
Traditionally, segmentation is done through virtual LANs, used in combination with routing and filtering, and data can thenbe directed to fl ow from approved devices to pre-defi ned applications. While this methodology works, it lacks scalability – especially in the context of IoT, and can also be exploited using the IP Hopping attack vector.

Delving deeper into the healthcare scenario, surely the network that delivers MRI data to the patient EHR database should be isolated from the network that supports connectivity between the payment card system and the fi nancial backend. Obviously, both need to be securely partitioned from the Guest Wi-Fi. The list of applications and services that should be securely separated from each other is potentially endless.

There is a solution that solves both the scalability and security issues: secure network segmentation. This approach leverages a natively secure technology to deliver massively scalable segmentation, automatically isolating fl ows and zones, and establishing the necessary control and enforcement points. No communication can occur between zones without explicit confi guration, and data flows are containerized end-to-end across the network to neutralize the risk of IP Hopping attacks.

This capability is known as “Stealth Networking,” and each unique combination of fl ows defi nes an individual service that can be treated independently, given special privileges or specifi c restrictions. Operating the network in Stealth mode provides the isolation needed to secure key healthcare applications and services. If it cannot be seen or accessed, then it cannot be hacked; sounds simple, yet Stealth Networking delivers a highly effective ability to reduce the threat of cyber attacks.

If segmentation was important in the relatively modest networking scenario of yesterday’s healthcare, just imagine what it means for an IoT-enabled tomorrow. As the number and diversity of networkconnected devices exponentially grows, so too does the potential number of attack vectors. Scalable, secure segmentation, in combination with a centralized access policy and enforcement engine, will come to characterize the software-defi ned network perimeter.

Enabling new innovations
The pace of advancement in medical device technology is at an all-time high, but unfortunately, so is the increase in security breaches, despite very conscious efforts on the part of the industry to close potential gaps. Unfortunately, the adverse publicity that naturally attaches to these incidents can act as an inhibitor of innovation. In some cases, a healthcare organization may hold back on leveraging the latest technology for fear of not being able to effectively secure it. Such hesitation would delay improvements in patient care and could adversely affect outcomes.

As the Internet of Healthcare Things takes hold, it is of paramount importance to fi nd ways of enabling the rapid adoption of innovative solutions. It is equally important, obviously, to solve this challenge in such a way that network security is not compromised; indeed it can and should be enhanced.

 

Date of upload: 17th Jan 2017

                                  
                                               Copyright © 2016 MiddleEastHealthMag.com. All Rights Reserved.