Addressing networked healthcare security risks

Posted on November 16, 2015 12:01 am

Millennials unlike any other generation in history of mankind,function in a highly connected world and there is no vertical that is left untouched by technology in our lives.Being one of them, I would like to look at the healthcare sector and how “The Internet of things” is transforming the sector.Healthcare is a key area where technology has innovated monitoring, diagnostics and delivery of treatment at every step.According to my friend Sam Wambugu, a health informatics expert based in United States of America, mobile devices in healthcare institutions are giving rise to new data security and liability risks. Connected devices, another way of describing “The Internet of Things” present many of the same security and privacy breach rises aspects, and even greater risks because the devices are designed to act automatically without active human direction.Sam Wambugu believes that healthcare is among the key industries in Africa that will benefit from this initiative, with one of the goals being enabling affordable, attainable, patient-centric, quality healthcare in Sub Saharan Africa by utilising “Internet of Things” technology.In fact, researchers like Sam Wambugu expects that African governments will focus primarily on “Internet of Things” solutions for healthcare, education, and smart cities in the coming years.With increasing “Internet of Things” proliferation, it has become exceptionally easy to remotely monitor a patient’s health with the use of network of sensors, actuators and other Internet connected medical equipment. In fact, an African country has started piloting of smart beds that will inform other devices about a patient’s movements, or medicine bottles that will alert the patient when a daily dose has been missed. While Contador Harrison talks about connected medical equipment, a benefit that it offers doctors is allowing them to monitor a patient’s vital readings and reports without having to visit personally, thus giving the patient family their own space.

In setting up connected device systems, healthcare institutions’ agreements with vendors including cloud services providers need to ensure that data traffic of the device and its software application is encrypted when communicating the institution’s private network and those of its outsourcing providers and any cloud systems.The institution should have the power to audit, and require the vendors to periodically verify, that the data is transmitted in the appropriately strong encrypted form and the encryption works on the network.As human beings, we fear staying in the hospital but with such technological developments occurring in the healthcare sector, doctors can stay vigilant of their patient’s developments and also provide the best possible care.For those who dont know, medical equipment connects to a central station by sending out data using the IP address built into its software, enabling devices to be added on to the hospital network and this essentially means that the hospital has put the device online. It helps cut down the amount of time a duty nurse needs to spend with each patient and to being immediately alerted if a patient requires urgent attention. If handled carefully, connected medical devices are extremely beneficial and safe, however, healthcare professionals, are still uncertain of the safety aspect of these devices. Customers across sectors healthcare have stated the potential risks that connected infrastructures bring, along with benefits.There are also solutions available to keep these networks safe thereby ensuring patients’ well-being.

Traditionally, teams in medical wards have to manually check the levels with each individual patient, however, with connected equipment, nurses can monitor all patients from afar confident that the data they are receiving is accurate, allowing them to quickly respond to any alerts that may be raised on their system. The biggest challenge is how privacy protection can be increased. Apart from proper encryption, the healthcare institution require that only a particular connected device collect only the data that is required for its intended operation, and that it enables access to data generated by the device only by authorised and authenticated individuals with a need to handle the information. The same should be true of computer systems that handle the data from the device. The physical security of the device itself also should not be overlooked and device should be configured to prevent data storage media from being accessed or removed, and the device itself should not be easily disassembled. In short, building a strong security to protect data during transmission is undercut if the data can be removed from the device itself. In a testing that I was involved,there was unanimous agreement that networks need to be keep safe from any potential threat and it is imperative for companies to work with security vendor who understands their business completely. IT managers need to look at security from a holistic perspective and while looking at deploying solutions to protect the corporate network, it is always advisable to go for a connected security infrastructure as this is where all of the individual security solutions are able to communicate with others which are deployed.

When these solutions are allowed to communicate, Sam argues that the IT team can stay assured of network protection from a variety of malicious threats. Sam believes the Next Generation Firewall is a fitting solution for such requirements as it majorly helps in blocking latent threats, ensuring hospital network is safe and patients are well protected too.Imagine a scenario where hospitals were to implement connected medical devices without deploying proper network safety solutions. Nowadays, it is easy for hackers to attack hospital networks than most of the people may think. If a cyber-criminal accesses the network,the dangerous consequences that can occur are tampering with settings, silence notifications, and even switch machines off. Apart from that, there is need to be effective management of privileged access on a remote level. The system needs to ensure that third party engineers managing pieces of equipment are controlled through the gateway and don’t have access to patients’ files. In a sensitive sector such as healthcare, it is highly crucial for each link to be secured against delay, disruption, and data loss. Initially, security is considered as an additional layer of technology but with cyber crimes getting alarming each hour, it is now an essential aspect of any technological deployment regardless of the industry. Computer security consists of hardware, software and people. Disgruntled employees, both of the institution and the vendor and its subcontractors,like the was the case with Edward Snowden can be a source of unauthorized disclosure. Good personnel practices are important, and repeated audits are necessary to enable early discovery. This factor is especially important at the computer network administrator level, as that manager provides an enhanced risk to the institution.

Contador Harrison