Securing Digitalization Within Healthcare

Sonia Arista, National Healthcare Lead, Fortinet
MARCH 16, 2020
doctor
Photo/Thumb have been modified. Courtesy of Mnet Financial.

Digital innovation has revolutionized the healthcare industry and medical services. In addition to providing new, cutting edge treatments, the implementation of new digital solutions also enables healthcare facilities to cut costs without sacrificing the level of care they provide. Furthermore, network advancements have had a profound effect on providers’ abilities to offer comprehensive remote care to patients who require treatment from home or are unable to make it to a medical facility.

While digital transformation has undoubtedly benefited the healthcare sector, it has also made it a prime target for cyber criminals looking to steal valuable patient data or hold online resources for ransom. As a result, protecting against cyber threats has become a necessity, with healthcare providers increasingly relying on their IT and security teams to thwart malicious actors and manage security across networks. The challenge is that the sector’s rapid digital transformation, and partnership strategy to expand clinical services, has made it difficult for security teams to adequately manage emerging cyber threats and protect patient data.

An attack on a healthcare network has the potential to be life-threatening, so assessing and managing risk is of paramount importance. With that in mind, understanding how to manage the security of digital solutions requires knowing the exact security risks each new technological innovation and digital service poses.

There are three areas that should be prioritized when working to improve healthcare digital security practices:


Securing Telemedicine

The growth of telemedicine has shifted the medical landscape considerably over the past few years. Providers now increasingly rely on online tools and connected medical devices to monitor patient health, provide accurate diagnoses and even deliver medical procedures over broadband connections, such as surgical assistance.

The growth of telemedicine has also benefited patients through increased control over their medical information and treatment plans. To get the most out of telemedicine, however, healthcare providers must ensure that the technologies they are using cannot be exploited by cyber criminals. The need for secure telehealth solutions has been heightened further in light of the FCC’s proposed Connected Care Pilot Telehealth Program, which would expand telehealth solutions to low-income Americans and veterans.

However, the increased level of network activity required by telehealth solutions can make detecting and managing cybercrime very difficult for healthcare IT teams. To secure their telehealth initiatives, healthcare providers require visibility into their network infrastructure, the operating systems and functions of the IoMT (Internet of Medical Things) devices in place and data movement across their network. This will ensure that at-risk devices and potential threat activity can be isolated and managed so critical patient data remain secure.

There are a growing number of tools and strategies available that make this level of visibility achievable, and they should be considered by operational areas responsible for securing telehealth solutions:
  1. Network Access Control: Network access control (NAC) solutions are one tool that healthcare providers should use to gain visibility into any devices connected to their network. NAC solutions ensure secure authentication and onboarding, monitor the activity of connected devices and issue automated responses should any device demonstrate malicious behavior. Additionally, NAC solutions can manage and enforce access policy across a network, ensuring that users and devices can only access data from permitted segments within a network.
  2. Cyber Threat Assessment Programs: cyber threat assessment is another excellent resource for security teams looking to identify network vulnerabilities. Information gathered during an assessment can be used to build and validate existing architectures that directly address any current or potential vulnerabilities. Likewise, visibility into application and device usage enables security teams to better secure their telehealth initiatives and allocate network resources accordingly.


Insider Threats in Healthcare

Insider threats have the potential to be just as, if not more, dangerous than external threats since internal threat actors almost always have privileged access to a network. This can make protecting against threats incredibly difficult, not only because they are initiated inside the secure network perimeter, but also because internal attack methods are often not the same as those conducted by external threat actors.

Insider threat actors can typically be broken down into three categories:
  1. Malicious Insiders: Malicious insiders are typically employees looking to cause harm to an organization, usually for personal gain, either through the direct sale or exploitation of data for themselves, or on behalf of a competitor or other external criminal organization.
  2. Negligent Users: While not malicious in intent, negligent users can unwillingly put a healthcare organization at risk by attempting to side-step policies in the name of productivity. Typically, negligent users’ activity will leave a network vulnerable to outside attacks by introducing security gaps in the network through such things as setting up shadow IT resources that store data off-network without the IT team’s knowledge, or by adding rogue software or devices that haven’t been properly vetted or secured.
  3. Careless Users: These individuals have no intention of putting a network at risk but make mistakes that can open a network to external threat activity. This can be anything from clicking on a phishing link to browsing a malicious site to downloading an infected application. What makes this threat particularly dangerous is that the threat action is not planned, making it much harder to detect and manage.
Part of the reason why insider threats pose such a great risk to healthcare providers is that protecting against them requires full visibility into the network. While there are some actions that healthcare providers can take to protect their networks, such as employee training and network segmentation, protecting against insider threats will increasingly pose a challenge for this industry without deep visibility into devices, behaviors and activities and the ability to compare them against established baselines. Complicating this further, healthcare typically has high turnover in administrative functions and clinical staff, which means systems and processes need to be documented and embedded in the network to avoid the loss of critical institutional intelligence when a system administrator or other IT professional leaves the organization.
 

Connected Medical Devices

Connected medical devices have quickly become a mainstay within the healthcare sector due to the benefits they have for supporting coordinated care. These connected medical devices allow doctors to monitor the health of patients remotely and in real-time. For some groups of patients, these devices are critical to their health, such as those who rely on them to regulate blood sugar levels, monitor heart conditions or treat chronic disease. The issue is that far too many of these connected devices are inherently insecure and vulnerable to the same types of attacks that threaten other digital devices. What makes this particularly dangerous is that an attack on a connected medical device can be life-threatening, which is why the healthcare industry, including the developers of IoMT devices, must take action to secure them moving forward.
 
Adding to the complexity of the issue is the fact that physical proximity is not required to compromise a connected medical device. If cyber criminals can gain access to a healthcare network by exploiting a vendor, penetrating a cloud data service or through a health system application, they will have access to all of the devices connected to that network.
 

Final Thoughts

Securing digital solutions is a necessity for healthcare providers undergoing digital transformation. Cross-network visibility, real-time assessment of potential threats, understanding which threats need to be prioritized and working through remediation tactics will improve the overall security of a healthcare facility. For this reason, security personnel must use planning and threat analysis in their efforts to protect against both internal and external threats.

About the Author: Sonia Arista is a seasoned information security and technology specialist with over 20 years’ experience. At Fortinet, she is responsible for the go-to-market strategy, solutions and sales growth for the company’s healthcare business.

Get the best insights inside digital health. Register for our newsletter.

Related
Google's Project Nightingale Raises Health Data Privacy Concerns
Ransomware Attack Forces 3 Hospitals to Turn Away Patients
Ransomware Attack Affects 320K, Medical Group Provides No Updates

SHARE THIS SHARE THIS
13
Become a contributor