Like most industries, the health care sector uses connected networks to improve efficiency and leverage data. But with this connectivity comes a major risk of cyberattacks.
Without thorough cybersecurity, you leave your hospital’s cyber infrastructure vulnerable to a malicious breach. And it’s not just outside hacking attacks that you need to worry about — intrusions can be introduced inside your network from an infected USB flash drive or through a vendor unknowingly creating an unprotected connection to the outside world.
A health care cyberattack likely occurs for one of two reasons:
1. Accessing electronic health records to sell on the black market; and
2. Hijacking systems and preventing access until a ransom is paid.
Both types of attacks can be devastating for your hospital’s reputation and ability to continue to function. Unfortunately, creating a secure cyber network in today’s hyper-connected world is a bigger challenge than some hospital IT departments may realize.
The Connectivity/Vulnerability of the IoT
The Internet of Things (IoT) refers to all the daily devices and everyday objects we use that are now enabled with network connectivity. Objects that formerly were not connected to the network — like appliances, light switches, and televisions — now are all connected and collecting and sharing massive amounts of data. This same concept can be applied to your hospital building through the Internet of Buildings (IoB).
More than any other building type, hospitals have a significant number of potential smart devices, building systems, clinical equipment, and other leading-edge technologies that can be connected, providing countless opportunities for workflow and systems to be more efficient and easily controlled. Everything from window shades to thermostats can exist in technological harmony with building systems, information technology systems, and clinical systems on one unified network.
However, while designing your hospital to achieve this level of connectivity has many benefits, it also opens you up to greater vulnerabilities. Each device that is connected to your network represents a potential intrusion point from a cybersecurity perspective. Your IT department may not even be aware of the access points to your network created by less technical devices that wouldn’t fall under their purview.
A Holistic Approach
Hospitals can best protect their cyber infrastructure from malicious attacks by taking a holistic approach to cybersecurity. This involves more than protecting the computers and tablets in your hospital. This starts with approaching the planning of the hospital with the understanding that designing information technology, building systems, and clinical equipment can no longer be carried out in silos. There must be a single, unified process that considers those systems holistically.
As the connectivity of devices and objects in their building grows, many hospitals also are utilizing cloud-based storage. Shifting the storage and processing of sensitive medical data and hospital servers to a third-party cloud provider with expertise in cybersecurity also protects the data at a level that few hospital systems can match. In addition, any intrusion that could come through a device on the IoB at the local level would be impeded from accessing important patient data because of improved network segmentation.
However, this solution won’t be the right fit for every hospital. The decision to have portions of your network be cloud-based or on-premise involves multiple considerations.
With so many systems with network connections — from audio/video systems to security systems to clinical equipment — your hospital may have hundreds of different types of devices that utilize some type of connectivity. Recognizing the vulnerability this creates and expanding your concept of cybersecurity to holistically protect against all potential threats is the first step in creating a more resilient hospital cyber infrastructure.
This article originally appeared on IMEG's website. Click here to see the original article in its entirety.