The growing threat of cyberattacks and the risk of data leaks, as well as the need to comply with stringent public regulations on the protection of personal data, mean that the IT departments of the healthcare industry’s many hospitals, facilities, and other organisations are under increasing pressure. The complex web of computers, mobile devices, and connected medical equipment across multiple locations means that increased control and management is needed to reduce such difficulties, and reduce the threat that technological issues could have on the industry’s ability to focus on care.
The wealth of data available on the NHS network and the potential impact of data unavailability makes the industry very attractive to cyber criminals. If devices are left insecure or running out of date or unpatched software, healthcare organisations face increased vulnerability to threats such as the WannaCry ransomware attack that hit so many organisations in 2017.
The widespread adoption and use of mobile technologies are opening new and innovative ways to improve healthcare delivery. But advances in mobile medical apps to help manage the health and wellbeing of patients is creating fresh challenges for IT departments. The ability for healthcare professionals, patients and even consumers to access useful data from a smartphone or mobile device creates further complexities around managing all these devices and the data that they process.
Today, many healthcare organisations implement Bring Your Own Device (BYOD) programs, which allow healthcare and administrative staff to work flexibly, anytime, from anywhere. Indeed, if the flexibility of BYOD enhances accessibility, productivity and employee satisfaction, all these devices and systems need to be configured, updated, managed and secured. In addition to monitoring these new devices in the healthcare environment, IT teams must also manage the multitude of devices that simplify and reinvent patient care. These connected objects are varied, from portable devices that monitor the heart rate, blood pressure or blood glucose of the patient.
So, for every device that connects to the network, it’s highly probable someone is looking for a way to use that connection to access healthcare organisations’ data using malware, ransomware or other intrusive methods. It can be difficult to keep up with the fast pace of IT administration tasks, let alone provide unified security across the system. Unfortunately, due to the complexity of environments and the lack of time and resource, IT teams are often only able to act in the moment that cyberattacks occur; rather than preventing it in the first place.
The scale of the issue is alarming:
- Only 5% of organisations are ready to support all modern terminal management requirements
- A study published in the Journal of Hospital Librarianship estimated that 85% of health professionals brought their personal devices to their workplace
- By 2020, nearly 85% of health organisations should integrate IoT
- The health care industry is the victim of twice as many cyberattacks as other industries
Regulations in the healthcare industry require organisations to have a huge amount of control over the personal data they hold. HIPAAA in the US for example, requires various objectives to be met, such as ensuring the confidentiality, integrity and availability of all electronic patient data, while allowing the adoption of new technologies to improve the quality and efficiency of patient care.
Know what you have, and get it secured
So how on earth can a small, stretched IT department in the healthcare sector ever hope to overcome such challenges? The most important point is gaining some degree of visibility over every connected device in the organisation, as in truth, you cannot secure what you cannot see.
Do you know what devices are connected to your network? If not, you are not alone. With so many doctors, nurses and support staff adding new devices to the network and other technologies being adopted, it can be nearly impossible to keep track of everything. Systems management tools commonly known as Unified Endpoint Management provide a single place to view all device activity, which not only saves time but also greatly reduces risk because you can ensure that all network-attached devices are accounted for at any given time.
In a healthcare environment, these devices are about as diverse as it gets, so it’s not just a simple case of being able to secure and update an environment of Windows PCs. With connected medical devices and other IoT (Internet of Things) devices all needing to be secured, make sure your endpoint management strategy can manage and secure these devices, no matter what obscure operating system they’re running.
As we saw with the devastation caused by the WannaCry attack on the NHS, the reason why the impact was so widespread was due to out of date software and unpatched systems. Deciding not to patch systems is not an option, but having to patch all these systems manually can not only be daunting for a small IT department, but practically impossible. That’s why the key here is automating the process, enabling even the smallest to be proactive about patching vulnerabilities in systems before cybercriminals have a chance to exploit them. By automatically scanning for and fixing vulnerabilities, as well as automatically sending out big important patches to every single device simultaneously, you no longer need to worry about spending valuable time and energy manually patching each system.
By gaining visibility into every device on the network, and automating the security on every single one, IT departments in healthcare can ensure that their connected devices aren’t leaving the door wide open to external threats.
By Ken Galvin, Senior Product Manager, Quest KACE
