Five security threats to healthcare technology: how to protect your organisation

Healthcare organisations rely on technology to streamline communications; improve patient care; store an exponentially increasing volume of images, records and sensitive patient data; and manage and track connected medical equipment, all while dealing with an influx of consumer and employee devices trying to connect to their network.

Given the proliferation of embedded medical devices, an increasingly diverse and mobile population of users, as well as many new evolving technologies, healthcare organisations are being forced to step it up when it comes to network security, especially when sensitive patient data, valuable research information, and other highly confidential material may be at risk.

This year we’ll see even more threats, and in new environments. Amid ever-decreasing budgets, chief information officers and IT pros in the healthcare sector need to work out how to keep their networks running with fewer resources. With that in mind, there are five key threats most healthcare organisations will face – that is if they aren’t already coming up against them.

Threat one: with so many mobile devices come more risks

Mobile devices are ubiquitous in today’s world. As the number and types used by doctors, nurses, administrators and other staff - as well as patients and visitors - grows, so do the threats they bring to the network. Providing 24/7 network access is essential, particularly when instant communication is required to ensure quality patient care. 

The challenge here for healthcare organisations is how to support all these devices and allow them to connect to the network while maintaining complete control over their access.

Threat two: embedded connectivity

As tablets and mobile devices with Wi-Fi capabilities - including medication scanners, patient-monitoring systems and imaging devices - become more common, embedded connectivity makes tracking, monitoring and managing the healthcare organisation’s productivity easier while helping to reduce errors. However, increased levels of embedded connectivity also strains the bandwidth and exposes the network to risks from viruses brought in by a host of new connected devices that are different to traditional PCs.

Threat three: virtualisation

Most organisations have a virtualisation strategy to run more than one application on one server using virtualisation software. The effect of this is that servers can run multiple applications with reduced investment in hardware, which in turn serves to reduce costs associated with energy and limit organisations’ carbon footprints.

Unfortunately, as more users move to virtualised environments, more threats arise. Healthcare organisations need to remember that hosted virtualised desktops (HVDs) should be viewed in the same way as traditional devices, posing the same - and some new - threats as any connected device. It’s worth noting that the adoption of HVDs is on track to increase rapidly through 2012.

Threat four: viruses spreading through social media

Social media platforms such as Facebook, Twitter and YouTube are here to stay, and healthcare users are not immune from problems that come with accessing them. This means, despite the existence of a host of malware that can spread like wildfire through social media sites, it may be almost impossible to permanently block access to social media at your facility. Quickly identifying which devices are infected is essential to maintaining network security and protecting crucial data. 

Threat five: the consumerisation of IT

Healthcare organisations are no strangers to devices that need access to a facility’s network, but the consumerisation of IT (people bringing their own personal technology to work) has made the problem more difficult to manage. As users increasingly adopt their own personal devices for professional use, healthcare organisations will see more network security threats. In fact, the consumerisation of IT is driving the need for network security solutions that can cover multiple types of devices and infrastructure components.

Healthcare organisations should respond to these emerging threats with security solutions that identify any device, scan for threats and deficiencies and then provision access or automatically remediate problems regardless of the type of device or location.

The new generation of advanced network access control solutions recognise different types of users and devices, and apply security policies that enable adaptation to evolving network infrastructures and new types of threats causing problems for IT departments across the healthcare sector.

Network access control solutions solutions can also provide a view of network security status across all types of equipment and devices accessing the network so that nothing falls through the cracks. This level of visibility is especially vital across the healthcare sector, as networks are often made of infrastructure from multiple vendors.

 When dealing specifically with embedded devices, organisations should consider incorporating a network access control solution that will protect the integrity of critical (and often private) data, and close any vulnerability gaps in the network.

It should also be noted that on the server side, virtualising security and other infrastructure can also still form part of the organisation’s sustainability strategy and save on costs of hardware and administration, but only if the security is managed as part of this overall solution.

Technology and consumer trends relating to the use of technology will always change. At the most basic level, the sooner healthcare organisations accept this and understand the new types of threats out there and how they can resolve them, the sooner they can secure their networks against traditional and more modern problems.