By Jamison Utter, director of product evangelism, Medigate.
Last year (2020) was a year of chaos, and one that demonstrated why robust cybersecurity is an essential priority for all healthcare organizations. From COVID-19 disruptions to rapidly increasing networks of managed and unmanaged devices, it’s never been more important to secure the critical infrastructure that forms the basis of clinical care.
This is easier said than done- after all, the growing reliance on digital platforms has opened opportunities for increased attacks and raised questions about data collection and privacy. Threats like Ryuk and other high-profile breaches made a notable impact on the industry’s understanding of cybersecurity, not only for their monetary implications, but the significant operational disruptions that these incidents caused. On a national level, we’re seeing care networks expanding alongside access to telehealth services and the implementation of remote patient monitoring tools– with significant amounts of PHI being broadcast and analyzed each day.
When looking at these trends, there are two immediate realizations that all healthcare leaders should understand: 1) the rate of attacks is only going to increase as healthcare operations become smarter and more connected and 2) we need a better solution that works alongside clinical practitioners, biomed departments and organizational leaders even as it protects them from malicious attackers. For many of these concerns, the answer is Zero Trust, or more specifically, Clinical Zero Trust (CZT), that is uniquely attuned to the needs of the healthcare industry.
What Is Clinical Zero Trust?
Zero Trust represents the concept of “trust nothing, verify everything” in terms of cybersecurity. It has since grown to represent a networking approach that centers the design and application of IT networks around the identity and access rights of users and their data. Clinical Zero Trust applies this same idea but to the cyber and physical environment of healthcare organizations.
Think of CZT as a strategy and not a technology; it is an end goal rather than a feature or ability. Cyber protections like firewalls and end-point security solutions make up some of the offerings that help create a CZT environment. A typical healthcare organization has a security system that prioritizes protecting devices and data– CZT shifts the focus to protect physical workflows, which are made up of the people and processes involved in delivering care.
This means the protected surface extends to the physical world, including everything associated with administering a procedure or delivering care. At first glance, it seems like an impossible task to protect physical things with cyber technologies, but in reality, when you look at the clinical setting holistically it makes it easier to identify interdependencies and develop strategies that will effectively protect the physical, business and digital processes to drive optimal patient outcomes.
Getting Started With CZT
Given the expansiveness of CZT, you are going to need to get buy in and support from many stakeholders. You cannot approach biomed with the notion of applying more cyber controls to their environment without complete cooperation— the knowledge they possess and the relationships they have with device vendors can make or break your project.
You will also need to gain total buy-in– from leadership to biomed and clinical teams– to help them understand how applying CZT will help the business, not just from a cybersecurity angle, but also from a bottom-line and patient health perspective. Additionally, the knowledge required for CZT can improve capital asset planning and management, which is becoming increasingly important in this time of limited resources and stretched budgets.
Once you have gained the support of all parties, the next step is to achieve the deepest understanding of your clinical environment. To do so, you’ll need to implement solutions that allow you to garner insight into the devices connecting to your clinical network. From there, it is a matter of mapping devices, creating the proper architecture and enforcing policies to control the before the last phase– automation and the institution of CZT protocols.
For hospital leaders to implement CZT, the following whitepaper provides step-by-step instructions on how to do so: What is Clinical Zero Trust?
CZT As A Business Priority
Now more than ever healthcare organizations need to embody a CZT ideology. Cyberattacks pose such a threat to healthcare organizations and the quality of care offered to patients since they are able to compromise networks and the machines connected to them. When networks are internally compromised, there is no way HDOs can guarantee continuity of care. Cyberattacks can threaten the legitimacy of an organization but more importantly run the risk of threatening patients’ lives. CZT reduces the threat of even the worst cyber-attacks by consistently upgrading, tracking, and protecting a healthcare organization’s tech and networks.
For years, Zero Trust has been floated as a near-panacea for healthcare’s needs, that is, a solution that will finally put to rest the significant workflow and security problems that have long plagued the industry’s push towards hyperconnectivity. While we should be cautiously optimistic about CZT’s ability to solve these issues, it is true this technology is essential to our future as connected healthcare professionals, and we’re now seeing its widespread adoption and usage as achievable in the near term.