Sep 10
2019
Protecting Networked Medical Devices from Security Breaches to Enable the Safe Delivery of Virtual Healthcare
By Kevin von Keyserling, chief strategy officer, Keyfactor.
As value-based care becomes more prevalent, healthcare delivery organizations (HDOs) are continuously looking to transform the patient care model with goals of reducing costs, optimizing patient outcomes and driving better financial performance. As new channels, delivery agencies, and patients taking greater responsibility in managing their care in the continued shift to telemedicine or virtual healthcare, digital security has become an even more important component of this evolving ecosystem.
Given the growth of connected medical devices, the potential for security lapses from release through use is considerable. While implanted devices draw the most attention, the broader universe of medical care gadgets can also warrant concern. In the U.S. alone, hospitals can average anywhere between 10 to 15 connected devices per-bed. With this kind of scale, the number of security gaps can be significant.
Medical devices that feature wireless connectivity, remote monitoring, and near-field communication technology allow health professionals to adjust and fine tune implanted devices remotely and in real-time. Devices capture and transmit data across many channels and receiving parties, but many fail to incorporate data security protocols and standards. Older devices that remain in the field may be using outdated security software. There is also significant ambiguity on who owns the data, which can result in nobody taking the lead on managing current security practices. Put these factors together and it’s easy to understand why healthcare data is highly susceptible to security failures.
Optimizing Data and Device Security
Healthcare has the highest breach-related costs of any industry at $408 per-stolen record. As patients willingly share personally identifiable information (PII) reliable controls must be in place to protect patient privacy. Every identity within an organization must be covered by layers of digital security, and the process can be broken down into smaller bites to ensure you’re setting the stage for optimized data and device security without taking everything on all at once.
- Establish necessary barriers: Improve the strength of targeted devices between devices and outside threats and be aware of your device inventory always – no device should ever be left unattended! Don’t leave cell phones or laptops out in open spaces, but if you do, utilize features such as auto-lock. Ensure that all devices are locked in a restricted and secure area when not in use.
- Define your security protocol: Make sure to have a regular cadence in which passwords need to be updated and utilize multi-factor authentication when possible.
- Encrypt, authenticate, authorize: Encryption along with authentication and authorization is the lifeblood of successful digital identity security. Having unique digital certificates that cover every identity validate that a device is authentic and assert with high assurance that its messages are genuine.
- Vet partners and suppliers: Make sure any vendors and/or OEMs that you work with are vetted. Don’t be afraid to have an open dialogue with your vendor about their attention to security – they should place as much importance on it as you do.
- Invest in security automation: Manual processes are prone to errors. Automation drives high assurance that every investment you’ve made in building your digital security program will work. Workflows become refined and execution gets easier.
- Adhere to industry guidelines and standards: By following recommended standards, you’ll reduce risk both inside and outside your organization. Regular cadences and audits on log files, pending digital certificate expirations, personnel changes and regulatory updates help detect issues and can provide the runway you need to prevent catastrophe.
- Create shared responsibility: Protect patients by building a flexible, collaborative team in order to create ongoing, two-way dialogue and input regarding security.
- Consider a technology vendor for help: No matter how you’re delivering healthcare today, security must be top of mind for both current processes and future innovations. Identifying the right partner can help you determine how best to invest in the right technologies. Many vendors have a broad portfolio of enterprise and IoT security solutions specifically designed for the healthcare segment, with proven platforms and expanding capabilities designed for HDOs, EHRs and OEMs alike.