HomeNews & TopicsTechnology and InnovationDevices are a reality of the circle of care, so how do...

Devices are a reality of the circle of care, so how do we ensure they’re protected?

Published on

*Sponsored content

By Ron Rotman

Devices are a reality in the continuity of care, from the consumerization of traditional medical devices, to the addition of webcams and video conferencing kits to support the delivery of virtual care.

However, these devices are quickly becoming security weak points for healthcare organizations. It’s nothing new that any device connected to a network is a risk, however, the recent explosion of devices in healthcare settings are making these organizations prime targets for ransomware activity — in fact, 40 per cent of manufacturers say hackers managed to gain access to their device.

More and more, it’s not just the financial toll of these attacks organizations are worried about, but the additional strain on clinical and administrative staff as ransomware-related outages disrupt workflows and put patients at risk.

As the proliferation of devices continues, there are more and more ways for attackers to get in. Here’s what healthcare organizations need to know about the changing security environment, and how they can rethink their approach to security.

Security challenges and increasing complexity in healthcare

In a typical patient room, there are anywhere from 15-20 devices connected at any one time. This includes everything from infusion pumps, ventilators and pulse oximeters, to a visitor’s mobile phone connecting to the guest Wi-Fi. When it comes to MIoT devices specifically, they are often designed with purpose — not security — in mind, making them difficult to patch and manage against vulnerabilities.

Add to this the huge volume of healthcare data now being transferred every day: telemedicine video; connected medical devices; EMR information traveling from a clinical facility to the cloud; smart facility applications, such as light bulbs and wayfinding; and patients, clinicians, and administrators driving the need for Wi-Fi everywhere.

This complexity is continuing to accelerate with mobile, security, IoT and Cloud, and so to are the number of security vendors on the market. The average enterprise has between 50 to 100 different security vendors in their environments. However, organizations are not getting any more secure, no matter how much money they spend on this technology.

Organizations need to go beyond security technologies and tools, and rethink their philosophy when it comes to their security approach. Enter: clinical zero trust.

 

Clinical zero trust

In a traditional zero-trust environment, no person, device or resource is considered secure. It’s assumed a network has been breached, and uses a series of verifications to grant access to a specific user, at a specific time, to use a specific resource or functionality. Zero trust is also built around three key principles: visibility, segmentation and containment.

Clinical zero trust (CZT) builds on these cornerstones, while also addressing healthcare’s multi-faceted needs, including patient privacy, connected – and unconnected – medical and IOT devices, and virtual care.

But implementing CZT is no small undertaking. Healthcare systems are reliant on legacy systems that may not provide this type of authentication – not to mention the plethora of medical devices that are either outdated, unconnected or unaccounted for in any given facility.

Getting started with CZT

CZT isn’t a one-size fits all solution, and successfully implementing a strategy requires collaboration between the organization’s business, clinical and security stakeholders.

With that said, the planning and roll out of a CZT strategy can be broken down into five phases:

  • Identify everything operating in the clinical setting
  • Map the use of entities to understand how they are involved in care and business protocols
  • Engineer the environment to protect the integrity and flow of each protocol
  • Monitor the environment to understand the impact of the policies you plan to enforce
  • Automate the implementation wherever possible to maximize the benefits of a CZT stance

It can be a daunting task doing this on your own, which is why Cisco has partnered with Medigate to go beyond network visibility and provide actionable security insights for healthcare organizations. Combining Cisco’s comprehensive, end-to-end healthcare security portfolio with Medigate’s platform, organizations can gain greater insight into devices on the network, benefit from network analysis to detect threats, and implement clinically driven, rule-based policy enforcement mechanisms.

To learn more about how Cisco and Medigate can protect your organization, read more here.

Ron Rotman is a healthcare account manager at Cisco Canada.

 

Latest articles

An ER doctor’s experience with long COVID – “My symptoms seemed endless”

On April 2022, another COVID wave was sweeping Toronto. It was the sixth since...

Tackling the issue of unused medication waste

When patients and programs don’t use all the medication that is prescribed, it is...

Obesity a risk factor for stillbirth, especially at term

Obesity is a risk factor for stillbirth, and the risk increases as pregnancy advances...

Prolonged cough? In most cases, patience is the treatment

Coughing after a respiratory infection is common and, in most cases, will resolve with...

More like this

Tackling the issue of unused medication waste

When patients and programs don’t use all the medication that is prescribed, it is...

Yukon Home Care embraces e-bikes for service delivery

Working collaboratively with other government departments, First Nations governments, medical facilities and community partners,...

Funding to take LHSC developed technology global

On average it takes five to seven years to diagnose a rare disease. But,...

Surgical guidance with AI

Researchers at UHN’s Toronto General Hospital Research Institute (TGHRI) have utilized artificial intelligence (AI)...

Navigating the fallout: 23andMe’s data breach and the ethics of consumer genetic testing

By unlocking secrets encrypted within our DNA, genetic testing has become a powerful tool,...

Testing new technology to help older adults age at home

When 72-year-old Hamilton resident Shirley was asked if she’d be interested in participating in...