Hospitals must secure vital backend networks before it's too late
Hospitals rely on wired and wireless networks to provide the backbone of mission-critical medical resources like smartbeds, monitors, EMRs, smart tablets, and telehealth. That backbone is being tested in ways it never has before, and the stakes couldn't be higher.
Medical providers and hospitals are being forced to rapidly redesign systems to respond to the pandemic, and when it comes to the network they must consider issues ranging from physical security to remote network access for offsite IT professionals.
I had a chance to speak with Roger Sands, CEO of Wyebot, a provider of wifi assurance to healthcare networks, about the challenges and vulnerabilities of some of the most critical network infrastructure in the world. His insights help illustrate steps that organizations of all types can begin taking with respect to their critical networks.
GN: Why is physical security so important when it comes to vital back end networks?
Roger Sands: A physically secure data center is crucial to hospital facilities and healthcare networks because it houses important, confidential information, like patient records, HIPAA requirements, hospital payroll and more. The network can also be considered the backbone of the entire hospital, as telehealth tools, smartbeds, devices that monitor vitals, EMRs, smart tablets and more, need to be connected in order to function properly. In efforts to battle the coronavirus, healthcare facilities are setting up dual locations, testing centers, labs and popup clinics, which opens opportunities for holes in the security process, which can lead to the wrong person gaining access to the typically secured data center.
At the top is the CIO, but on a day-to-day basis, it is the IT team that is responsible. When there's a pandemic, it's all hands-on deck, but hospital IT must be cautious about who has access to the backend network because it only takes one person to do detrimental damage. Policies should not be softened and the checks and balances need to be kept in place.
GN: What steps can healthcare organizations and hospitals take to shore up physical security?
Roger Sands: Strict guidelines, as always need to be implemented. You cannot lax standards. During a time like this, hospitals are dealing with a lot of moving parts, but network access must remain tight!
GN: How do, say, personal devices come into play? Can they introduce unexpected burden on critical network infrastructure in hospitals?
Roger Sands: WiFi is an unlicensed and shared technology. As more personal devices come into the hospital, generally they'll join the "guest" network. Due to the coronavirus, hospitals are increasing staff and adding shifts, bringing even more personal devices onto the network - not just phones, but tablets, smart watches and other wearables. Even if they're on the "guest" network, the airwave is still shared, meaning these devices will compete -- and possibly interfere -- with mission-critical healthcare devices, like ventilators, defibrillators and all other hospital equipment that is reliant on the network.
Ideally, they should be segmented into different frequency bands. In a perfect world, the mission critical devices will be segmented onto the 5GHz band, while personal devices are segmented to the 2.4Ghz band. The problem in healthcare is that there are too many legacy devices that aren't able to function properly on the 5GHz band.
Hospital IT should also have visibility into the network so that they can see what is accessing the network and how much bandwidth certain devices are taking up. With visibility, IT has the ability to track trends and utilization, so that they have an idea of where bandwidth needs to be allocated and what kind of policies need to be mandated in order to keep healthcare flawless.
GN: Is it possible to regulate personal device use of network assets?
Roger Sands: Personal devices can be regulated through policies that control bandwidth, allocating a fixed amount per user. During a pandemic, those policies should be tightened. Data analytics should provide IT with a roadmap to policies that make sense during these turbulent times.
GN: How long will it take hospital systems that haven't had to access their networks remotely to build the tools necessary to do so?
Roger Sands: There are remote monitoring analysis solutions available that can plug into the network and within ten minutes, provide remote access so that IT can safely access the systems. With the coronavirus, the issues is that access to certain areas is limited, so getting into the physical network may be an issue, but, with the proper tool, you'll only need access once to plug in the technology.
GN: What's at stake when it comes to ensuring IT pros can seamlessly access networks remotely and quickly?
Roger Sands: Time. If mission-critical devices go down, IT doesn't have time to physically access the network. They need to start troubleshooting immediately, because every second that goes by could result in a patient not getting the resources they need.
Everything is strained during a health crisis. There's an increase in patients, doctors and nurses, but a decrease in all other hospital staff due to travel restrictions and work from home policies, including IT. IT that is onsite, is being pulled into all different directions, and maintaining the network is only one part of their job. It's crucial that their focus remains on providing doctors and nurses with what they need to treat patients, but because additional requirements are being pushed onto them, it can be difficult to focus on the healthcare.