Across the care continuum, reliable access to information is critical to successful patient and business outcomes. To enable high availability while protecting against threats like Denial of Service (DoS) attacks, consider restricting or policing your control-plane traffic.
Ransomware is on the rise, with the potential to cause significant harm to healthcare organizations, especially if critical clinical machines are infected. In addition to a strong backup and recovery process, look to improved user education and defensive controls that do not rely on signatures alone.
Software patching is one of the most basic security controls — and can be one of the most difficult to manage. When patching means losing support from a vendor, it’s a particular problem for healthcare organizations, as this can affect the regulatory status of medical devices. When patching isn’t possible, consider network segmentation and increased monitoring.
IoT enables many kinds of network-connected medical devices, bringing both clinical benefits and security risks. One problem is a lack of mature software-development practices on the part of device manufacturers. Another is an increase in the attack surface. Adding mobility to the mix, a secure network must be able to identify devices as they connect and apply security policies dynamically.
As many healthcare organizations decentralize to improve care and efficiencies, organizational boundaries blur, opening up a new range of threat vectors and introducing challenges to visibility and control. Prepare for this shift with information-sharing agreements. Other considerations should be policy based, such as co-location working practices, and practical, such as the use of network-awareness tools.
For healthcare organizations operating in large or public facilities, it can be difficult to track the location of each person in the building. While emphasis is often placed on wireless security, the wired network may be the most exposed. To keep it safe, consider physical security as well as authentication, authorization, and posturing at the network edge.
Some security breaches are caused by internal employees who use unofficial processes as workarounds in an effort to get their work done. To prevent this behavior, be sure security processes are integrated into clinical and business systems to support (not hinder) workflows.
Healthcare workers tend to be culturally motivated to provide the best care, even if that means working around poorly designed systems via insecure behaviors, like the use of shadow IT. Instead of just blocking these behaviors, foster a culture of security and establish a secure means of meeting staff needs.
There is a global shortage of skilled security professionals, and in many healthcare organizations the security function is relegated to the IT team. To address this challenge, invest in people, processes, and education, and deploy an integrated security architecture.
Healthcare executives must understand the full impact of a cybersecurity breach — including loss of confidentiality, systems downtime, reputation damage, and risk to patients. To educate executives, tech teams must articulate risk in non-technical ways, seeking guidance to prioritize business investments.
We can examine each of these 10 challenges in isolation, but the best approach is to treat security as an end-to-end system. Taking an architectural approach, the overall security system acts as an enabler of the business, improving threat detection and reducing management complexity.
Let our dedicated experts help you better secure your healthcare organization via a broad range of technologies and services, including Cisco Netflow for real-time network telemetry, Cisco TrustSec for software-defined network segmentation, and Cisco Security Advisory Services for strategic planning support.