I recently had the pleasure of attending and also presenting at the HIMSS WoHIT event in Barcelona, an event focused on the exciting innovations, evolving business potential and overall benefit of IT within the Healthcare Vertical. I discussed the innovations occurring in Healthcare, that of Digital Transformation and the Internet of Things, and what impact the topic of Security has on these innovations.
How do Digital Transformation and the Internet of Things change the Healthcare space?
Digital transformation in Healthcare at its most basic and beneficial view is shifting away from those large storage rooms filled with huge filling cabinets overflowing with countless folders, diaries, and sheets of patient data to a digitised version of all that extremely valuable, contextual healthcare information, stored on secure, resilient, and accessible digital systems. Having all that wonderful data digitally available opens up fantastic opportunities, such as greater volume of data sources to leverage in healthcare research and development. It could also lead to the discovery of new cures based on observational data that previously would have been hidden amongst the massive stores of sheets of paper, and that is a really exciting prospect.
Then, the Internet of Things, again at a basic and beneficial view, is any item that can connect to a network and can monitor, collect, sense, share, exchange, or provide any sort of service on that network that will be of value to a Healthcare service. While many people will be more familiar with modern-day IoT devices such as the Apple iWatch, Nike FitBit, or the Nest thermostat, in healthcare there are multitudes of exciting IoT innovations occurring today that could help bring practical benefits to staff and patients alike.
Simply connecting existing medical equipment to a network such as MRI machines, CAT scan machines or infusion pumps allow them to receive and feed data to a management server or patient record system are an xample of IoT in action. Additionally, there are wireless sensors that monitors a patient’s heart-rate, temperature, movement, or breathing pattern that raises an alarm in the event of measurements exceeding threshold-values. Additionally, Location-aware devices are able to transmit a device’s movement and location to a tracking application so staff can locate equipment or even patients without needing to make time-consuming searches. Another innovation is a home medication-dispenser that automatically uploads data, like when medication
What impact is this having on Healthcare systems, and specifically on security as a result?
With this digital transformation evolution in Healthcare there will be a colossal volume of digitised data generated from these IoT devices, sensors, beacons, etc available on Networks for Healthcare teams and patients to leverage for new and improved services provision. Therefore, making sure that the healthcare organisation, their staff, and their patients can properly manage, control and secure this tidal wave of digital data will be of paramount importance because digital data is now potentially vulnerable to hacking and ransomware, or theft and misuse of data such as patient blackmail.
Unfortunately, as many of healthcare organisations undertake this major digital transformation journey, many of those organisations do so upon aging networking technology and computer systems that are simply not fit for this evolution, lacking the appropriate digital security frameworks and best practices.
And unfortunately, in many cases this lack of readiness for this healthcare evolution has actually forced some healthcare organisations to delay or postpone their digital transformation programs until sufficient budgets and proper practices are in place, to the detriment of improved innovations in healthcare service provision for staff and patients alike.
Unlike the banking and financial industry verticals, where strong security practices have been at the core of their service creation and provision for a long time, the healthcare vertical is only now starting to approach the challenge of digital transformation and security, and not fully appreciating the multifaceted, complex nature of the threats to their service.
Where are healthcare systems most vulnerable when it comes to security?
As many healthcare institutions are in the early stage of their digital transformation journey such as connecting new IoT devices to their network, or opening new channels of communication both internally and externally for staff, suppliers and patients, and initiating new digital health practices and procedures around that transformation, this unfortunately creates a greater opportunity for opportunistic hackers or premeditated criminals to find vulnerabilities such as new software security flaws, unsecured network connections, weak password policies, and many more avenues to take advantage of.
Healthcare is in an early stage of adoption and connection of new and innovative IoT devices, sensors, etc. However, we have also seen healthcare organisations beginning to connect legacy devices and systems onto their network, some devices which were never designed or expected to be connected to such large networks, and accordingly never had the appropriate security standards built in to them, and these IoT devices and systems represent a significant security risk that must be prepared for.
What do healthcare systems need to do to address these security challenges?
This is such a multifaceted domain to cover and there are many places to start this process. Avaya have created a list of 10 questions that we propose all Healthcare Institutions need to address before adopting IoT-connected devices onto their digital network:
- Have you segmented your network into secure zones?
- Have you secured your medical device connection points?
- How secure is your third-party network access?
- Are your devices regulation-compliant?
- Is your texting secure?
- Are your staff security-aware?
- Where are you managing your devices?
- Where are your Wearables?
- Are log-ins secure?
- How often are you auditing your security?
Putting these questions in place should start the process for securing your digital network. Once its secured, there are a plethora of IoT-connected devices out there that can be adopted to better your services.
Image Credit: Photo_Concepts / iStock