Free Wi-Fi and IoT Adoption In Hospitals. What about Security?

Jan Hof | May 27, 2016
Introducing wireless broadly in hospitals provides many benefits. First and foremost is improved healthcare service. Use of e-prescriptions is expected to cut the number of prescription errors in half. Use of self-monitoring wearables by patients connected to the local Wi-Fi, allows medical staff to be alerted to issues more quickly. An example is the automatic and continuous measurement of blood glucose levels, as more than one-fifth of diabetics stated they have experienced “largely avoidable” hypoglycemic episodes while in hospital. Secondly, wireless networking allows greater efficiencies to reduce administrative tasks, free up clinical time by processing patient data once, preferably at the patient bed-side, and ultimately lower healthcare costs.
Thirdly, a more positive patient experience. No one enjoys a hospital stay. Allowing patients to use their smartphones or other devices to go online, lets them keep in touch with family and friends or watch on-demand television, supporting faster recovery.
So it’s not a big surprise that the UK Health Secretary Jeremy Hunt1) already pledged in December last year to use the £1bn NHS technology fund to have free Wi-Fi in every NHS building by 2020 to improve treatment and bring down costs.
Is there a downside to all these benefits?
Personally, I am not too concerned on my medical records, but that’s probably because I am healthy and not a celebrity. How different would it be if I want to sign-up for a life insurance and my complete historical medical record is suddenly part of the acceptance procedure, resulting in an increased cost of my life insurance. Or I am changing jobs, and to my surprise, I don’t get the job due to “unstated previous psychological issues” which became available to my new would-be employer.
And it can become much worse: What if a heart-monitoring appliance suddenly fails due to unexpected network activities caused by hackers?
Are we doomed to stay in the Dark Ages?
To answer this question we need to look a bit deeper at the underlying issues. With the use of wireless comes the challenge of mobility, and we need to distinguish many different use-cases:
As a result, the healthcare network has become very dynamic and the challenge is to know which devices/users are connected to the network and who should have access to which data. Network segmentation is a good solution to address this challenge. However static VLAN assignment as it was used in the old days is no longer sufficient. Instead, hospitals need dynamic segmentation: based on the user, the device, the compliance status of the devices, the location – the user/device needs to be assigned to the right VLAN as soon as they connect to the network.
And with the challenge of mobility and the use of IoT devices comes the challenge of how to identify all these different devices. Patients will not allow the installation of software agents on their personal devices. Clinical devices in general don’t allow the use of supplications either. Using an agentless solution to discover and classify devices is mandatory.
The next challenge has to do with data privacy. With medical staff using mobile devices to store and access patient records, data breaches are likely to continue – for instance when a medical device is lost or stolen. A Mobile Device Management solution and/or hard-disk encryption are possible solutions, but then you must be able to guarantee that the MDM agent and/or encryption is working properly. And with the new European General Data Protection Regulation2), penalties in case of a data-breach can become very significant – as high as 4 percent of the annual global turnover.
A fourth challenge is rogue networks – how to ensure that the medical staff is connected to the corporate trusted hospital wireless network and not the public or rogue wireless network when exchanging confidential information.
A last challenge, not specific to hospitals but applicable for all organizations dealing with a large variety of corporate, personal and IoT devices has to do with hardening the network and minimizing the security attack surface to prevent a security breach in the first place. Hospitals need automated policies to protect individual network components through routine and periodic evaluation, including updating security patches on corporate devices as soon as they connect and disabling all unnecessary ports and services.
See. Control. Orchestrate.
You cannot protect what you cannot see. The Forescout solution is unique in that sense, as we don’t rely on agents to gain visibility into your endpoint landscape AND we continuously monitor devices coming on and off the network. Equally important, we let you control these devices and orchestrate information sharing and operation among disparate security tools to accelerate incident response. Our solution integrates with leading network, security, mobility and IT management products to overcome security silos, automate workflows and enable significant cost savings. Forescout solutions are known to be easy to deploy, flexible and scalable. As a result, more than 2,000 customers in over 60 countries improve their network security and compliance posture with Forescout, with many of them in the healthcare sector3).
Jan
References
Toll-Free (US): 1-866-377-8771
Tel (Intl): +1-408-213-3191
Support: +1-708-237-6591
Headquarters
190 W Tasman Dr.
San Jose, CA, USA 95134