Secure Health Care Technology Matters in a Connected World
Health care organizations face a clear and present danger as they struggle to secure and manage health care technology in complex technical environments.
For years, the health care industry has lagged behind in the use of digital technologies. A fragmented industry with many institutional stakeholders has made it difficult to digitize this sector. Although health care providers implemented electronic medical records (EMRs), many practitioners have found their value limited. Many of these records only store the information that practitioners enter themselves — they’re static sources of information. Practitioners want comprehensive access to the latest clinical patient data at the point of care.
To realize the full potential of EMRs, the industry needs information to flow dynamically into these records from multiple sources, both inside health care facilities and from mobile medical devices. It must digitize end-to-end clinical workflows to make this vital patient data more communicable and collectible.
This is the kind of trend that participants at HIMSS 2018 are working on. But for this digital continuum of care to work, medical devices must become increasingly connected.
Connected Devices Create Security Issues
Connected devices are already bringing benefits to the health care industry — but they’re bringing challenges, too. These devices aren’t all like PCs. They’re Internet of Things (IoT) devices — small, constantly connected and highly mobile. This constellation of devices is highly eclectic, with a wide variety of operating systems and hardware footprints.
This quality alone makes medical device ecosystems difficult enough to manage, but the nature of medical networks adds another challenge. In health care networks, IoT devices and administrative end points intermingle, and they all hold and exchange highly sensitive information with each other. It’s a high-risk environment in which everything must be tightly secured.
Device flaws can be fixed with software patches, but then these must be applied. Maintaining these devices and keeping them secure is a daunting challenge for medical facilities who are already busy coping with one of the biggest technology transitions in the sector’s history. It adds to the already-daunting task of patching administrative equipment on the same network.
Research bears out the difficulty in coping with these security risks. In a Deloitte poll of professionals in the IoT-connected medical device ecosystem, more than one third said their organizations experienced a cybersecurity incident in the past year. Three in 10 said identifying and mitigating the risks of existing connected medical devices is the industry’s biggest cybersecurity challenge.
Miscalculating the complexity of medical device management and support can cost health care institutions dearly. Governments are closely scrutinizing data privacy, and the consequences of losing patient data can be steep.
Attack the Problem Through Support
IBM Healthcare Technology Support Solutions (HTTS) is addressing these problems through a comprehensive array of support options for health care providers. By addressing both IBM and non-IBM products spanning both administrative and IoT-side functions, it offers an end-to-end management solution and a single point of contact for customers.
With the help of artificial intelligence, HTTS adopts a multilayered strategy to securing and managing medical devices. This approach, known as “defense in depth,” maximizes the level of security for each device on health care providers’ networks.
IBM proactively looks for available software patches to ensure all appropriate updates are applied. It works with device manufacturers to help identify and patch vulnerabilities in their systems, as well as with health care network operators to ensure these patches are applied during the appropriate downtime windows.
What about devices that no longer create patches, because they’ve reached their end of life or their manufacturers went out of business? HTTS protects those devices by directly configuring them to lock down appropriate hardware functions. It also configures health care networks to segment devices and minimize the risk of compromise, while adding encryption technology to protect information as it passes between devices on the network.
Other techniques like role-based access control help to ensure that only health care professionals authorized by the device’s owners have access to the appropriate system functions.
A Better Health Care Technology Ecosystem
One thing is certain in our rapidly changing health care sector: Things are going to become more connected. In the rush to innovate, devices will become smarter, and workflows will get faster and richer. Health care providers embracing this change owe it to themselves and their patients to ensure they’re operating on a solid technology foundation.