The increase of mobile devices, embedded devices, virtualization software, social media and the consumerization of IT are the top five security threats for healthcare organizations today, says one expert.
Frank Andrus, chief technology officer at Bradford Networks, a security solutions provider based in Concord, N.H., shared with Healthcare IT News what he believes healthcare organizations should consider their top risks – and his recommendations for minimizing them.
1. So Many Mobile Devices, So Much Risk
Mobile devices are ubiquitous in today's society, and the number and types of devices used by physicians, nurses, clinicians, specialists, administrators and staff – as well as patients and visitors – is growing at healthcare organizations across the country. Providing anywhere/anytime network access is essential, particularly when instant communication is required to ensure quality patient care. But these devices are launched daily with upgraded versions of operating systems that are ripe for infection.
Recommendation: Use network access control (NAC) solutions, which offer the ability to identify each type of user and connected device, scan the device for threats – including out-of-date anti-virus or anti-spyware protection – then provide access based on the device and the user's role within the network. The NAC solutions can also provide a view of network security status across all brands of equipment and devices so nothing falls through the cracks. Such a view is crucial in health care organizations, whose networks are often comprised of infrastructure from multiple vendors.
2. Embedded Devices Become the Norm
As tablets and mobile devices with wide-area network and Wi-Fi capabilities – including medication scanners, patient-monitoring systems and imaging devices – become more common, embedded connectivity makes tracking, monitoring and managing enterprise productivity easier while helping reduce errors. However, embedded connectivity also puts a strain on bandwidth and exposes the network to viruses brought in by a host of new connected devices that are different from traditional PCs.
Recommendation: Incorporate a security solution that will protect the integrity of critical (and often private) data and close any vulnerability gaps in the network.
3. Virtualization from Desktops to Servers
Gartner reports that 80 percent of enterprises have a "virtualization" strategy to run more than one application on one server. The strategy is achieved by using virtualization software, which allows servers to run multiple applications with limited investment in hardware and which reduces costs associated with energy, lowering an organization's carbon footprint. The popularity of the strategy is no surprise: Virtualization holds promise for enterprises of all types – including those in health care – looking to significantly reduce hardware and management costs, implement green strategies and make the most of the flexibility offered by virtualized desktops. Unfortunately, as more users move to virtualized environments, more threats arise.
Recommendation: Healthcare organizations need to remember that hosted virtualized desktops (HVDs) should be viewed in the same way as traditional devices, posing the same – and some new – threats as any connected device. Set the stage now, before adoption explodes, by ensuring that your NAC solution and other network security tools can view an HVD the same way they view a PC.
4. Viruses Spreading through Social Media
Social media platforms such as Facebook, Twitter and YouTube are here to stay, and even healthcare users are not immune. This means that in spite of a host of malware that can spread like wildfire through social media sites, it may be virtually impossible to permanently block access to social media at your facility.
Recommendation: Quickly identifying which devices are infected is essential to maintaining network security and protecting crucial data.
5. IT Becomes Consumer Friendly
Physicians and employees need access to the facility's network, but the consumerization of IT has made the problem more difficult to manage. As users increasingly adopt their own devices for professional use, health are organizations will see more network security threats. In fact, the consumerization of IT is driving the need for network security solutions that can cover multiple types of devices and infrastructure components.
Recommendation: A solid NAC system can help stave off each threat. Respond with security solutions that identify any consumer-adopted device, scan for threats and deficiencies, then provision access or automatically remediate problems – regardless of the type of device or location.