Post by Tom Finn, Director of Market Development, Medigate, and Troy Ament, Field CISO – Healthcare, Fortinet
To say the least, 2020 has been a uniquely challenging year for healthcare. Although healthcare delivery organizations (HDOs) have responded in many different ways, there have been notable consistencies. For starters, investments in connected medicine continue to increase and related cybersecurity concerns, especially given how telehealth adoption was pushed forward, remain top of mind. Finally, we know the buy-side of the cybersecurity solution market is evolving when previous discussions largely dominated by asset discovery have given way to ones about operational efficiencies and measuring business value.
What are the right set of connected medicine security investments? How are the insights derived from the leading solutions driving ROI? And what evidence is there that these solutions are improving patient safety? We discussed these and other questions in a recent Healthcare Innovation webinar which can be accessed here.
A closer look at the problem
We now accept cybersecurity threats as real. Attackers hit healthcare at a rate 4X greater than other industries and new forms of ransomware continue to emerge. The costs are untenable. In fact, they can be deadly, which is why healthcare organizations are focused on layering-in defenses to protect their ever-expanding connected infrastructures. With care protocols continuing to fragment, an increasing number of unmanaged endpoints pose risks that must be managed. These endpoints include thousands of IoT devices –as many as 15 connected assets per patient bed– with many of them storing and transmitting sensitive patient data (PHI).
To ensure patient care remains safe and reliable, all of these devices need to be managed/protected. So, the first thing that health systems must do is get a handle on what’s out there. And it cannot just be about device discovery and identification, but also, gaining the insights that enable far more efficient, effective maintenance and security management. Put simply, if we’re going to fix the problem, let’s fix it in a fashion that eliminates outdated routines, makes staff more productive and drives operational improvements. That’s a sustainable strategy.
How to simplify medical and IoT device security to drive value
To make sure health systems can protect their data and devices, we recommend implementing a security framework like NIST or IEC 62443 to holistically cover all aspects of operations. These frameworks inform a zero trust path to securing cyber physical systems. In other words, not just the security requirements of the devices themselves but the care protocols they enable. Regardless of the framework, these four key security capabilities are essential:
- Clinical visibility: Detailed insights into authorized workflows and utilization and devices are required –not just their identities. Call it an “enlightened definition of visibility,” as it assumes that everything we need to know about a device’s network and security posture, how it operates, what it needs to perform its mission, where it needs to connect, etc., is known. Because when it is, everything changes. Device management and security decisions can be made with confidence. And as the HDO’s environment evolves, the right kinds of accommodations can be made proactively.
- Network access control systems: Full visibility means full context. And that means endpoint access controls to networked resources can, at a minimum, be made based on identity/role/group/care protocol, etc. Even physician preferences can be accounted for.
- Internal segmentation firewalls: Medical devices and other valuable networked resources can be segregated based on risk posture(s) to minimize attack impacts and stifle attack propagation.
- Software-defined wide area networks (SD-WAN): Security strategies (including device- and group-level policy enforcement) can be extended to the edge of the network.
When a health system invests in visibility tools capable of delivering the required insights (i.e. there should be no compromises here) then clinical network management complexities can be effectively addressed. The right tools provide a dynamic moving picture (not a snapshot) and fit perfectly into the constructs of broader real time health system-based initiatives.
Because the insights that can be provided are meaningful and new, they are powerful. They deliver significant operational efficiencies and, therefore, business value that can be measured. The opportunity here isn’t defined by incremental improvements but by the wholesale elimination of outdated routines. It also means significant enhancements to staff and system workflows throughout the ecosystem.
What’s been missing is a contextualized common data foundation capable of naturally driving the kinds of cross functional collaborations required. And that’s what Medigate and Fortinet are delivering.
How Medigate and Fortinet can help
Medigate is meaningfully integrated with Fortinet’s next generation firewall, FortiGate, and Fortinet’s network access control solution, FortiNAC. These integrations have been engineered to provide hospitals the kind of visibility that has been described in this paper –in existing, familiar workflows. The common data foundation we’re talking about ensures scale and agility to existing segmentation processes by automating the creation of dynamic, clinically-vetted security policies and then closing the loop through Fortinet enforcement mechanisms.
These same solutions also map all authorized internal and external device communications. Serving as a real time traffic monitor, each solution is able to proactively detect network flows that deviate from those that are authorized. Once threats are detected, access restrictions can be triggered and enforced by FortiGate and FortiNAC to contain the attack and mitigate the risk to the hospital’s network.
To see a sample of the capabilities the powerful integration between Medigate and Fortinet offers, please watch the full webinar here.