What’s Next for Connected Devices in Health Care?

According to a Deloitte study, approximately 68% of medical devices will be either connected or connectable to a health system network by 2025. Each of those devices simultaneously represents an opportunity for health care providers to transform the delivery of patient care as well as a vulnerability for attackers to infiltrate a health system’s network. We’re moving towards a future where any device is a potential entry point for hackers.

These devices are at risk are because many medical devices run on operating systems with well-known vulnerabilities and rarely updated software and firmware.

Manually managing devices becomes costly and time consuming once an organization grows beyond a certain size. In this case, automation is needed to remain efficient.

Likewise, hospitals themselves typically cannot update software or install security patches.

To strike a balance between improving patient care and mitigating cyber risks, hospitals need solutions to help manage and protect their medical devices and refine their security position.

Here are some specific security challenges health care organizations will face over the next year and strategies they should consider to combat them.

What’s the Desired State? Policy-Based Automation

Policy-based automation separates your business and operational policies from the process of automating those policies. Policies guide IT automation by standardizing workflows. Some examples include defining what to monitor, defining what needs to happen when certain events are triggered (such as setting alarms, creating a service ticket or sending email notifications). You can also set policies for routine processes such as scheduling patches or maintenance.

You can also customize policies for individual machines or groups of connected devices to better allocate resources across the system. Once these groups and relationships are defined, it becomes much easier to automate across the system and define policies that best fit your unique distribution of devices.

The power of policy-based automation is that it creates consistency and reliability across your devices. It’s generally very difficult to test abnormal conditions with traditional programming solutions, and policy-based automation not only makes this easier with individual machines, but also across your entire deployment of machines.

Stay On Top of Inventory Management

As you think about core IT modernization and future-proofing your technology, consider solutions that provide robust inventory management. Many health care facilities have thousands of connected devices, and it’s impossible to manually track network or perimeter-level vulnerabilities. Device inventory management includes automating the tracking of the last connection time, location details, patch and software update details, and installed and running applications.

You’ll also want to develop robust vulnerability assessment and reporting tools. This includes the secure deployment of OS patches as well as software installation, updates and upgrades. Focus on solutions that will not only automate the task you need done, but also the tasks you can imagine over the life of the connected device and an ever-changing software environment.

Establishing Guidelines for BYOD

As with most sectors in the current economy, the bring-your-own-device (BYOD) trend continues to rapidly expand. Personal devices (typically smartphones, tablets and laptops, but also IoT devices such as wearable smartwatches) can be a benefit to health care providers and bring enhanced productivity, efficiency and streamline workflows across departments and operations – especially in this age of telemedicine and in-home care.

However, BYOD also brings with it significant security concerns due to inefficient security controls. Devices may contain sensitive data such as patient health information and may be used for activities including documenting clinical notes, accessing medical records, looking up drug information, communicating with other staff as well as with patients and looking up reference resources.

It will be important to have the right organization in place and practice: people, policy and technology protocols. You should regularly and clearly communicate the BYOD security management policies to all hospital staff as well as have strict technology guidelines in place, including device management and virtual private network access.

As with every great advance, the proliferation of connected devices is creating myriad opportunities, even as it opens up health care organizations to greater security risks. Thankfully, a mixture of strategic thinking, process management, and software tools can help protect your organization from these threats.

Avatar photo

Shreekanth Joshi

Shreekanth is an engineering leader with deep product delivery expertise and a proven track record overseeing large teams. At Persistent, Shreekanth manages multiple healthcare and life science products and drives strategy around product-fit and execution. His areas of focus include Healthcare unbundling, FHIR, large-scale data management, Hyperscale platforms (AWS, Azure, GCP), Specialty-Microsoft Health Cloud, Salesforce Health Cloud, and Microservices tech stack for Providers, Payers and Pharma.

shreekanth-joshi has 1 posts and counting.See all posts by shreekanth-joshi