Health care organizations are faced with overcoming myriad technology obstacles in the near future. Mastering these challenges will not just be a matter of staying ahead of the competition and providing the absolute best in health care services. For many organizations, it's a matter of survival.
Organizations have many information technology responsibilities, from meeting new federal guidelines and timelines for electronic health records to ensuring that embedded medical equipment can be tracked, secured and guaranteed to function. In addition, they must secure all that information on a sensitive health care network to maintain privacy and deliver the best possible patient care.
Technology Evolves, but New Threats Emerge
Health care organizations rely on technology to streamline communications; improve patient care; store the exponentially increasing volume of images, records and sensitive patient data; and manage and track connected medical equipment—all while dealing with an influx of consumer and employee devices trying to connect to their network.
But the proliferation of embedded medical devices and an increasingly diverse and mobile population of users, as well as many new, evolving technologies, increase the risk that sensitive patient data, valuable research information and other highly confidential material may be compromised. In 2011, we'll see even more threats and in new environments. Amid ever-decreasing budgets, CIOs and IT pros in the health care sector need to figure out how to keep the network running with fewer resources.
There are five key IT security threats that most health care organizations will face in the coming months: mobile devices, embedded devices, virtualization software, social media and the consumerization of IT. Your IT department already may be feeling their impact.
So Many Mobile Devices, So Much Risk
Mobile devices are ubiquitous in today's society, and the number and types of devices used by physicians, nurses, clinicians, specialists, administrators and staff—as well as patients and visitors—are growing at health care organizations across the country. Providing network access anywhere and anytime is essential, particularly when instant communication is required to ensure quality patient care. But these devices are launched daily with upgraded versions of operating systems that are ripe for infection.
Health care organizations can use network access control solutions to identify each type of user and connected device, scan the device for threats—including out-of-date anti-virus or anti-spyware protection—and then provide access based on the device and the user's role within the network. The NAC solutions also can provide a view of network security status for all brands of equipment and devices so that nothing falls through the cracks. Such a view is crucial for health care organizations, whose networks often are composed of infrastructure from multiple vendors.
Embedded Devices Become the Norm
As tablets and mobile devices with wide-area network and WiFi capabilities—including medication scanners, patient-monitoring systems and imaging devices—become more common, embedded connectivity makes tracking, monitoring and managing enterprise productivity easier while helping to reduce errors. However, embedded connectivity also puts a strain on bandwidth and exposes the network to viruses brought in by a host of new connected devices that are different from traditional PCs.
Health care organizations should incorporate a security solution that will protect the integrity of critical (and often private) data and close any vulnerability gaps in the network.
Virtualization from Desktops to Servers
Technology research firm Gartner Inc. reports that 80 percent of enterprises have a virtualization strategy to run more than one application on one server. The strategy is achieved by using virtualization software, which allows servers to run multiple applications with limited investment in hardware—and which reduces costs associated with energy, lowering an organization's carbon footprint. The popularity of the strategy is no surprise: Virtualization holds promise for enterprises of all types—including those in health care—looking to reduce hardware and management costs significantly, implement green strategies, and make the most of the flexibility offered by virtualized desktops. Unfortunately, as more users move to virtualized environments, more threats arise.
Health care leaders need to remember that hosted virtualized desktops should be viewed in the same way as traditional devices, posing the same—and some new—threats as any connected device. Set the stage now, before adoption explodes, by ensuring that your NAC solution and other network security tools can view an HVD the same way they view a PC.
Viruses Spreading through Social Media
Social media platforms such as Facebook, Twitter and YouTube are here to stay, and even health care users are not immune. This means that in spite of a host of malware that can spread like wildfire through social media sites—think the "hilarious video" attack on Facebook last year—it may be virtually impossible to permanently block access to social media at your facility.
Quickly identifying which devices are infected is essential in maintaining network security and protecting crucial data.
IT Becomes Consumer Friendly
Physicians and employees need access to the facility's network, but the consumerization of IT has made the problem more difficult to manage. As users increasingly adopt their own devices for professional use, health care organizations will see more network security threats. In fact, this consumerization of IT is driving the need for network security solutions that can cover multiple types of devices and infrastructure components.
A solid NAC system can help stave off each threat. Health care organizations can respond with security solutions that identify any consumer-adopted device, scan for threats and deficiencies, then provide access or automatically remediate problems—regardless of the type of device or location.
A New Day for NAC
You may be thinking, "NAC? Isn't that just standard scan-and-block?" While that used to be true, NAC has been evolving. A new generation of advanced NAC solutions is much more intelligent than their predecessors, recognizing different types of users and devices, and flexibly applying policies to adapt to evolving network infrastructures and new types of threats.
Frank Andrus is the chief technology officer at Bradford Networks in Concord, N.H.