Thursday, July 2, 2026

3 reasons why hospitals and health systems encounter difficulties in asset management


There has always been debate about whether asset management is the most important task in corporate network security, or whether it is just a small but important part of the larger risk reduction puzzle.

Proponents will argue that if no organization can unimpededly understand the exact number of applications and devices connected or attempting to connect to the corporate network, then no organization can proactively defend against threats and manage vulnerabilities and accelerate incident response. A given point in time. Those who are less optimistic about asset management as a panacea point to its inherent complexity and the huge challenges posed by the proliferation of the Internet of Things (IoT).

Despite different opinions, it is almost universally believed that asset management is net positive for the company’s overall security status. Perhaps this is why so many government agencies-from the National Institute of Standards and Technology (NIST) and the Internet Security Center (CIS) in the United States to the National Cyber ​​Security Center (NCSE) and the European Banking Authority abroad-manage asset management The ranking is on top of their cybersecurity preparation recommendations.

Anne Marie Columbo of SAP writes: “Understanding the assets in the environment, how vulnerable they are to threats, and how to protect them is an important part of any cyber security plan. In a recent Forbes articleBut if the organization is not prepared to act on the information immediately, how useful is the awareness itself?

Traditional asset management challenges

Asset management has always brought a unique set of challenges to large organizations, so some people do not pay attention to this initiative and instead increase investment in detection and response technology.

From a device point of view, simply aggregating the total number of connected, in-use and unmanaged applications and machines can be a headache for several years, requiring a lot of IT and security resources. As Covid-19 and the popular Bring Your Own Device (BYOD) policy open up corporate networks to devices outside of corporate control, the proliferation of hybrid and remote work has made the situation even more complicated.

Even when companies believe that they fully or nearly fully understand their assets, they traditionally do not have an easy way to interpret the data. As with asset discovery, asset inventory analysis has become more and more complex in recent years, mainly due to the acceleration of cloud migration and Internet of Things (IoT) deployment in enterprise environments and the shift to edge data centers, as well as other digital transformations and the future Work initiatives that make internet use intensive.

All these obstacles prevent hospitals and health systems from achieving their asset management goals.

Unique complications hinder the popularization of medical asset management

In the past decade, nation-state hackers and cybercriminals have prioritized attacks on hospitals and healthcare systems because of the lucrative data treasury available and the inherently poor network security defenses of many corporate counterparts. According to the Wall Street Journal, “more than 1 million people were affected by data breaches in medical institutions almost every month last year.”

Even before Covid-19, hospitals and healthcare systems began to demonstrate stronger cybersecurity power by increasing budgets and resources.Nonetheless, Cybersecurity Ventures estimates that the entire industry will $125 billion is spent annually on cybersecurity alone By 2025. from this angle, Bank of America alone spends more than $1 billion annually on the Internet.

Although overall spending may not yet correspond to the overall picture of cybersecurity threats, asset management has become a major area of ​​opportunity for investment in hospitals and healthcare systems because they “enhance” cybersecurity games and place greater emphasis on reducing risks. But unlike ordinary enterprises, network security asset management poses three specific challenges that make this work more complicated. These include:

  • Doctor’s budget – Although in hospitals and healthcare systems, IT procurement decisions are increasingly being made by committees composed of clinicians, top management, compliance, and others, in many cases, doctors maintain their own budgets. Purchase new software and hardware. According to a 2017 survey by MGMA, Hospital-owned doctor practice spends USD 8,000 per doctor per year on IT; Since then, Covid-19 has affected IT purchasing decisions, larger IT implementation has been delayed, but doctors have focused on Purchase technologies such as telemedicine and RPMHistorically, the doctor’s budget has not been authorized by the company to inform the IT or security team about the purchase, which is also used to help with the setup. Although this is developing at the same time as larger security issues, the adoption of doctor technology without IT notification may make security stakeholders blind to certain assets until a threat or vulnerability is detected, which is usually too late , Cannot significantly mitigate the occurrence of interruptions or damages.
  • An influx of connections – Millions of medical IoT devices are now being used to care for patients, simplify key workflows, and communicate with patients. In addition, due to the critical role of these devices in patient care and the complexity of IT network infrastructure, many of them cannot be disconnected, making it difficult to patch and prevent new threats and vulnerabilities. In addition, the traditional way of asset management is to manually map and count thousands (usually tens of thousands) of connected assets, which is impossible. In addition, many traditional asset management tools on the market are not built to visualize communication protocols specific to the healthcare environment.
  • Network Architecture – Many critical infrastructure sectors use hierarchical networks. This means that although many OT devices are online for the first time, the network infrastructure already exists, and communications can be transmitted through seven network protocols. In contrast, the healthcare network is mostly flat and lacks segmentation, which makes it more difficult to track inventory and it is easier for opponents to compromise and traverse the network.

Although the specific challenges of asset management in the traditional and healthcare industries remain problematic, the advantages of full network visibility undoubtedly outweigh the disadvantages, unless the organization mistakenly believes that asset management alone is sufficient to significantly reduce risk.

In the next article in this three-part series, we will explore practical and effective steps to reduce the burden of asset management in hospitals and healthcare systems.

Photo: Traitov, Getty Images



Source link

Related articles

spot_imgspot_img