exist The first part of this series, We have identified many challenges for proper asset management in the healthcare sector. In the second part, we introduced solutions to help hospitals and healthcare systems improve asset management and medical equipment safety.
With the proliferation of Internet of Things and connected OT devices in hospitals, asset management—the process of creating a list of devices connected to the network—becomes increasingly difficult. However, it is an important part of healthcare network security. In fact, asset management is listed as the top priority of cybersecurity preparations by the National Institute of Standards and Technology (NIST), Internet Security Center (CIS) and European Banking Authority.
In addition, with the influx of patients, staff shortages and shrinking budgets, the Covid-19 pandemic has stretched hospital resources.It also brings new security challenges, ransomware attempts to attack hospitals Increased by 123% last year, Affecting income, health care practitioners’ ability to provide care, and patient outcomes, such as The 2019 attack on Springhill Medical Center in Alabama Lead to the first potentially ransomware-related death. Visibility of hospital networks and the devices connected to them has become a matter of life and death—after all, you can’t be sure that you don’t know what’s there.
However, despite its importance, many hospitals still do not have the IT or security resources required to accurately track equipment inventory. New processes, strategies, and tools are needed to ensure accurate and comprehensive inventory to ensure the safety of hospital networks and equipment. However, it is worth noting that asset management is only one component of improving the security of the healthcare system, requiring additional steps and tools to improve the overall security of our critical healthcare infrastructure.
Challenges facing healthcare asset management
Cybersecurity Ventures estimates that the entire healthcare industry will $125 billion is spent annually on cybersecurity alone By 2025, the financial services industry spends on average 10% of revenue or US$2,300 per employee In terms of cyber security, the cost of Bank of America reaches Over 1 billion U.S. dollarsHowever, due to the dark web’s demand for medical records, many people believe that the healthcare industry is most vulnerable to cyber attacks. The price of a single patient record is Up to 1,000 USD.
This is why asset management is so important to hospitals-considering all the devices on the network can help identify risks that may make your hospital vulnerable to attacks. However, hospital asset management still faces some challenges.
First, there is the challenge of the “bring your own device” policy, allowing healthcare providers to purchase their own medical equipment and equipment, and to bring their own non-medical personal equipment to work. This has become more difficult due to the massive influx of connected medical devices in recent years and the lack of network visibility to track all devices. Without a clear system for registering, tracking, and protecting devices, many devices on the hospital’s network will go unaccounted for, making them vulnerable to ransomware and other threats and vulnerabilities.
Improve asset management in the healthcare sector
Considering these challenges, hospitals should take the following steps to improve asset management:
- Ensure the doctor’s budget: Although equipment procurement decisions are increasingly made by committees composed of healthcare professionals, IT personnel, compliance officers, and C-level executives, many hospitals and healthcare systems provide doctors with their own equipment and technology procurement budgets . This allows doctors—especially those who purchase advanced medical knowledge—to get the tools they need without excessive “red tape.” However, if the new tool is not properly considered and protected, it will also expose hospitals and their patients to a higher risk of cyber attacks. For these purchases, IT and security personnel should work with medical personnel to ensure that equipment meets security standards before being introduced into the network.
- Adopt a zero-trust network architecture: Hospitals usually have flat networks without segmentation, which can not only protect the safety of connected devices, but also limit the number of devices that communicate with each other to ensure optimal performance and patient treatment. This optimizes data sharing for doctors, but it also introduces new vulnerabilities, such as ransomware, which may shut down all medical equipment and enable potential attack detection. In order to reduce this risk, hospitals must adopt a zero-trust approach to critical networks, requiring strict authentication of all users and devices. In addition, any personal devices used by employees, patients, and visitors require a separate network.
- Develop an enforceable asset management policy: Traditionally, hospital asset management is done manually. However, with thousands of devices connected to the hospital network and increasing, it is almost impossible to maintain accurate inventory through manual device audits. Not only that, it also requires a lot of time and resources. If this process is not automated and a process of marking equipment risks for potential remediation is introduced, the attack surface will expand and be exposed. Implementing an asset management solution is essential to let the hospital understand its network and ensure the safety of the equipment.
Improved asset management can greatly increase the visibility of hospital network security. However, this is not the only measure that hospitals need to take to ensure that they are protected. In the next article in this series, learn why inventory is not enough, more actionable asset management is needed, and other techniques to improve hospital network security.
