Modern healthcare environments are charged with processing massive amounts of patient data in tandem with an extensive network of connected clinical and administrative devices that can be infiltrated by hackers to access the entire system and hold mission-critical and patient-related information and services hostage. The robust data sets that can be exposed as well as the ensuing repercussions to reputation and profit means that the average cost of a healthcare data breach in 2022 was US$10.1 million across 17 countries – the most expensive of any industry for twelve consecutive years according to the current annual IBM Security Report on the cost of a data breach.
In response to these alarming numbers and the increase in security incidents, including the ceaseless onslaught of ransomware attacks, healthcare executives and administrators have implemented an array of risk mitigation techniques that include Zero Trust security models; multi-factor authentication; employee training; SIEM/CIEM integration; Security Orchestration, Automation and Response (SOAR) strategies; and vulnerability and penetration testing. However, the proliferation and growing sophistication of attacks can often render these measures to be inadequate in a matter of months. When one factors in significant staffing shortages and the ongoing challenge of filling critical CISO and CISMO positions, it is a wonder that providers can deliver care in the middle of security attacks.
As healthcare organizations seek to stay one step ahead of bad actors, identifying vendor partners that are invested in creating technologies that can help support their security efforts is more important than ever. Beyond the table stakes of data encryption, automated updates, multi-factor authentication, and SIEM integration, some device manufacturers are also implementing advanced intrusion protection systems, full audit trail reporting, network health insights, 24/7 monitoring and the ability to isolate key systems from outside threats before data can be damaged or exposed.
Some solutions even isolate imaging hardware and systems from the wider hospital network in the event of a cyber-attack. During cyber-attacks, imaging systems armed with such solutions will remain functional due to firewall technology coupled with a VPN tunnel that creates a DMZ perimeter network around mission-critical equipment. In contrast, other hospital equipment that is not isolated from the hospital would have to be restored operationally.
The ability to conduct remote diagnostics and 24/7 monitoring of equipment is just as important for administrative devices as it is for clinical systems. By incorporating features on MFPs that check the validity of the boot code, firmware and device applications at start-up and only allow firmware and applications that are part of a whitelist to be executed on a device, office equipment manufacturers can also help healthcare organizations in their security efforts.
Identifying equipment and devices with proactive functionality is only one part of the equation. Healthcare leaders can also seek out vendor partners that intentionally align their offerings with established cybersecurity frameworks and standards. As the regulatory environment continues to become more complex, incorporating FedRAMP-authorized solutions or equipment that supports NIST Cybersecurity Framework implementation can help stretched healthcare IT staff in their compliance efforts.
In today’s environment, it is imperative that healthcare decision-makers simplify technology stacks, streamline technology investments and select vendors that can provide strong service and support across the clinical and administrative landscape. Consolidating vendors and investing in holistic solutions makes it possible to develop a full Managed Detection and Response approach for clinical and non-clinical devices.
Many technology vendors are in a position to serve multiple facets of acute and non-acute threat vectors by offering solutions that allow users to leverage their robust and integrated portfolio. Overall, vendors must aim to create technology that meets the challenges of today and anticipate those that will come tomorrow. After all, security at its best is a combination of people, process,es and technology.
About Tim Dawson
As Chief Technology Officer for Canon Medical HIT division, Tim Dawson leads the technology strategy, creating and delivering innovative, next-generation medical imaging platforms and clinical tools. Previously he served as the Vice President of Engineering for Vital Images.
About Mike Betsko
Mike Betsko is the Sr. Director of the Field Solution Sales and Marketing teams for the Business Imaging and Solutions Group of Canon U.S.A., Inc. He oversees all marketing and field solution sales activities for the Enterprise Solutions Division. Mr. Betsko began his career in 1995 with Canon U.S.A., Inc in Jamesburg, NJ as a field solutions engineer, before managing Medthat team in 1999. In 2008 he was assigned to lead the Professional Services group in Canon Solutions America, as Sr. Director, for the next 8 years. Then re-assigned back to Canon U.S.A. in 2016, where he has remained in his current position. Mr. Betsko graduated from Richard Stockton University in NJ in 1991.