There’s no question that healthcare data needs to be protected. It’s widely accepted that this is the case, and there’s a lot of regulatory compliance and legislation in place around the world to ensure this happens. While tremendous effort is put into ensuring patient records don’t fall into the wrong hands, the same focus isn’t necessarily being placed on protecting the services, applications, and functionality that’s used to interpret this information and deliver a positive patient care experience.
Part of the challenge is that healthcare is changing the way it does business. Hospitals are becoming increasingly dependent on technology as patient data has become the value proposition, and this change is happening with good reason.
>See also: Improving patient care through technology
Having access to Electronic Health Records, imaging and e-prescription services, and new tools such as telemedicine, have all contributed significantly to improving the quality, speed, and security of patient care and reducing unnecessary loss of life. Yet while these tools and services offer tremendous benefits on one hand, they also stretch network and security resources to the brink on the other.
The current threat to patient care
As the reliance healthcare professionals place onto services and applications grows, so does the complexity of the networks powering them. By creating this environment, healthcare organisations have found themselves faced with a perfect storm of uncertainty over service delivery.
It’s reached a point where even scheduled downtime is a major concern for hospitals and GP surgeries. So it’s no surprise that unscheduled downtime, whether it’s caused by a rogue application or a ransomware attack like the one faced by the NHS last week, amplifies this issue further and poses a significant threat to life.
To look at it another way, healthcare technology is revolutionising the way patients receive care, diagnosis, and treatment, simultaneously making it more efficient and cost-effective for physicians and providers. However, those benefits decline exponentially when slow-downs, degradations, or outages occur with any of the application services these professionals now wholly depend on.
Until healthcare organisations understand that it’s a combination of applications, the network, and the enabling protocols that make up a service, and there’s a need to continually check the pulse of them all, issues will continue to arise. This will result in anything from small yet noticeable delays at the admissions desk through to full-blown outages that result in patients being diverted to unaffected emergency rooms elsewhere.
In an environment like this, it’s clear that maintaining the health of the network has become arguably more important than ever before. After all, for an industry where business as usual means saving people’s lives, making that a reality depends on real-time access to the information and services held on the network.
It’s not enough to be purely reactive towards any performance issues it faces. Starting to tackle problems only once they’ve arisen is far too slow in an environment like this. Something more proactive needs to happen, as an ounce of prevention is worth a pound of the cure.
Ransomware risks, real challenges
Yet healthcare organisations cannot protect what they cannot see. The first step towards protecting the network, healthcare applications and patient data, therefore, is having visibility into what’s happening on said network at all time.
The NHS attack shows how it’s essential to take a proactive approach to monitoring and analysing traffic at critical points across the wired and wireless healthcare environment. Healthcare organisations need real-time visibility into what’s happening across the network in order to detect and identify anomalies long before they can cause problems or access privileged information.
It’s the same with any enterprise network, but is arguably all the more important when you consider how much higher the stakes are in healthcare – and especially in relation to a debilitating performance outage or an attack such as ransomware.
It’s recognised that ransomware attacks, in most instances, will grind things to a halt for any business. When it comes to healthcare, however, ransomware attacks can leave a more lasting impact, and ransomware is certainly the most widely publicised problem today for any hospital.
With the advent of connected devices and the IoT, equipment from smart beds to health monitors, and even dialysis machines, have the potential to be hacked. For a business where success is measured on saving lives, the problems associated with an insecure system are huge.
The need for end-to-end visibility
Attacks, such as those recently reported, can prevent a scheduled operation from taking place, block chemotherapy drugs from being released from the hospital pharmacy for planned treatment, or stop a patient from getting the diagnostic test they need.
It’s been largely ignored for now and in many instances has been dismissed as scaremongering. The recent NHS attack, however, shows how scarily accurate these predictions were and why it’s essential for healthcare organisations to take action.
A tried-and-tested way to combat this is to have the ability to conduct in-depth and real-time analysis of every aspect of the network, including connected devices and network layers, and wired and wireless environments.
It’s only when a system like this is in place that any anomalous traffic can be examined and dealt with as it first appears, thereby isolating and reducing the impact of a ransomware threat or other network breach before it can cause further damage.
Ultimately, the modern threat to healthcare isn’t what’s taking place in the operating theatre. It’s the enterprise network environment that powers it instead. Patient care delivery relies on the efficient and secure flow of information and that, in turn, needs to have service assurance built into the network design.
After all, like patient care itself, regular monitoring of the network may uncover a problem in its early stages. That’s almost always the best time to address the problem before it can doing lasting damage, triaging the issue and preventing it from spreading any further.
Sourced by Eileen Haggerty, senior director Enterprise Business Operations, NETSCOUT
The UK’s largest conference for tech leadership, Tech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here