10 Must-Ask Questions for Hospitals Adopting the Internet of Things

Internet of Things and Healthcare

Hospitals are increasingly adopting Internet-connected devices, in hopes of tapping into their impressive benefits.

Imagine “smart beds” that can automatically detect if they’re occupied (or the patient is up and out of bed), or can measure the quality of the patient’s sleep. Imagine wearables and implantables measuring a patient’s vital statistics, and reporting that data back to the nursing staff in real-time.

Networked devices are already prevalent in hospitals today — a growing number of nurses and doctors are using WiFi-enabled communication devices and tablet computers instead of clipboards and sheets of paper. The goal is to use technology to provide better healthcare.

In the push to adopt Internet-connected devices (and enable the Internet of Things), many hospitals are opening themselves up to risk. Left unsecured, networked devices represent a point of exposure into the network. Unlike other industries—say, banking—healthcare has less experience dealing with hackersThat’s a problem when medical records are at stake.

Here are the 10 key questions hospitals should consider before adopting Internet-connected devices:

#10: Have you segmented your network into secure zones? In planning those segments, have you considered, “If an attack came through this segment of the network, could we quickly recover or compensate for the damage?”

#9: Have you secured your medical device connection points? Hospitals must ensure that hackers can’t simply unplug a device from an Ethernet port, plug their laptop in and gain access to the network. Static network endpoints are inherently less secure than dynamic networks. Recently, security researchers warned hospitals about a patient-controlled analgesia device that allowed unsecured access to hospital networks.

#8: How secure is your third-party network access? Hospital administrators, doctors, nurses, guests, patients, contractors, vendors and auditors should get varying levels of access to the network. Segment and control their access centrally.

#7: Are your devices HIPAA-compliant? Implement and enforce policies for HIPAA, including securing information crossing handheld devices.

#6: Is your texting secure? For many doctors and nurses, text messaging is a quick and easy way to communicate on the go. Implement a secure texting solution to eliminate the possibility of accidentally sharing private information publically.

#5: Are your staff security-aware? Train everyone on the importance of physically securing their laptops and other devices.

#4: Where are you managing your devices? As much as possible, centrally manage Internet-connected devices. Besides inventory control, devices that are managed centrally will have the highest degree of security because they can be monitored and managed efficiently.

#3: Where are your wearables? Establish electronic checkpoints for all wearable devices. Greater usage will follow, as devices can be efficiently tracked, managed and shut down remotely.

#2: Are log-ins secure? Establish a centralized log-in procedure for network-connected medical devices.

#1: How often are you auditing your security? Systematic third-party security audits will help you identify and close potential security vulnerabilities. Ensure that the auditing firm does not also sell solutions, thereby eliminating a conflict of interest.

Avaya offers a range of solutions designed to help hospitals build secure networks, and efficiently managed the network-connected devices they’ve deployed. Click here for more information.

Related Articles:

Enabling Smart Vertical Solutions in a Smart Digital World

Watch as Jean “JT” Turgeon discusses the path Avaya is taking into the Smart Digital World and how the company enables digital transformation.

In his previous video, Turgeon introduced Avaya’s smart vertical solutions and now returns for a deeper dive. He also elaborates on the importance of the secure and automated end-to-end network infrastructure that Avaya provides, assuring viewers that there are “no other competitors that can do what Avaya can do today.”

Turgeon continues, “Avaya enables Digital Transformation at customer speed. The digitization of global enterprises is a reality in the marketplace and Avaya is delivering vertical solutions today that can help them transform.”

HIMSS 2016: Big Show, Big Problems, Big Opportunities

The HIMSS 2016 healthcare tradeshow that took place last week in Las Vegas is simply massive. With more than 1,300 exhibitors, 26,000 attendees and huge booths (some of which look more like small cities), this is the place to be for healthcare IT.

Avaya was fortunate to have a significant customer speaking slot at the show: Eric Miller of Ascension (the third-largest nonprofit healthcare system in the U.S.) and Avaya Chief Networking Architect Paul Unbehagen took center stage in a packed, 700-seat auditorium to speak about the “Internet of Things” in healthcare.

Eric shared his journey of getting his arms around securing thousands of medical devices without crushing his IT staff. He shared how he was able to realize a 30 percent savings in capital replacement costs and a 60 percent reduction in maintenance costs by implementing Avaya networking.

Unbehagen introduced a new solution called Avaya SDN Fx Healthcare that automates much of the on-boarding, flow management, and inventory tracking of medical devices. New to the market, the solution comprises a new, pocket-sized appliance called an Open Networking Adapter, an SDN controller and an Avaya fabric network, which is planned to run on an optional basis in later releases.

Many of the panel’s attendees took the opportunity to speak with Eric and Paul after their presentation and at the Avaya booth. Booth visitors got hands-on demonstrations of on-boarding an infusion pump, moving it from location to location without losing its network segment, and managing inventory and flow screens.  Also featured were Mobile Care Team Coordination, Remote Care Team and Patient Consultation.

“Many Avaya healthcare customers do not realize the power that they have in their current communication solution,” said Michael Wallace, Avaya Sales Engineer, who spoke to customers inside the Avaya booth. “When we start to show them how they use their Avaya solutions in the same ways that non-healthcare companies do to improve customer experience and increase loyalty, they start to get really excited.”

Thanks to everyone who attended the presentation and visited us inside our booth at HIMSS 2016. Next stop: Enterprise Connect, which starts this week in Orlando.

The Evolution of Healthcare for the Internet of Things

The Internet of Things holds great promise to improve our health and wellbeing. Internet-connected infusion pumps, imaging machines, blood-glucose sensors (and myriad more devices) can automatically share valuable data to a person’s electronic health record. That said, with new devices comes the need for speed and manageability, which requires careful network planning.

Security needs to be front and center

Hackers continue to dominate the headlines, as they expose vulnerabilities across verticals. Healthcare providers hold some of the world’s most sensitive information—medical records—making them a particularly high-value target.

Reporters at Computerworld recently demonstrated the risk of “medjacking,” where hackers are able to exploit Internet-connected medical devices, such as infusion pumps, to administer deadly levels of an otherwise helpful drug into an unsuspecting patient, without triggering an alarm to medical professionals.

The network represents one of the largest avenues of attack, and every possible effort should be made to secure it.

On some legacy networks, people can connect devices without prior authorization. In the most extreme cases, healthcare administrators admit they have no idea exactly how many devices are accessing their network at any given time.

Attacks come in many forms—from the so-called ‘Sneakernet’ via USB keys to infected devices brought from home by oblivious patients or employees.

Another major challenge is that Internet-connected devices and end-user applications are evolving faster than the legacy network. The traditional approach of securing the Internet gate with a firewall isn’t enough. Once a device is connected to the network with an IP address, all other devices on the same network segment can be easily exposed (and possibly hacked), as many administrators of hacked environments have learned the hard way.

Software-defined networking represents a crucial layer in a multi-layered security plan. Traffic dynamically flows across the network, picking the shortest path to its destination. The network can be easily segmented into areas that remain invisible to devices on the edge. One physical network can create numerous virtual networks on the fly. Network connections open as approved devices connect, and dynamically close as those devices are disconnected. Getting a complete picture of every device on the network at that moment is a single click away.

Reducing the size of the network footprint and obscuring the network core can provide important, added security benefits.

Segmenting and filtering are crucial

By segmenting the network at the routing table level, data can be filtered and contained to flow from approved devices to pre-defined applications. Without segmentation, all devices in a single, flat routing table, can communicate with all other connected devices and users.

In a healthcare setting, does the network that transports data from the MRI machine to the electronic health record system need to share the same path options as the payment card system? No. By segmenting the network and isolating various systems, you create additional protections against a single intrusion infecting multiple systems.

To quote the lead hacker at the NSA, who recently gave a presentation on how companies can protect themselves from the NSA: “Segment networks and important data to make it harder for hackers to reach your jewels.”

All this together helps secure the network from an arbitrary number of edge devices creating an exponentially insecure network– leading to a more secure edge. This becomes more important in a software-defined perimeter approach to securing the edge, with a central policy and filtering enforcement model, as well as segmenting it from other network services.

Automation ties it all together

Implementations where security requires too much effort or results in added complexity often fail, because the human element gets in the way of the need for a quick deployment. How many times have shortcuts and the human element led to failures in systems? Automating connectivity of Internet-connected devices means security is simpler and far easier to implement.

It’s not all about automating the connection to the edge; healthcare providers need to make sure their system puts devices and users into their proper virtual network segment and have the proper profile rules enforced. That way, administrators can prevent devices from becoming points in a myriad of concerns to the future of the organization.

I hope to see you at HIMSS 2016, either at booth #11325, or at the session “Internet of Things for Healthcare” (March 1 from 1-2 p.m.), where I will be presenting with Eric Miller of Ascension.