10 Must-Ask Questions for Hospitals Adopting the Internet of Things
Hospitals are increasingly adopting Internet-connected devices, in hopes of tapping into their impressive benefits.
Imagine “smart beds” that can automatically detect if they’re occupied (or the patient is up and out of bed), or can measure the quality of the patient’s sleep. Imagine wearables and implantables measuring a patient’s vital statistics, and reporting that data back to the nursing staff in real-time.
Networked devices are already prevalent in hospitals today — a growing number of nurses and doctors are using WiFi-enabled communication devices and tablet computers instead of clipboards and sheets of paper. The goal is to use technology to provide better healthcare.
In the push to adopt Internet-connected devices (and enable the Internet of Things), many hospitals are opening themselves up to risk. Left unsecured, networked devices represent a point of exposure into the network. Unlike other industries—say, banking—healthcare has less experience dealing with hackers. That’s a problem when medical records are at stake.
Here are the 10 key questions hospitals should consider before adopting Internet-connected devices:
#10: Have you segmented your network into secure zones? In planning those segments, have you considered, “If an attack came through this segment of the network, could we quickly recover or compensate for the damage?”
#9: Have you secured your medical device connection points? Hospitals must ensure that hackers can’t simply unplug a device from an Ethernet port, plug their laptop in and gain access to the network. Static network endpoints are inherently less secure than dynamic networks. Recently, security researchers warned hospitals about a patient-controlled analgesia device that allowed unsecured access to hospital networks.
#8: How secure is your third-party network access? Hospital administrators, doctors, nurses, guests, patients, contractors, vendors and auditors should get varying levels of access to the network. Segment and control their access centrally.
#7: Are your devices HIPAA-compliant? Implement and enforce policies for HIPAA, including securing information crossing handheld devices.
#6: Is your texting secure? For many doctors and nurses, text messaging is a quick and easy way to communicate on the go. Implement a secure texting solution to eliminate the possibility of accidentally sharing private information publically.
#5: Are your staff security-aware? Train everyone on the importance of physically securing their laptops and other devices.
#4: Where are you managing your devices? As much as possible, centrally manage Internet-connected devices. Besides inventory control, devices that are managed centrally will have the highest degree of security because they can be monitored and managed efficiently.
#3: Where are your wearables? Establish electronic checkpoints for all wearable devices. Greater usage will follow, as devices can be efficiently tracked, managed and shut down remotely.
#2: Are log-ins secure? Establish a centralized log-in procedure for network-connected medical devices.
#1: How often are you auditing your security? Systematic third-party security audits will help you identify and close potential security vulnerabilities. Ensure that the auditing firm does not also sell solutions, thereby eliminating a conflict of interest.
Avaya offers a range of solutions designed to help hospitals build secure networks, and efficiently managed the network-connected devices they’ve deployed. Click here for more information.