Network security company, ForeScout Technologies, has released a white paper called "Securing your medical devices and healthcare networks" aimed at IT professionals in the healthcare industry on dealing with the requirements to keep software levels up to date on IT equipment whilst continuing to meet strict regulatory requirements on the change process for clinical devices.
It could be said that the healthcare industry is already no stranger to the Internet of Things (IoT) since it's already well-established in the industry that clinical devices are becoming more connected and are being integrated with back office IT systems to enable improved collaboration of patient information.
However, such highly integrated networks come at a cost associated with the risk of such equipment becoming compromised with malware. Such an attack could interfere with the base function of the equipment or could result in privacy breaches relating to patient information.
One of the many methods of keeping connected devices secure is to ensure that the software they run is regularly "patched", meaning the software is updated with new releases and bulletins issued by the manufacturer. These updates often fix security vulnerabilities which is why they're important to install.
However, as mentioned in the new 12-page report from ForeScout Technologies, this can result in a dilemma for the IT engineer, who has to balance security policies with regulatory requirements, which may state that changes to software could invalidate the certification for the use of the equipment for healthcare purposes.
Knowledge is power
Part of the solution to this dilemma is having insight into what devices are connected to the network and what their security position is. By identifying which clinical engineering devices are attached to the network and pinpointing unpatched or unsupported software, ForeScout's CounterACT product provides the necessary knowledge to engineers to enable them to make decisions.
We spoke to Jan Hof, the International Marketing Director at ForeScout Technologies, who told us, “As cyber threats continue to evolve, healthcare organisations have to rethink how to ensure they achieve security, privacy and compliance, while not impacting patient care services”.
“Healthcare organisations face additional IT complexities because not only do they need to serve a broad user community of employees, contractors, visiting doctors, caregivers and visitors – all with different computing needs and restrictions – but they also have many different types of equipment on their network, some of which use very specific software and operating systems, such as heart monitors and respiratory machines. With ForeScout CounterACT we can provide visibility into what devices are on the network, including laptops, desktops, mobile devices, as well as specific clinical engineering devices. In addition we can verify their security posture and, based upon policy, take actions to remediate non-compliant devices, or make admission decisions to maintain security and compliance, in line with specific healthcare regulations,” Hof continued.
Download the "Securing your medical devices and healthcare networks" white paper.
Jonathan Newell is a broadcast and technical journalist specialising in security systems and transport safety. He contributes to a range of titles in the technical press. He shares his time between the UK and Kazakhstan