May 17, 2020

Cloud Adoption Is Big News For The Healthcare Industry

Cloud
Cloud Computing
mHealth
healthcare technology
Admin
4 min
The Effect Of Cloud Computing In Healthcare
Follow @HealthCareG When it comes to global tech trends, you dont get much bigger than cloud computing. Virtually every single industry across the glo...

 

When it comes to global tech trends, you don’t get much bigger than cloud computing. Virtually every single industry across the globe has adopted cloud computing in one way or another and the healthcare community is fast cottoning on to this ever-developing trend. Gone are the days of filing cabinets full of paperwork and massive on-site servers, business is moving to the cloud because it is cheaper, more efficient and more secure.

At Healthcare Global we have addressed some of the main concerns when it comes to moving healthcare infrastructure to the cloud. Executed properly, cloud computing could see the healthcare industry move at a much quicker rate than it does currently in terms of patient communication, prescriptions, research and development, manufacturing and more.

Patient Confidentiality

Patient confidentiality is paramount and is central to proper medical practice. As such, security of medical notes and records is vital. The healthcare industry as a whole has shied away from cloud storage for fear of losing such personal data, however there are many companies out there now who can protect your data as securely as if it were locked in a filing cabinet – safer in fact. Cloud storage is also extremely beneficial insofar as information is stored offsite; should there be a fire or disaster all medical records will still be accessible. Hospitals who want to use cloud computing must adhere to the HIPAA (Health Insurance Portability and Accountability Act), meaning that data is secure and protected against external threats.

Read Related Articles In Healthcare Global

Keeping Cost Down

The pharmaceutical, medical and healthcare industry is the same as any other insofar as it needs to make money and subsequently it needs to keep its operating costs to a minimum. Storing data on the cloud is, on average, ten times cheaper than buying additional server space when you include the cost of having trained professionals on site to manage them. Furthermore, cloud computing storage can be easily adapted to the need of the client, meaning that it is a lean and efficient way of storing and accessing data. There are many cloud providers that specialise in the healthcare industry, so it is well advised to shop around and build a solution that works for specific needs and requirements.

Ease Of Sharing

Getting access to hospital or pharma systems is prohibited unless permitted by the doctor or manager in charge; this is owing to the fact that a lot of information is confidential and sensitive. However, having said this, transparency in the healthcare industry is also becoming increasingly important and the cloud allows different users login access to designated information from remote locations. For instance, physicians who are out of the country can give patients access to information without them having to physically attend the clinic. Conversely, patients can share symptoms with their doctor instantly, helping to diagnose problems quicker.  

Data Security

With any form of technology and data storage comes the need for backup, archiving and updates. Cloud computing applications can perform these tasks without causing any downtime and possible data loss in real time. This matches the efficiency requirement of hospitals, research and development centers and manufacturing plants to run and access their networks 24/7.

mHealth

Unlike intranet-based systems often utilized in hospitals, R&D centers and manufacturing facilities, which are mostly desktop-dependent, cloud computing systems offer convenience and mobility to its users. The cloud structure allows both healthcare professionals and authorized patients to access important files and data on a smartphone, tablet and other mobile gadgets without requiring special permissions and settings.

The world is fast changing. At the heart of this change are cloud technologies that are being widely and quickly accepted by professionals and institutions within the healthcare industry. Cloud computing is changing the way medical and healthcare professionals operate on a day-to-day basis; it is providing them with access to information quickly, efficiently and securely and importantly allows them to share that information with peers. Cloud computing is speeding up delivery and cutting cost and could also catalyse faster research and development across the globe. After all information is power.  

Share article

Jun 15, 2021

Why are healthcare networks so vulnerable to attacks? 

Cybersecurity
IoT
healthcarenetwork
cyberattacks
5 min
Elisa Costante from Forescout Technologies gives us the lowdown on how vulnerabilities in the healthcare sector happen, and how to secure them

Forescout Research Labs has published a study on the vulnerabilities impacting the healthcare industry’s connected devices. The research division of Forescout Technologies has published the report as part of its Project Memoria, and it reveals that healthcare organisations are affected five times more by TCP/IP vulnerabilities than any other sector. 

Elisa Costante, a software engineer and Forescout's Vice President of Research, explains why this is and how to prevent it. 

What is Project Memoria? 
Project Memoria aims to improve the security of TCP/IP stacks and understand what  the main security issues are. TCP/IP stacks are a very core component of every network device, whether it's an iPhone connected to the internet, or a robot controlling  the process of manufacturing. If they're connected to the internet they need to have a piece of software controlling communication. 

There are several variants of this software and we're analysing them to understand if they have security bugs or vulnerabilities that if misused by attackers, could lead to disruption of the device itself, and to the network at large. Our goal is to make the industry aware of the problem, and engage with stakeholders as well as the customers. 

Why is healthcare particularly vulnerable? 
This is what the data is telling us. We have a device cloud, which is like a data lake of device information. This device cloud has a lot of information about the devices, like who the vendor is, what the role of the network is, and which vertical this is. We are able to leverage this information, and join it with the intelligence we have from Project Memoria to understand which devices are vulnerable. 

We found that in healthcare there was a huge spike in the number of devices that are vulnerable - as much as  five times more than in other verticals. The reason seems to be because of the number of devices, and because of the intrinsic difficulty of addressing the problem. 

The problem surrounding TCP/IP stacks is that there is not one single vendor that is vulnerable; on average, a healthcare organisation has 12 vendors that are vulnerable. 
Let's say that on average we have 500 devices per healthcare organisation.  Then you need to contact 12 vendors for each of these. These vendors then need to issue a patch to secure the device, and this patch cannot just be automatically delivered and installed in 500 devices. You have to be realistic and think about whether each of the devices  is critical, for example if it goes down will it turn the lighting system off, or stop the MRI machine from working. 

Patches are very complex to deploy. On top of that, the patch needed might not even be available.  That's why we want to understand this problem better  so we can provide solutions. 

How much of the responsibility of keeping a device secure lies with the vendor? 
There are responsibilities that lie with all the different stakeholders, and one of these is  the vendor. There might be multiple vendors involved, which makes it very complex  from a management perspective. 

For instance the device at the end of the chain, which might be an MRI, contains a board that has a connectivity module, and this has one of the stacks that is vulnerable, which could have four different vendors. 

If the vendor responsible for the TCP/IP stack releases a patch, this patch has to go down the chain. We identified chains with a length of six vendors, so you can imagine how complex this is. Some vendors have good hygiene security and some don't because they don't know how to deal with it - they need training. 

This is a new issue related to the software bill of materials, which is being tabled for legislation at the moment to create policies regarding the complexity of the supply chain. We need to shed light on this issue so that legislators can put these policies in place to help with security.  

What can healthcare providers do themselves to stay secure? 
Visibility is important; they need to know what they have in their network. In the case of vulnerable devices they should find out if there's a patch available. If there isn't, because it's an old device for example, but it's still critical to the system, they may want to isolate it so it only communicates with the devices it really needs to. 

Interestingly enough, our research found that most of the healthcare organisations we analysed had a flat network, which means they don't have isolated devices. For instance, a drugs dispensing machine, which you typically find in pharmacies,  is connected to a building automation light system, which is connected to a switch. This is also connected to an IoT sensor device. Why would you have all of them together in the same place? 
The first step is having this information, which often comes as a surprise. Then you can take action; you can segment a network, and if you can't do that you can control the network's access by isolating devices that are risky.

How can Forescout help healthcare organisations? 
Forescout is uniquely positioned to help. We provide visibility end-to-end, which means having a full inventory of devices that includes quite granular detail, so they can know what the operating system is, who the vendor is and so on. Then we enable them to do network segmentation. 

This enables organisations to write policies around how to secure their networks, for example if a device is vulnerable specify which connected devices must be isolated, or which device it must communicate with exclusively. 

Share article