Secure Health Care Device Management

January 9, 2019 - by Synoptek

Share Button

By Mike Pedrick

Health care IT teams struggle to manage the plethora of connected devices accessing their networks. This issue isn’t going away soon; the medical device connectivity market is set to reach $1.344 billion by 2021. The benefits of these digital tools for our patients are clear — but so are the risks.

How can hospitals leverage connected devices safely to positively impact patient care and clinical communication?

The state of health care connectivity

Across industries, technology devices are used to shape our lives and environmental conditions. They are also used to collect data — and in the case of health care, that data has direct applicability to higher standards of care. The benefit and value in technology is the prescience of the data; as advances are made, we can derive information faster and with greater accuracy, changing patient outcomes in real time.

Medical devices are becoming smarter. Devices are simultaneously smaller, more portable, more powerful, and more connected than ever before, which allows care professionals to stay close to the patient while accessing these tools. From telemedicine and remote monitoring to care coordination with specialists, today’s health care worker uses digital technology as a regular part of their daily rounds.

But the problem is that many of these devices have potential security vulnerabilities. Even as early as 2015, more than 80% of all doctors were using their personal devices during rounds. Could these bring your own device (BYOD) scenarios open a hole in patient data wide enough for a hacker to squeeze in? Yes, of course they could.

This is exactly why 9 of 10 health care executives say they are investing significantly in enterprise-wide smartphones and secure unified communication technologies this year. But it’s not just our phones creating hacker opportunities; internet of things (IoT) devices in the form of remote monitoring tools are creating both better patient outcomes and a higher risk of data breach.

Security is our Achilles’ heel

With unprecedented access comes unmitigated risk. Digital devices can be used to help heal the sick or to steal sensitive patient data. Private smartphones have applications downloaded from the internet that could provide a back door to identity theft. Improperly secured IoT devices can also be interfered with; imagine the damage caused by slight calibration changes in connected pacemakers or insulin pumps. What if MRI or CT scan data were manipulated in real time? These are very real, highly impactful scenarios that the health care industry now faces.

Our inability to successfully manage these siloed devices is impacting our operational efficiency and putting us at risk. Mitigating the inherent risk in this environment requires:

  • A complete inventory of the physical, virtual, managed, and unmanaged network.
  • Classification of devices by security risk.
  • Development of a 24/7 monitoring architecture tied to a centralized hub.

Hospitals must begin to address the security vulnerabilities in electronic health record (EHR) interoperability, while IoT vendors must bake security right into their software. Hospital IT teams must improve their efforts to stay current with on-premises software updates and configurations or run the risk of facing a WannaCry scenario.

Although we can’t tackle the entire realm of our connected devices, smartphone management is an easy place to start shoring up security vulnerabilities.

Managing smartphones in a health care network has five suggestions for managing personal connected devices:

  1. Set policies on how mobile devices will access patient data.
  2. Conduct a risk analysis.
  3. Determine privacy and security safeguard requirements.
  4. Document and implement your established security policies.
  5. Train teams in compliance.

 Synoptek and risk mitigation

Synoptek is in a unique position to serve as a trusted caretaker, educator, advisor, and advocate for our clients. With a careful, reasoned, experienced, and informed approach, we help organizations embrace new connected technologies without significantly increasing the risk. As technologists, we can navigate tricky implementation scenarios, streamline processes, and address incidents in a manner that allows our health care clients to do what they do best: heal the sick.

Does your organization need help with managing connected devices? Synoptek is the partner you need. Contact our team for a strategy that fits your environment.

About the Author

Synoptek is an established firm that provides information systems consulting and IT management services. Synoptek and its predecessors have been providing these services for 23 years.