More Connection = Higher Risk



In all different roles within healthcare, employees and leadership use several types of internet-connected devices to accomplish daily tasks effectively and efficiently. We know that this rapidly growing tech landscape creates a corresponding increase in security vulnerabilities and threats.

“The interconnectedness of healthcare means that security practitioners are tasked with juggling a combination of IT, OT, IoT, and Internet of Medical Things (IoMT) devices amid a volatile cyber threat landscape.” For providers, this means that while you are having to track the whereabouts and security of more and more devices, the criminals who want to steal your data are getting smarter and smarter - not to mention equipped with better tools than ever.

In a recent analysis of nearly 19 million devices, researchers found that DICOM workstations, nuclear medicine systems, imaging devices, PACS, and patient monitors were some of the riskiest IoMT devices. This risk grows as electronic devices in healthcare are used for longer than those in other industries.

Even with the risks, and the difficulty of regularly updating devices and maintaining an accurate inventory of this tech, the utility of these devices makes them indispensable to providers. So how can we, as healthcare professionals, protect ourselves from the increased risk that comes with increased connectivity?

How Can We Protect Ourselves

Protection starts with a thorough enterprise-wide risk assessment, which should be performed regularly as required by HIPAA law. Once you complete the assessment, you can start taking steps to address your findings, “such as patching known vulnerabilities, hardening devices by disabling unused services, using strong and unique passwords, segmenting the network to isolate risky devices and finally implementing comprehensive network monitoring to detect attempts to exploit devices."

It’s important to note that any device that connects to your network poses a security threat, and these security tactics must be implemented for all devices, not just some of them. “Cybersecurity solutions and strategies that work in silos will not adequately account for the growing attack surface.”

Conducting an SRA

If you have not yet conducted your Security Risk Analysis, now is the time to fulfill that requirement. If you have, you are in a great position to start making small (or large) improvements to keep your patients and your organization safe. Wherever you are in this compliance process, Medcurity wants to help. Let us know how we can best serve you, and if you have any questions please reach out here.