Ty Greenhalgh, Healthcare Industry Principal at Claroty, explores why a strategic approach to asset management can tackle some of the biggest tech issues in healthcare.
Healthcare providers juggle many digital priorities driven by their central commitment to improving patient care. This means leveraging technology like the Internet of Medical Things (IoMT) to improve efficiency and effectiveness. Their primary mission is, however, tempered by intense budgetary pressure, with a need to reduce spending and do more with less.
Lurking behind these budgetary pressures remains the necessity to safeguard healthcare infrastructure against cyberthreats to protect patient well-being and privacy. A continual string of cyberattacks hitting healthcare providers worldwide highlights that the sector has become a primary target for cybercriminal gangs.
While they may often seem at odds, patient care, cost-effectiveness and cybersecurity are closely interlinked and can all be achieved by getting a firmer grasp on managing connected assets. Here’s how improved asset management can enable better and more cost-effective patient care while tackling cyber risk.
The security risks of unmanaged connected technology
The average frontline care provider is host to a growing number of connected devices. This includes everything from vital sensors, IoMT hardware such as MRI machines and insulin injectors, all of which can provide more efficient patient care by making critical information more accessible. It also includes the array of standard connected devices common in many workplaces, such as HVAC and CCTV systems.
But while these assets undoubtedly improve patient care, digitisation is a double-edged sword that can also create more risk. Unless properly secured, every connected device on the network presents a potential entry point for cybercriminals. At the same time, disruptive attacks like ransomware can also render IT systems inoperable, shutting down everything from patient databases to medical equipment.
This risk is exacerbated by the fact that many healthcare providers have no true idea of their connected IT landscape. A freedom of information request found that roughly a third of NHS trusts have no processes in place for tracking the Internet of Things (IoT) devices connected to their networks. Of those that do, some use ineffective manual stocktaking methods, and many rely on inventory lists that are rarely, if ever, updated. Only a third use automated tracking systems.
It’s a common school of thought in cybersecurity that you cannot protect what you don’t know you have. Unless trusts have a clear picture of their assets, they cannot hope to properly protect them.
Why underutilised digital assets are throwing money away
Repeated incidents, such as the major attack on St Barts NHS Trust in London, or a recent attack that left the A&Es of three US hospitals unusable, position security as an important driver for better asset management. However, gaining a proper inventory of connected devices is also an important financial move.
Faced with pressure to pursue ambitious digital transformation, trusts can often end up losing track of devices. A lack of available IT resources means new assets may not be properly configured and integrated into the network, stopping them from being used to their full potential. Successive waves of investments may also lead to redundancies, with new devices being brought in for tasks existing hardware could already cover. Underutilised assets can present a significant financial drain that tightly budgeted trusts cannot afford; purchasing too many and continued maintenance costs for devices not being used. But with little in the way of proper asset visibility and management, many will have no way of knowing how much capital is being wasted.
Cutting this wastage requires an automated approach that can quickly and reliably identify all connected assets, without the need for painstaking manual reviews and inefficient spreadsheets.
Getting to grips with protocols and processes
Getting to grips with connected assets requires more than accounting for physical devices and must include understanding the way they communicate with the network as well. The growing complexity of IoMT protocols and network connectivity compounds the challenge of fragmented asset management within healthcare. IT departments, already stretched thin, are grappling with rapidly evolving IoMT communication protocols and network configurations.
Additionally, institutes face an organisational challenge where knowledge and responsibilities are often siloed. Clinical engineers, possessing invaluable insights into medical technologies, are frequently excluded from asset management and network security discussions. This exclusion limits the understanding of the asset landscape.
As trusts get to grips with their devices, they should also take the opportunity to understand the protocols used across their facilities. Again, an automated approach here will help to cut through the complexity and avoid tying up limited IT resources. This process should also include reviewing policies and bringing in knowledgeable stakeholders.
Future proofing for regulatory compliance
Last, but by no means least, enhanced asset management is also pivotal in meeting compliance standards. This has long been a top priority as healthcare has always been a tightly regulated field, and compliance needs have only grown in recent years. For example, the Data Security and Protection Toolkit (DSPT) requires all organisations handling NHS data to assess their security and privacy. On a larger scale, healthcare is included in the EU-wide NIS2 standard, bringing in more stringent requirements including asset management.
Establishing an up-to-date asset inventory that can pinpoint where each piece of data is stored and the security safeguards in place for it will go a long way in ensuring compliance for these standards, as well as future proofing against further developments.
To conclude, while the healthcare industry will continue to face significant challenges around balancing patient care, budgets, and security; focusing on discovering and managing digital assets will help tackle all three issues simultaneously. With this under control, providers can work towards an efficient and cost-effective IT infrastructure that boosts patient care without opening the door for cybercriminals.