Morten Illum, VP EMEA HPE Aruba, writes about how healthcare organisations can anticipate and overcome IoT risks, and the role of machine learning and behavioural analytics.
The Internet of Things (IoT) has the potential to transform all areas of the economy. But few stand to benefit more in a connected world than healthcare.
Consider how a hospital currently operates – running on a network of machines that are constantly monitoring, measuring and analysing, dealing with hundreds of people walking in and out of its doors on a daily basis, and on high alert around the clock. This is the ideal environment for smart, connected devices with greater autonomous, predictive and analytical capability. Turning a siloed device-driven environment into a connected one has the potential to enhance existing operations considerably: improving speed, efficiency and reliability, and ultimately enabling better patient care and experiences. It is little wonder then that US hospitals are already estimated to have as many as 10 to 15 IoT devices per bed, according to research by Zingbox.
Unfortunately, the security considerations of all this connectivity are significant, with implications for both patient data and care. Reports have shown that up to 89% of healthcare organisations that have adopted an IoT strategy have experienced an IoT-related data breach, while patient records are some of the most sought-after by hackers (fetching up to $250 on the black market according to Trustwave).
So what more can hospitals do to anticipate the risks of future connectivity? And how can they set up their networks to fight back?
Anticipating and overcoming IoT risks
For any network manager responding to these questions, the starting point is recognising the vulnerabilities that are inherent in large networks of connected devices. With every component offering a potential point of failure or entry to a would-be attacker, the more devices a hospital brings in, the greater the risk of a significant data breach.
But it is not just patient data that could be at risk in a worst-case scenario – far more worrying are the implications for patient care. A device that has autonomy to measure and deliver drug doses, for example, could suffer from a software glitch, or be taken over by a malicious attacker. Meanwhile during an episode of unexpected downtime, a device that isn’t critical to life – such as an MRI scanner – could gain preferential access to one that is, like a heart monitor.
These may be extreme scenarios, but they are something for which every hospital and healthcare provider must prepare. And guarding against them means addressing a key source of IoT vulnerability: network visibility.
Secure, visible, and under control
Protecting a network which houses IoT devices at scale is a challenging task at the best of times, but it can only be achieved if everything – down to the last sensor – is individually logged, secured and monitored. Without a system that allows everything to be “fingerprinted” in this way and then managed accordingly, vulnerabilities emerge that can be exploited.
As the volume and sophistication of IoT devices in hospitals increases, this is only becoming more of a mammoth task for network managers. Traditional approaches for profiling aren’t suitable for many IoT devices, rendering them indistinguishable and generic. And yet the ability to discriminate between devices is absolutely vital. Consider how you would react to an issue with an automated insulin delivery system versus one with the smart sensors in the hospital carpark. Critical-care devices that need to run continuously can’t be treated the same way as those which can be disconnected if needed.
Luckily, there is a solve for this lack of visibility – and that comes in the form of an increasing array of AI and machine learning solutions, like Aruba’s ClearPass Device, that are being created to ensure every device connected to the network can be monitored with the appropriate depth. Running on a purpose-built cloud platform, ClearPass deploys a range of machine learning models to differentiate between devices with similar IT attributes, and build highly detailed, behavioural-based profiles for any that are connected to the network.
Putting the spotlight on network security
When the future of healthcare is discussed, the spotlight is understandably focussed on clinicians, patients and devices. But as smart hospitals become a reality, attention will increasingly shift to the less visible role of the network security manager.
This brings with it great responsibility, but also the opportunity to play a vital role in the ongoing revolution of today’s healthcare system. In the age of IoT continued progress will rely as much on effective security as it does on hardware innovations and digitally enabled caregiving. Doctors will only be able to look after the patients if network managers use the right tools to care for the hospital. So isn’t it about time you run a proper diagnosis of your network security?