- Fortinet identifies cybersecurity challenges and recommends Wi-Fi security models for healthcare networks to balance security with flexibility
Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, reminded CISOs in the healthcare sector to make Wi-Fi security a top priority in protecting their organisations. As Internet of Things (IoT) and mobile device adoption are driving healthcare professionals to access their networks through a multitude of devices, healthcare firms must balance the need for security with the flexibility of allowing almost any type of device onto their networks.
According to a recent IDC research report, the Asia-Pacific (APAC) IoT market is undergoing a dramatic expansion with the number of connected “things” increasing to 8.6 billion by 2020, representing a significant 29% of the global total. In terms of spending on IoT, APAC (excluding Japan) is also projected to top the world in 2018 with $ 312 billion.
“Hospitals, clinics and elder care facilities across Sri Lanka are increasingly relying on wireless technology for better patient outcomes and improved operational efficiency. From accessing patient records with computers on wheels or handheld tablets, to getting telemetry from medical devices, nurse call systems and location-tracking applications, Wi-Fi access is now at the heart of patient care,” said Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet.
As the number of ‘headless’ wireless devices accessing the healthcare network increases, the need for access control and application security becomes even more critical for any healthcare network. Health IT organisations must carefully research WLAN and security deployment models that does not compromise the protection provided. Fortinet cites some of the key challenges facing today’s local healthcare sector below:
A plethora of mobile devices – Healthcare professionals often have a veritable arsenal of mobile devices at their disposal, many of which are personal. They must all be on-boarded securely and in compliance with HIPAA and other healthcare standards.
Escalating mobile threats – The priority of healthcare networks have always been protecting patient data and regulatory compliance. WLAN vendors have robust solutions to neutralise wireless protocol and RF threats such as rogue APs, DDoS and man-in-the-middle attacks. With the explosion of mobile devices in clinical environments, new security measures are required to offer continuous protection across this ever-growing attack surface.
Mission-critical apps – Healthcare networks run both mission-critical and life-critical applications. This requires wireless LANs to deliver a glitch-free access to every point of the institution. Bandwidth management and application controls are therefore crucial for prioritising mission-critical apps while blocking or throttling others.
Rural and community clinics – Whether clinicians are at a hospital or at a remote clinic, they demand a consistent experience every time. They need seamless access to centralised medical records, local and remote clinical applications. Secure mobility and remote-care delivery between locations require sophisticated identity management integrated with a comprehensive security solution. However, the cost and complexity of provisioning and maintaining secure Wi-Fi access and VPN connectivity at remote sites is often a barrier.
Fortinet identifies three distinctly different WLAN deployment models for Health IT organisations to enable healthcare organisations to safely onboard caregivers’ personal devices, as well as medical equipment of every type without compromising security:
The Integrated Model is based on unified network and security management tightly integrated on a single platform and managed through a single pane of glass. The integrated option is skewed toward ease of operation and superior visibility and control through its seamless integration of security and wired and wireless infrastructure under a unified management interface. This model best suits health networks with multiple locations.
The Controller Model is ideal for Health IT organisations that like to manage networking and security separately, often using different vendor equipment. Wi-Fi and security are provided by different best-of-breed components, each managed independently. The WLAN system uses a channel management approach, which enables rapid deployment and scaling, as well as offers several reliability and traffic isolation advantages.
The Cloud-Managed Model is preferred by Health IT organisations with a large number of small sites requiring secure wireless networks. Security and WLAN control are tightly integrated in a cloud management platform allowing for centralised management and policies without the deployment of on-premises controllers. This model is suitable for health networks with many locations such as physician practices, clinics, community health centres and assisted living facilities.
“To protect patient data and deliver the best possible care, health networks need holistic, end-to-end cybersecurity at every point of care and in every facility, from clinics to hospital campuses. Health IT organisations can best serve their many and varied constituents by considering which WLAN model best meets their organisational needs, without compromising security,” concluded Rajesh Maurya.