Cybersecurity on the healthcare edge

A new report from AT&T on cybersecurity and edge computing highlights a growing area of concern. The report shows that edge computing in healthcare is rapidly increasing,  leading to more vulnerabilities in cybersecurity. These vulnerabilities, however, can be turned into opportunities for managed service providers (MSPs).

Edge computing is transforming healthcare with tasks ranging from janitorial to molecular. For instance, imagine entering the exam room at your doctor’s office and being met by a robot. The robot leaves the room after thoroughly disinfecting it due to a prior influenza patient. In many places, you don’t have to imagine it. It’s already happening.

Henry Ford Hospital in Detroit has a fleet of over 20 Xenex LightStrike™ germ-killing robots across its system, including one that will assist cleaning staff. In Napa, California, Queen of the Valley Medical Center uses a Xenex robot to help kill bacteria, viruses, mold, fungus, and spores. “Not only does it take some of the burden off the in-house janitorial staff, there’s also this public perception that the robots are infallible and somehow their rooms will be even cleaner after robot gets through with it,” says Jason Norris, a healthcare IT specialist based in Cincinnati, Ohio.

More than robots and drones

But it’s more than just beeping robots and disinfecting drones changing healthcare. Healthcare organizations are looking for remote and emergency medical staff to accelerate patient diagnoses and provide initial care to nonurgent cases through telemedicine. If a patient has a cough, for instance, instead of hacking germs throughout a crowded hospital, a specialist can meet with them remotely.

The ecosystem is expanding rapidly to include more “hospital in the home” type care situations, with patient-based sensors and IoT devices playing a more significant role in mobile medicine and the overall patient experience. “The best in-home diagnostics, though, use sensors, and these sensors have potential edge vulnerabilities,” Norris warns.

AT&T’s annual edge computing insights report highlights that these mobile medical devices are vulnerable to cyberattacks and present significant risks to health systems and their providers. Adding to the security complexities, the endpoints are also increasingly mobile, according to the report, with 53 percent of endpoints now being mobile.

Meanwhile, 74 percent of respondents to the AT&T survey use 4G/LTE cellular networks as edge connectivity systems. As a security solution, 52 percent use a combined function of cybersecurity and on-premises networks. Interestingly, survey respondents are primarily worried about insider threats, but both external and internal threats remain concerns. “An MSP needs to watch the inside and the outside. You can’t let security on one suffer at the expense of the other,” Norris advises.

The edge has some people on edge

Medical edge computing devices, Norris says, are often designed with a focus on functionality rather than security. This can make it difficult to implement effective security measures that do not interfere with the device’s functionality. “A connected blood glucose monitor’s manufacturers have placed a premium on the patient experience. Using security is not the priority,” Norris explains. “That will change, however, as the government has been pushing the issue.”

MSPs with clients in the healthcare vertical need to leverage their expertise on the edge. This is a growth area for MSPs and a reminder to watch for vulnerabilities. Norris says MSPs with healthcare clients need to make annual risk assessments of clients if they haven’t done so.

“Healthcare clients aren’t like the local feed store. Healthcare IT is changing almost daily, so a risk assessment conducted three years ago isn’t going to be relevant today,” Norris shares. The risk assessment must identify and address edge devices, networks, and system vulnerabilities. MSPs also need to leverage their 24/7 presence on edge devices.

“An MSP can monitor edge devices and networks for security threats and respond to incidents quickly and effectively,” he adds.

Compliance complications

More than any other vertical, healthcare is subject to regulation and legislation. While slight sloppiness with another client can be fixed, the same can’t be said for healthcare, where HIPAA, GDPR, and numerous other regulations govern cybersecurity. This includes developing and implementing security policies and procedures and conducting regular security audits. “If PHI data is exposed, that can be very costly to the MSP, the healthcare provider, or both,” Norris warns.

Other recommendations from the AT&T report above include:

Collaboration: The edge ecosystem in healthcare requires collaboration among various stakeholders, including the line of business leaders, research and development, innovators, legal, compliance, practitioners, consumers, and experts in networking, cybersecurity, and IT. Each stakeholder brings a unique perspective, represented by different points of view, frameworks, and priorities.

Resilience: This new “edge era” of healthcare requires resilience. “This has been a buzzword in cybersecurity circles over the past year or two,” Norris says.

Update Applications: The report states that healthcare organizations should anticipate changes that impact their edge computing use cases, evaluating how devices within the ecosystem, including PCs and remote sensors, can be patched, or upgraded.

“There are many vulnerabilities on the edge, and the edge will grow, but MSPs that can come up with a plan that is scalable, seamless, and economical will be ahead of the game,” Norris concludes.

Photo: S_L / Shutterstock

This post originally appeared on Smarter MSP.