The healthcare sector has been in the headlines fairly often lately due to network breaches. Major hospitals have had to explain how breaches by hackers who hijacked and encrypted entire databases of confidential patient information went undetected, even with sophisticated point security solutions. Breaches and HIPAA violations are something that must be made public is embarrassing and subjectively costly to the brand. It is also financially expensive to then pay to decrypt the information. But buying more of the same security solutions is not the answer to the breaches caused by new devices on the network that's not under the control of IT. Automated visibility and policy enforcement of these devices is the answer. The cost of future proofing your existing infrastructure while controlling mobile access to your networks is nominal compared to the cost of a breach.
With all the point security solutions on the market such as perimeter firewalls, web security, anti-virus, etc., why is this now a problem in healthcare?
There have always been physicians and nurses that work on a contract basis at multiple hospitals, but this trend has been accelerating. Hospitals need to be better prepared for part-time users, personal devices and credentials and privileges that may be stale.
These healthcare professionals use their personal unmanaged devices on hospital networks, and by the nature of their roles, they must have access to confidential information. With electronic medical records (EMR) at the heart of healthcare, major hospitals must now better maintain manage who and what doctors and nurses can access.
Many physicians enter their notes into the EMR system from home using their personal devices after seeing patients during the day. But, based on the various roles within a hospital, each user has different network access requirements. An environment made up of mobile users and devices require the use of policies to enforce specific requirements. The hospital needs a way to automatically enforce user behavior to cut down on mistakes, which can then lead to breaches and legal action.
Similarly, the average hospital room has 15 wired connected devices that are used to manage and maintain the temperature, and monitor and treat the patient, among other things. These IoT devices can be difficult to discover as they are not as visible or as well-known as mobile devices. It is critical to be able to find and enforce policy on these devices, otherwise, they can be compromised via unauthorized access and allow access to other resources on the network, which directly impacts patient care.
With ClearPass, user, device, and location can be used to create policies that protect the network from these existing threats caused by unmanaged personal devices and user behavior.
To learn more, our updated healthcare solutions brief addresses these problems and others that ClearPass can help resolve.