The mantra of any good security engineer is: ‘Security is not a product, but a process.’ It’s more than designing strong cryptography into a system; it’s designing the entire system such that all security measures, including cryptography, work together. – Bruce Schneier
Healthcare professionals have been tasked with achieving the fine balance between the need to ensure data security and the demand for complete access to information. Though with the incursion of medical and mobile devices – consumer, doctor and hospital – security needs must become top priority. Failure to implement proper access controls in the United States is one of the largest attributors to compromising healthcare organizations’ patient data security. The cost of data breaches on providers as a whole is estimated to be at an astounding total of seven billion dollars. With a precarious price point like that, here are a few key points into securing network access:
Network Access Control (NAC) Solutions
In order to ensure quality patient care, providing absolute, immediate network access has become essential, especially in the face of mandated instant communication. With technological upgrades made daily on operating system versions, the risk for data breaches only rises, so an adaptable security solution becomes pertinent. Using a network access control (NAC) solution will allow the capabilities to identify the type of user and connected device, while simultaneously screening for threats such as obsolete antivirus protection. NAC solutions can permit a network wide view of security status across the breadth of equipment and devices; this view is highly valuable to healthcare organizations, especially those working with multiple vendors that comprise their internal infrastructure.
Securing Network Access for Patrons
A sundry population exists that accesses a healthcare network – visiting physicians, specialists, patient guests, family, etc. – so it is IT’s responsibility to ensure network security while reducing the administrative obligations that accompanies guest management. To do this, IT must secure the network by having each guest user and device be identifiable and only those that are authorized be able to connect. Taking identification further, network access can be restricted by device, department or time of day. This access must be provisioned though and guest management processes must become part of an automated workflow as to minimize the obligation on IT. For example, patrons should be automatically signed off from network access after a predetermined period of inactivity and concurrent logins must be disabled.