Inpatient telemedicine in hospitals is expanding rapidly for many reasons. Yet older solutions running on old operating systems represent a fundamental threat to the security of the hospital environment. In the next 12-24 months, it is very likely that a major hospital outage or ransomware attack will have come through their telemedicine solution.
Hospital CEOs and Boards should stop allowing these solutions to be exempt from their security policies. CIOs should know they are accountable for what happens and proactively get ahead of such potential issues. CEOs should ask “Is our use of of video in the hospital secure?”
Beckers list of recent security breaches is never more than a few weeks old – how can your hospital avoid being on it?
- Force vendors to have a SOC2 Type II Security Audit or equivalent. This audit should include third party penetration analysis. Your own security reviews are not a substitute for their controls. Customer references and past history is not a substitute for strong controls – the expansion of video inside the hospital creates a new urgency and level of need.
- Isolate the networks video devices are on. Ideally, telemedicine endpoints should be isolated from the hospital’s main network if possible. Essentially don’t trust anything on your network – even if its one of your own. This mitigates many potential vulnerabilities.
- Beware of older Microsoft operating systems and keep up to date for patches. Microsoft has stopped support for Windows 7 (and anything earlier)
Security in hospitals is certainly a sophisticated and challenging – but great security begins with making the simple things simple. Require your vendors demonstrate they take security as seriously as you do your patient’s care.
See what LookDeep does to ensure hospitals are protected.