A recent report by BCC Research shows that the MSP market in the United States will grow from $62.0 billion in 2017 to $94.5 billion in 2021. While banking, insurance, and financial industries continue to dominate an MSP’s clientele, the healthcare industry was not far behind. This presents numerous opportunities for MSPs to help healthcare clients integrate both technology and networking components into their infrastructure.
However, with all this opportunity comes vulnerability and MSPs should be well-positioned to fill this security void. When it comes to the current state of healthcare services, micro-segmentation is where the action is.
According to healthcare-informatics:
“There’s a single IT security strategy that nearly all patient care organizations have implemented at least in part, it’s network segmentation — the purposeful separation of elements of an organization’s information technology network in order to enhance IT security.”
What the experts are saying
Drex DeFord, one of the nation’s foremost authorities on hospital security and medical data safety, is a huge fan of micro-segmentation. DeFord spent most of his career in military healthcare and after retiring, he oversaw hospital IT operations as CIO at Seattle Children’s and then Steward Healthcare in Boston. Currently, DeFord works as a consultant with health systems, vendors, start-ups, and VC/PE firms to help them tackle some of healthcare’s toughest problems.
Medical devices are constantly threatened with attacks, whether it be a home heart monitor or radiological equipment at the hospital. This is where micro-segmentation comes in. While cybersecurity has always relied on an element of segmentation, micro-segmentation helps device security to be very targeted. A hacker may gain access to, say, an individual dialysis machine, but the intrusion, using proper micro-segmentation, would stop there. The best way to currently secure sensitive medical devices is through micro-segmentation, DeFord explains.
“If you can find all the devices and then protect them in their own network segments, that’s one of your best bets. Companies like CloudPost have great tools that make this way easier than it’s ever been,” DeFord shares.
In some ways, micro-segmentation helps to ease the tension between the consumer’s desire for increased device capability and adequate security. The problem with healthcare devices isn’t much different than other legacy systems like power grids or appliances.
“A lot of this stuff was created without security concepts being built-in, or the devices themselves don’t allow the buyer to easily get admin functions and do things like change passwords,” DeFord explains.
“On top of that, even if the device allows that capability, we often find the consumer (or even the business) not changing the default settings.” DeFord notes that this defeats a lot of the security capabilities from the beginning.
“One of the next best universal solutions to security for these kinds of devices is micro-segmentation. Dump them into their own little network world, and then create rules about where devices on that network can and cannot communicate,” DeFord says. This where MSPs earn their pay because a lot of wrinkles go into these rules. Many of these devices are built with odd protocols or other connectivity requirements that the average person wouldn’t have the time or skill to tame.
“MSP’s and Security-as-a-Service definitely play a large role. There aren’t enough cyber professionals to go around. Great expertise is expensive, especially if you build it all in-house,” DeFord details, while also adding that the client needs to stay involved.
“Working with SaaS partners doesn’t rid you of the responsibility of security and privacy programs. SaaS efforts just allow you to offload work and buy expertise. The overall program still belongs to you,” DeFord explains. Once the devices are secured, there is the issue of the data itself which can now reside in several places.
DeFord elaborates, “We’re now in this interesting world of analytics, where the source system where the data resides for operation is often no longer the only place it resides. We might take action to secure each of our applications and the associated data, but when the data is extracted and combined with data from other systems for analytics and reporting purposes, sometimes organizations fail to properly secure the new (even more rich) data source as well as they do the applications.”
Moving towards “true healthcare”
Everything in healthcare is changing right now, and according to DeFord, IoT is poised to play a much larger role.
“We think of EHR’s (electronic health records) as the center of the HIT care universe. But pretty soon, the data in the EHR will be only a fraction of what we know about a patient’s health. The rest of the data will come from IoT and other data streams,” DeFord explains. All this data will make for a healthier patient.
“Great analytics, coupled with AI, will let us move our industry toward true “health” care — keeping patients well, and out of the more expensive sick side of our care systems,” describes DeFord.
Photo: Andrey_Popov / Shutterstock.