Jun 21 2018

4 Tips to Successfully Segment Your Healthcare Organization’s Networks

Separate devices based on trust levels and use in order to conquer cybersecurity threats.

With the proliferation of network-connected devices, healthcare organization networks have grown larger and more complex. This gives potential hackers more opportunities to infiltrate provider systems.

One of the most helpful techniques for improving security is network segmentation — breaking networks into pieces, placing devices with similar security needs on each segment and restricting all network traffic attempting to cross those segments.

Here’s four tips for getting started:

SIGN UP: Get more news from the HealthTech newsletter in your inbox every two weeks!

1. Analyze Network-Connected Medical Devices

Segmentation won’t be effective unless you first analyze the overall security posture of your network-connected devices. Each network segment should contain devices with similar trust levels, so that compromising a low-trust device does not grant easy access to high-trust devices.

Examples of segments include separating visitor devices from organization devices and separating laptops used by management from medical devices.

2. Design and Implement Healthcare Network Segmentation

There are two types of segmentation: physical and virtual. Physical, on-premises segmentation is generally the most expensive option and takes the longest to implement, but it can also provide the strongest security. That’s especially true if segments have their own internet connections, making them truly separate.

Another physical segmentation option is to move devices to the cloud, but this is only feasible in limited cases. Virtual segmentation can usually be achieved quickly and inexpensively, but it may not be as strong.

Regardless of the method, providers must use additional technologies to monitor and restrict network traffic at each segment boundary.

3. Monitor First, then Enforce with Hospital Staff

Roll out segmentation in phases to minimize operational disruption. Don’t enforce restrictions for segment-to-segment traffic at the outset. By using a monitor-only mode, you can identify issues and correct them without inadvertently blocking necessary activity. After resolving these issues, you can start enforcing the restrictions.

4. Maintain the Segmentation and Adjust Over Time

Segmentation requires maintenance over time. As the organization deploys new devices and retires existing ones, new segments may be needed and old segments may need to be consolidated or eliminated. Changes to restrictions will also be necessary to account for changes in devices, network traffic and security risks.

ivanastar/Getty Images

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.