A growing number of endpoints — from blood pressure monitors to IV pumps — are being added to the already complex networks of healthcare organizations. And as these devices become more standard in healthcare settings, they continue to collect an increasing amount of patient data, making them evermore critical for organizations to secure.
“These devices are not designed to be integrated into enterprise networks, and they don’t have the security built in at the level of most enterprise or even consumer devices and applications,” says Wilkins. “Many of them don’t offer free upgrades, so patching is a bigger issue.”
In the meantime, adopting security practices such as network visibility tools, network segmentation and multifactor authentication can help organizations take initial steps toward minimizing the risks these endpoints pose.
6 Ways to Strengthen Your Endpoint Protection Strategy
Knowing your organization’s environment is a vital first step to creating an effective endpoint management strategy. According to IT experts, asking these questions can get you off to a good start:
- How many employees and affiliates are in the organization and what network access do they need? This includes staffers such as home healthcare workers and emergency medical technicians.
- What devices are on what portion of the network at any given time? Devices on the wrong part of the network or in use on an atypical day or at odd hours could suggest an issue.
- What are end users doing on the network? IT teams must keep critical information flowing but should also audit user activity for potential threats.
- Where is critical patient and business data located? If you don’t know the location of your data — and where it’s most vulnerable — you can’t assess the risks to it.
- What is the status of security patches on all devices? Keeping track of smart medical devices can be tricky, but it’s the first line of defense against viruses, malware and intrusions.
- Who is managing medical devices? IT employees, not facilities teams or another department, should control access and visibility into smart devices on the network.