As IoMT devices become more central to care, network monitoring is crucial.

May 07 2020

How Network Monitoring Keeps Healthcare Devices and Patients Safe

The technology allows IT teams to measure device use, optimize connectivity and spot suspicious behavior.

About 25,000 connected devices assist in care delivery and daily operations at Phoenix Children’s Hospital.

Tim Foss handles governance and risk management for all of them.

The total is always changing, largely because some portable devices may join or leave the network, depending on organizational needs. But for Foss, the hospital’s director of IT security, and his seven-member team, “there’s a lot we need to watch” at every moment.

Among the equipment: mobile tools such as smartphones and tablets, Internet of Things devices that include security cameras and audiovisual systems, and a wide range of medical devices — CT scanners, defibrillators, ultrasound machines and countless others critical to patient care.

Manually checking each device for anomalies “wouldn’t be very fruitful,” Foss says. This has led the hospital to implement specialized network monitoring tools that perform a range of key duties — automated processes central to simplicity and security.

After all, “Most traditional monitoring systems can say, ‘This is a MAC address,’ or, ‘Here’s a Philips device,’ but they won’t really tell you what that device does,” Foss says. That, he adds, can lead to uncertainty about how a device is being used or about what behaviors could indicate a potential threat.

Phoenix Children’s relies on Cisco’s Firepower suite, its Identity Services Engine and its Application Centric Infrastructure, as well as Palo Alto Networks’ Zingbox — a cloud-based platform powered by artificial intelligence — to identify and secure devices and also to optimize their management.

“Now, when we look at our traffic, we know exactly what we’re seeing,” Foss says. “If anything deviates from the baseline of what’s normal, we’ll get an alert that something may be wrong.”

Some IoT devices use nonstandard operating systems or face delays in patching updates, so the communication is crucial.

Early and effective alerts allow technical teams to continue hospital operations with as little disruption as possible, says Chad Waters, a senior cybersecurity engineer with the ECRI Institute, an international nonprofit devoted to advancing healthcare safety and quality.

“Delay in care is a patient safety issue,” Waters says, adding that remedying an isolated incident “before it becomes a larger-scale outage that takes critical systems offline” is always a preferred outcome.

Network Monitoring Tools Can Provide Actionable Alerts

The need for robust networking monitoring is poised to grow. A recent analysis from MarketsandMarkets estimates the global connected medical device market will reach $188 billion by 2024, up from $56 billion in 2019, as AI and remote monitoring solutions play a greater role in clinical decision-making and treatment plans.

That heightens the challenge of managing more devices — and also anticipating a higher likelihood of ­network security issues and threat actors.

Even seemingly innocuous equipment can harbor big risks. In one recent case at Phoenix Children’s, network monitoring tools helped Foss and his team discover that an X-ray machine on the network was running an obsolete and potentially vulnerable operating system.

Tim Foss

Specialized network monitoring tools allow IT teams to measure device use and spot suspicious behavior.

“We’d missed it previously with a standard vulnerability scanner because it was a portable device that wasn’t active at the time we did the scan,” Foss says. The team has identified devices that were improperly configured or still use passwords original to the default settings.

In an administrative context, network monitoring tools can track device usage patterns that inform financial and operational efficiencies.

If a department says it needs a new MRI machine, “you can go in and look at the data and see if they really do,” Foss says. But if a system review shows that two MRI machines sit dormant 75 percent of the time, “then maybe it isn’t necessary to purchase a new one right now. Maybe we should try to use what we have more effectively.’”

READ MORE: Learn about challenges and best practices for protecting Internet of Medical Things devices.

Monitoring Solutions Make for an Evolving Defense

A similar approach to surveillance is embraced by Kevin Rothstein, a network engineer for Sharp HealthCare, which operates six hospitals and dozens of outpatient facilities in San Diego.

Sharp has about 70,000 connected endpoints across its network, Rothstein estimates. He and his fellow IT engineers devote much of their monitoring efforts to network testing and troubleshooting — “things like trying to figure out why an application is slow” — but they’ve bolstered security measures to prioritize device performance and patient care as well.

Their tools: SolarWinds’ Orion Platform, which provides enterprise-level insight on how users and applications consume network bandwidth, as well as Splunk and HPE Aruba AirWave platforms to monitor the organization’s firewalls and gain deep visibility into mobile devices and apps.

These solutions run the gamut “from general-purpose tools that give us the big-picture view of what’s happening on our network,” Rothstein says, to systems that “get us much more detailed information — the stuff we need when we want to do a deep dive.”

Still, all monitoring endeavors have a shared DNA, regardless of circumstance or medical specialty. In radiation oncology, “there’s equipment that’s critical from a patient safety perspective, so we make sure they’re on an isolated network,” Rothstein says. 

The monitoring tools, he adds, put a greater focus on malware and related threats, “so if we do run into trouble, we can stop it from spreading and quarantine accordingly.”

Rothstein describes Sharp’s initiatives as “constantly evolving” and dedicated to continuous improvement. Building redundancy into monitoring systems to ensure coverage is a central part of that work, as is leveraging new technologies capable of processing network data in real time.

Taken together, those strategies are key to stopping the next threat, large or small, as well as to ensuring optimal experiences for patients and staff.

“We’re always trying do better,” Rothstein says. “Sometimes it’s the things we can learn from these tools that help us get that next monitoring win.”

Photography By Steve Craft

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.