Security

How Can Healthcare Organizations Create Self-Aware and Secure IT Networks?

Observability tools allow healthcare organizations to maintain self-aware networks that use artificial intelligence to detect security threats and avoid costly downtime on systems that run lifesaving medical equipment.

Brian T. Horowitz

Twitter

Brian T. Horowitz is a writer covering enterprise IT, innovation and the intersection of technology and healthcare.

In healthcare, organizations aim for visibility into operational and clinical workflows to prevent downtime and secure their networks against threats. Staying online 24/7 is crucial, and an outage could lead to financial loss and impact patient care.

Health systems have hundreds of applications to monitor across multiple environments, including network, servers, storage and cloud. Observability tools, which include IBM Instana and Splunk Observability Cloud, can provide the necessary visibility into a healthcare network’s systems.

“Observability tools provide unified visibility into the convergence of operational and clinical workflows, and can help healthcare organizations to optimize care delivery by collecting data insights into system behavior,” says Patrick Lin, senior vice president and general manager of observability at Splunk, a Cisco company.

DISCOVER: Observability tools can help healthcare organizations solve five challenges.

A self-aware network can protect uptime for critical applications. In healthcare, that could mean patient monitoring equipment; a patient’s life could be on the line if the system goes down, says Bill Lobig, vice president of product management for automation at IBM.

Lobig says observability tools can understand the interconnectivity of systems and network endpoints and monitor transactions and API calls. As health providers monitor the vital signs of patients, IT leaders must monitor the health of a network and triage when problems occur, he adds.

“Knowing that there are vulnerabilities in critical places or not and being able to quarantine those or take action is a great way that observability tools can help healthcare applications,” Lobig says.

Healthcare Organizations Face Observability Challenges

At healthcare organizations, observability is often siloed and vendor-owned, which limits the ability of health systems to gain visibility, as they must rely on their vendors to maintain service-level agreements (SLAs). Segmented support systems lead to a “cascading effect of inefficiency,” Lin says.

“Without centralized governance, provided for by common tools and language, two opposite but equally undesirable outcomes emerge: excessive ownership or lack of ownership over issues,” he says.

Healthcare organizations can keep their partners and vendors accountable to their SLAs by using code-level insights and combining that with application and hardware logs, network path tracing, and proactive monitoring of private and public networks, Lin advises.

Click the banner below to learn why cyber resilience is essential to healthcare success.

x-cyberresillience4-static-2024-na-desktop

x-cyberresillience4-static-2024-na-mobile

AIOps Helps Health Systems Tackle Alert Fatigue

Alert fatigue is another challenge to maintaining a self-aware network, and healthcare providers have no shortage of alerts. AIOps, or artificial intelligence for IT operations, allows healthcare organizations to prioritize important alerts, Lin explains.

“For example, embedding AI within observability tools can help to set alerts and reduce false positives by creating dynamic baselines using historic data,” he says, adding that health systems can then group alerts into events to maintain visibility and prioritize what to monitor first.

AIOps allow health systems to self-heal by using AI and machine learning to detect problems and resolve issues without disruptions occurring. In addition, AI agents such as log agents and metric agents can correlate and pull together information on network issues. Rather than humans being responsible for identifying the root cause of IT problems, ML technologies and large language models can now sort through data to find the issues in log files and self-diagnose, Lobig says.

Key Strategies for Maintaining Visibility and Security

To create a self-aware and secure IT network, organizations should adopt a “trust but verify” approach, Lin advises. (Zero trust, which follows a “never trust, always verify” approach, is an alternative to “trust but verify.”)

He recommends healthcare organizations have data-driven conversations with vendors as part of an observability center of excellence model. A CoE is a group that provides a framework for carrying out and maintaining observability. It helps with governance by explaining the rules and standards for observability, such as what to observe and how to observe. A CoE also provides guidance on which observability tools to use.

Open telemetry creates a unified framework for telemetry data as well as automation of processes, scripts and tools to improve operational efficiency and reduce downtime. It opens up data collection, which is often proprietary and difficult to manage, Lobig says. In addition, observability tools use telemetry to gain contextual information on where a problem originates on a network.

Lobig recommends using vulnerability management tools to allow organizations to distinguish the false positive alerts that pop up from the many scanning tools, dials and knobs, he says.

Configuration management databases provide visibility by allowing healthcare organizations to track which devices, such as medical carts, are attached to a network and know whether a device has been dormant for a long time.

Security teams (SecOps) and observability teams (ITOps) can use a unified platform to share data to detect incidents before they occur and to remediate threats faster. Detecting incidents earlier will allow health systems to be more resilient, Lin says.

pixdeluxe/Getty Images