HIT Think

How to shore up networks to thwart intrusion attempts

While there are processes and regulations in place for sharing and protecting data in the healthcare industry, there is no single prescription for monitoring the array of networks across which data travels within hospitals and among healthcare organizations. According to an independent research organization, 90 percent of health organizations have experienced some type of data breach in the last two years, and almost half have had five or more breaches.

The information in the databases that hospitals and health networks maintain is especially attractive to hackers, so the need for effective network monitoring and complete network visibility has never been greater for the healthcare IT professional. What’s the best way for a healthcare organization to approach network monitoring and security?

Data Breach Chart

First, it’s important to define exactly what network monitoring is and why it should be a critical component to any network information system. Network monitoring is much more than a system to ensure that traffic is flowing efficiently to network or application performance and security analysis tools. In much the same way that physicians in the hospital run tests and collect samples to determine the health of an individual, network, monitoring is the collection of data and the efficient implementation of tools that help the IT professional assess the health of the information system.

The following are some key considerations when building an effective network monitoring and security system.

Determine your needs. Different stakeholders within the organization may have different monitoring needs, so a critical first step is to identify the needs by department or function, and who within those areas have responsibility for network monitoring. Each of those areas also may need visibility into different aspects of the network. For example, one user may need to monitor the overall network performance, while another user may be focused on a specific application, and another may be focused on intrusion detection or other security issues. These needs will determine which tools are appropriate for building your overall system, which could include troubleshooting and tracing tools, remote diagnostics and traffic monitoring tools, among a number of options.

Capture the right data. With base-level needs established, it’s then important to analyze your network architecture. In many hospitals and health systems, information networks have been assembled or consolidated over time, often as a result of continually adding to existing networks or consolidation of facilities, and many organizations have remote sites to support. It’s critical to identify the most effective points to capture the traffic you need to analyze for monitoring and securing your network, whether that is on-premises, at a remote site or in the cloud.

See also: What experts are doing to safeguard their institutions’ data

Capturing massive amounts of traffic from various points in the network while maintaining the ability to decipher and analyze the data in a timely manner can seem overwhelming. Organizations must be prepared to develop strategies for aggregating traffic of interest, and then filtering that traffic to extract the most important data for your monitoring needs. All points of entry where data enters your system must be actively monitored, including desktops, laptops, tablets and mobile phones, and a whole host of other possibilities. A healthcare organization would do well to engage an experienced vendor or systems integrator to participate in planning a network visibility architecture. This will help eliminate potential blind spots and enable network growth and technological change.

Choose the initial set of tools. While any number of off-the-shelf tools are available, it’s important to identify tools that will deliver the information and insights you need to manage your network and ensure the security of the data traveling across the system. Some tools are designed for analysis of specific applications, such as VoIP, while others support more general applications, such as network performance monitoring, application performance monitoring or inline security analysis tools. Advanced monitoring features, such as packet slicing and packet matching, can strip out and remove sensitive information to comply with data privacy regulations such as HIPAA.

In all cases, look for integration and solutions within the network data aggregation switch and analysis tools or an all-in-one device, including traffic capture, storage and analysis tools, that has already been proven to work. This will provide you with a level of confidence that you have a working solution and you are seeing all the traffic on your network.

Plan for growth. Finally, any network performance and monitoring system needs to have the capacity to support the scale and complexity of your fixed, remote and virtualized computing environments. Deployment may vary with tools being distributed across data centers, hospital campuses, specialty centers and physician offices, or deployment may entail distributed architectures with centrally located tool farms. Continually evaluate your monitoring environment for effectiveness and capacity, and be prepared to adapt to the evolving nature of cyber threats.

For all healthcare IT professionals, a focus on network performance and security is critical to success, and failure can impact the bottom line. Healthcare IT professionals need complete network visibility of all user activities related to how data is being shared and who is accessing the data. They need the ability to immediately detect, characterize and mitigate attacks, and be able to see network or application performance issues in real-time. The right monitoring tools and network architecture will give you the confidence you need to know your organization’s data is protected and secure, and the network is operating as efficiently as possible.

For reprint and licensing requests for this article, click here.