Healthcare Cybersecurity Best Practices: Don’t Forget About the Physical Side of Digital Security

[checklist]

Like many other market sectors, the healthcare world was forced into cybersecurity adjustments and advancements by the COVID-19 pandemic. For example, it was suddenly not a good idea to use touchscreens and keypads to identify users and gain access. At a blinding speed in some cases, IT professionals have worked to deploy new solutions — some of which had been in process already or were being used in other industries and some were completely new.

 

With these technology advancements, it has become more important than ever to identify physical and digital/logical security weaknesses and be proactive about mitigating them to keep staff, patients and visitors (and their personal data) safe.

 

Evolving cybersecurity best practices are especially important in healthcare settings, because hospitals and other healthcare venues are technology-heavy, super-sensitive to privacy, and carry unique potential for harm when technology fails.

 

Jeff Broz, Prime Communications Inc. VP of Infrastructure Operations, pointed out that these concerns are particularly important in the growing world of the healthcare Internet of Things (HCIoT). “There is typically a well-established process for adding new devices to an enterprise network. The challenge is that the technology is changing so quickly, that keeping up is a daunting task for the IT security team.”

Healthcare cybersecurity: What could go wrong?

“When critical systems are compromised, not only is the data within those systems at risk, but the care team is impacted by forcing alternate workflows to ensure the quality of care and patient safety are not impacted.”

Jeff Broz, VP Infrastructure Operations, Prime Communications, Inc. Tweet

Some cybersecurity breaches are legendary in the healthcare world. For example, ransomware attacks and hacking through environmental controls. In a worst-case scenario, a nefarious actor can take down an entire network, locking users out or injecting viruses, causing gaps in patient monitoring and care.

Especially with some of the beefed-up collaboration technology being used through the pandemic to electronically replace in-person patient and family touchpoints, an increased number of potential breaches can deprive caregivers of access to vital information about their patients.

“It is pretty straightforward,” Broz said. “When critical systems are compromised, not only is the data within those systems at risk, but the care team is impacted by forcing alternate workflows to ensure the quality of care and patient safety are not impacted.”

This healthy fear of gaps in care have even led to an unhealthy avoidance of updating systems for some organizations. However, using legacy systems with only-partially-effective updates eventually results in more potential cybersecurity issues and — you guessed it — gaps in a hospital’s control over care. When word gets out about gaps in care, it can affect an institution’s ability to maintain its reputation and compete against institutions that allocate time and money to proper updates and upgrades.

Increased use of smart devices complicates cybersecurity, Broz pointed out, because they often do not include embedded security when they are acquired and implemented. This can lead to human error, from poor configuration to incomplete user protocols. It’s great to have devices such as smart pumps available to monitor distribution of pharmaceuticals, and many healthcare institutions have implemented them. However, do IT teams really understand the vulnerabilities that come along with such devices?

This matters in part because hackers are getting smarter. A number of breaches have occurred in recent years through laptops accessing environmental systems. IT and security staff now have a better understanding of how those breaches happened, but for a variety of reasons they don’t always take comprehensive steps to mitigate such possibilities in their own systems.

 

According to a Verizon data breach report, 59% of healthcare institution data breaches come from internal actors, whether intentional or unintentional. This often happens due to problems with un-segmented networks or missing security controls. In cases where damage is intentional, it can happen because credentials are too easy to steal, among other things.

Of course, if you oversee security or information technology in a healthcare institution, you have no doubt done your research and know all of this. If you are like many organizations, you have put cybersecurity protections in place and you are ready for the next attack. However, also like most healthcare institutions, you may have forgotten about or too-lightly addressed one particular area of cybersecurity: physical deployment and maintenance.

Broz puts in a nutshell just how critical physical security is to cybersecurity: “All of the sophisticated, deep cybersecurity protocols, software and processes you implement could be taken down in an instant if a bad actor gains access to a server closet through a door left ajar by third-party technician.”

Bones of an effective cybersecurity plan

Any institution’s cybersecurity plan includes a myriad of small security mitigations protecting the many parts of the system. However, without a well-thought-out, comprehensive structure to support full security coverage, all of those small solutions still could leave your organization vulnerable. Just as a building needs a framework to hold up the walls (the bones), a cybersecurity plan is the framework that holds up a system’s components.

An effective cybersecurity plan begins with assessment of every component in your system and every potential security breach scenario. Your assessment should include determination of physical ways bad actors could access systems (e.g., through unlocked doors), or where inadvertent actions could compromise the system (e.g., accidentally activating on/off switches). A comprehensive risk assessment should be created before any new components are purchased or programs are put in place.

The bones of your cybersecurity plan should follow emerging standards, including ever-changing best practices for encryption, data tracking, human error mitigation, awareness programs, and incentives for reporting phishing, for example. “Part of establishing digital security in a healthcare institution is knowing what the most current standards are and understanding how to follow them,” Broz advised. He said many institutions lean on third-party experts. However, if your team members are not already, they should get on the mailing lists of cybersecurity industry organizations, such as the Healthcare Information and Management Systems Society, Inc. (HIMSS), so they can receive timely updates and tips. Even with reminders from experts, Broz suggested many companies are forgetting about the physical side of digital security.

We’ve included a checklist of some of the most easily forgotten physical aspects of cybersecurity at the end of this article to help flesh out your cybersecurity plan. 

Overall, an effective cybersecurity plan must:

  • Include integrated digital and physical cybersecurity solutions pathways (“You can’t have one without the other,” Broz said.)
  • Take into account how your healthcare cybersecurity initiatives will affect profitability and other aspects of your institution, including efficiency, staffing and budgets
  • Identify unsupported legacy systems and realistically determine when the potential for ongoing vulnerabilities outweighs the costs of upgrading
  • Account for third-party devices that will be connected to your network by patients, families, employees and contractors — some exposure through third-party devices is intentional and some may be unintentional
  • Incorporate partnerships with trusted third-party service and equipment providers who know the specific business of healthcare cybersecurity
  • Prioritize to ensure that the most important, or most foundational, aspects of cybersecurity are managed first
  • Include an incident response plan, so your team knows exactly what to do when a breach happens
  • Outline built-in protocols for continual testing and updating your healthcare cybersecurity systems without any gaps in care
  • Integrate input, needs and concerns from other teams in the organization and align with high-level organizational goals and processes
  • Include detailed steps for continual training, information sharing across departments, and plan updating

Healthcare venues present unique, and oftentimes critical, potential cybersecurity issues. Most hospitals and other healthcare institutions hire experienced, educated inhouse information technology and security professionals who know how to create and carry out a plan. The key is to make sure your professional staff is given the time and resources for proper planning, implementation and management of cybersecurity — including ensuring comprehensive coverage, with no gaps, by addressing the physical side of digital security.

Physical Cybersecurity Plan Checklist

For more information about or assistance with both the digital and physical sides of your cybersecurity plan, contact Prime Communications Inc., 402-289-4126 or sales@primecominc.com.


Prime Communications, Inc. Dynamic Growth Fuels Opening of New Columbus Office

ELKHORN, Neb.—Prime Communications, Inc., a nationwide technology provider, will be replicating the success of their flagship location in Elkhorn, Nebraska with the opening of a regional office in the burgeoning Columbus market beginning this spring.

In 2001, founders Brian Kenkel and Steve Kanne sought to create lasting client relationships with best-of-breed security and infrastructure solutions. This approach has guided the company for 20 years through thousands of installations and an expanding solution offering of hardware and software as a managed subscription service.

Prime’s new location in Columbus is set to open April 1, 2021 at 480 East Wilson Bridge Road in Worthington, Ohio. Prime will be growing existing regional relationships in the retail, healthcare and financial service verticals, while providing the best in security and network solutions.

“As an organization, we are expanding to better support our enterprise clients and to provide the Columbus area with an additional option to fulfill their technology needs,” said founder and CEO, Brian Kenkel. “Our commitment has always been to support them exactly where they are, and we feel Columbus is the best place to begin serving that need.”

In preparation for the Columbus office grand opening, Prime Communications is creating new jobs from operations to administration, which they are looking to fill with local talent.

About Prime Communications, Inc.

Prime Communications, Inc. provides enterprise leaders with high-performing infrastructure along with physical security and network solutions. Prime was recently named in the SD&I’s Fast 50 List as a top systems integrator. Prime’s services include IP video, access control, cloud-based video management, workplace violence prevention, network infrastructure, managed offerings, and design and consulting services. Prime’s three critical factors of success: responsiveness, customized solutions and project management allow them to execute the most challenging projects while providing new and innovative technology solutions. For more information on Prime’s complete list of services and solutions, please visit: www.primecominc.com.

 

 


Pivoting to Security-as-a-Service: A Proactive Response to the Impact on the Economy

The U.S. economy remains unsettled during COVID-19. While many businesses have reopened, a majority continue to operate in limited capacity, either due to reduced occupancy numbers, or because customers are not comfortable to fully return to their pre-COVID consumer habits.

The accompanying decline in revenues means many businesses may be proceeding with caution on spending. They may have shifted to a more conservative cash preservation mode in hopes that they will survive until a new normal is established.

While splash shields and social distancing floor markers are a start, when it comes to technology, companies now have to incorporate new communication tools. A major one being video conferencing, to support remote employees so they can continue to collaborate with colleagues and customers. Then there are additional security solutions being installed in businesses as employees come back to work like touchless entries and thermal imaging solutions to pre-screen employees and customers for elevated temperatures, one of the most common symptoms of COVID-19.

Whether the pandemic is modifying social and commercial interactions, and whether or not the economy is good or bad, the reality is a variety of technology solutions will always be critical tools organizations use to help them achieve success. That is why during these difficult times, it’s important to adapt to new ways to help clients preserve capital like monthly payment procurement options.

Prime Communications has adopted a model that gives users the flexibility to take on new technologies at a low cost and the ability to control their technology roadmap.

Prime pays particular attention to the how-to pay aspect of customers’ security solution design efforts. Buying equipment outright restricts cash flow and burdens the organization with hardware ownership until it’s depreciated enough to justify replacement. “Security as a service leads to much better use of capital,” said Jamie Baumgardner COO of Prime Communications. “Switching to this model with a trusted service provider allows you to invest capital into revenue-producing projects instead of wasting it on depreciating security equipment.”

Security-As-A-Service program alleviates the following concerns

1. Cash Preservation

COVID has forced organizations into a capital preservation mode. In fact, in a recent survey with top national retail chains, 89 percent stated that their 2020 and 2021 budgets have been greatly impacted. Most CAPEX budget plans for technology equipment essentially dried up overnight. Now, more organizations are noticing that under an OPEX model they have better control over their cash flow. With an as-a-service OPEX subscription solution, customers pay a low, convenient and predictable monthly payment that includes the total security solution, and support services.

 

2. Uncertainty in The Solutions Needed

The Security-As-A-Service model addresses the uncertainty within technology strategies. Most organizations have had to completely adapt their technology needs due to the unexpected changes this year. And many organizations are still uncertain about what they may need going forward. This flexible option allows them to adapt freely.

 

A Payment Model that Provides You with More Security, Less Worry

In a world where security risks change by the day, paying large sums of money just to own equipment that will be soon outdated can represent a huge risk. Security-as-a-service saves money, provides flexibility and keeps your defenses tight using a payment structure that has proven itself. For these reasons, this is the future of security.

To learn more about Prime Communication’s Security-as-a-Service program, contact us today. Let’s discuss your specific security technology needs.

 


One-of-a-Kind Virtual Patient System Saves Time, Money and Exposure

Virtual Patient Interface Unit

Virtual Patient Interface Unit

A global pandemic has a way of bringing old issues into the spotlight. In the healthcare world, one such issue is patient monitoring, a task that has become even more challenging in recent months. But a unique Virtual Patient Interface System (VPIS) from Prime Communications, Inc. can solve many patient monitoring woes by providing safer, less expensive patient interaction while making care more efficient, safe and comfortable.

Since the beginning of 2020, COVID-19 has intensified concern in hospitals about contagiousness for all patients. This meant using increased amounts of personal protective equipment (PPE), such as masks, gloves and gowns – at an added cost. In addition to the burden of increased cost, the doffing and donning of PPE for even the most basic tasks in patient rooms eats up valuable time. Now, PPE supplies are dwindling, which could increase risk of exposure for medical personnel, as well as patients and their families.

One of Prime’s customers asked for help to solve these problems. The VPIS was Prime’s answer. It can eliminate the need for PPE in many situations, so existing protective gear lasts longer and everyone stays safer and healthier.

The VPIS is a highly mobile, compact system equipped with an adjustable pan-tilt-zoom (PTZ) camera and a pole-mounted video screen.

The camera allows staff – from outside the room – to visually examine patient IV connections, fluid levels, monitors and other room conditions. It can pan 360 degrees and zoom in close enough to read small print, if needed. This same type of camera has been used by security teams to monitor large parking lots, which gives an idea of its power, especially in the smaller venue of a hospital room.

The vertical-format VPIS screen provides two-way audio and visual communication between the patient and staff. The patient can see caregivers’ faces on the screen at an almost lifelike size and speak with them as if they were in the room.

Putting this wireless system on a lightweight mobile cart gives it the kind of flexibility traditional hard-wired systems don’t have — and the setup is much quicker and less expensive to deploy.

Reducing PPE Usage to Save Time and Money

As a result of heavy demand during the pandemic, PPE costs have skyrocketed — in some cases by as much as 1,000% compared to 2019. This means hospitals have had to rethink how they use the PPE they have more efficiently without negatively impacting patient and staff safety.

The VPIS allows personnel to perform simple patient care tasks with no need for staff to put on PPE and physically enter the room. Because they can check monitors and fluid levels easily using the PTZ camera and interview patients from a remote location, staff can easily monitor multiple rooms and check on groups of patients in record time.

These time savings can add up significantly, allowing medical personnel to address more important problems and get more done during their workday, potentially even reducing the need to hire more employees during the pandemic.

Increasing Safety by Reducing Physical Interaction

Of course, even with proper use of PPE, there’s still a chance patient interaction could result in medical workers contracting COVID-19 and other infectious diseases — and the more infected workers you have, the fewer there are to care for patients. One study of a SARS outbreak in Toronto in 2003 showed that over one-third of the infected were hospital staff (httpss://www.cmaj.ca/content/169/4/285.short).

And there’s patient risk, too, because caregiver interaction, even with PPE, could expose them to COVID-19 and other diseases. Healthcare-associated infections (HAI), as they are called, are common. The CDC reports that on a given day, an average of 1 of every 31 hospital patients is suffering from an HAI (httpss://www.cdc.gov/hai/data/index.html).

It’s impossible to care for a patient with no contact whatsoever, but if select simple tasks and interactions can be carried out remotely, it lessens the chance of exposure to pathogens.

With the VPIS’s camera and screen, the patient remains comfortable in bed while medical personnel provide information and ask questions from outside the room. Friends and family also can make use of the technology from the remote monitors, visiting with the patient without putting themselves or the patient at risk.

The system can even help with recruiting. Healthcare workers weary of wearing PPE and worried about exposure may seek out institutions that offer creative ways to address efficiency and safety.

Versatile and Easy to Install

Traditional hard-wired video monitoring and call systems are common in medical facilities, but installing the technology is expensive and time consuming, and the equipment is not very flexible.

In contrast, Prime can roll out a virtual patient interface system in minimal time. The devices are plug-and-play and extremely easy to use. The cart and software are shipped to your medical facility practically ready to go, and user training is conducted remotely.

The highly mobile system is adaptable enough to fit nearly any healthcare situation. It can be moved easily where needed without having to relocate a patient. If a facility wants to add more carts, it’s easy to scale up without the costly, time-consuming, disruptive (and potentially risky) construction processes required to implement traditional wall-mounted monitoring systems.

Existing Technology Put to Best Use

A major global health event, such as the recent novel coronavirus pandemic, can put pressure on healthcare personnel in alarming new ways. Solutions are needed fast – and simplicity is a must during this type of crisis to remove the obstacle of “bugs in the system” we are used to dealing with when technology is new. Prime took stock of technologies they have already deployed many, many times to find a solution for their healthcare clients, and the VPIS is the result.

Does your healthcare facility need to solve for a PPE supply problem or an infectious diseases exposure challenge? Ask us how the VPIS might apply to your situation – and how other existing technologies could be refitted for your needs. An experienced full-service integrator like Prime can provide innovative, efficient, easy-to-deploy solutions that allow your staff to get on with the business of providing the best care.

For more information on the virtual patient interface system visit: httpss://primesecured.com/virtual-patient-interface-system

 

 

 


A New Year and New Uses for Old Tech

2020 presented many new challenges to the infrastructure of just about every industry. From healthcare to retail, security and beyond, companies in every field had to find new solutions to their problems. But necessity is the mother of invention, and, thanks to creative minds working under pressure this year, we can move into the new year armed with new applications for old technologies.

Here are some old technologies you can put to new uses in 2021: