Making Satellite Emergency Care Cyber-Secure

Hospitals created “pop-up” emergency rooms to keep COVID-19 patients separate from the general hospital population, and this could create cybersecurity challenges.

Since the pandemic began, emergency rooms in the United States have seen a significant drop in patients. People who would normally rush to the emergency room (ER), such as those suffering from the signs of heart attack or stroke, have been avoiding hospitals out of concern about exposure to COVID-19. According to The New York Times, the CDC reported that the number of people visiting an ER in April 2020 dropped 42% over the course of four weeks compared to the same period in 2019.

So, hospitals in New York City and other COVID-19 “hot spots” might be overwhelmed with patients suffering from the virus yet have almost-empty emergency rooms. Others who were ill and needed medical care chose to stay home rather than risk contracting the virus at a hospital. Doctors found that patients waited until their ailments became life-threatening before venturing to a medical facility – sometimes to their harm.

For this reason, hospitals created “pop-up” ERs. They wanted to keep COVID-19 patients separate from the general hospital population, so they (sometimes hastily) built satellite ERs in parking lots, tents and convention centers across the world to serve patients who were not being treated for the coronavirus infection. Hospitals also needed extra space and resources to maintain safe distances between patients before they were evaluated for COVID-19. Other pop-ups were quickly erected and dedicated to patients suspected of having COVID-19 for screening and initial treatment before these patients were transferred and admitted into the general hospital.

Scaling vital operations

As hospitals deployed emergency services in this new way, their primary hurdle was ensuring secure, reliable access to the same resources as those available in the hospital itself. Each of these pop-up sites needed to have the same rapid, secure, reliable connectivity and collaboration as the hospital base, in order to access online medical records and record patient information. They also needed the ability to monitor patients’ vital signs, share lab results with other physicians, verify insurance and handle billing, admit and transfer patients, ensure continual care protocols, and keep family members updated on patient conditions.

It was critical to scale these dynamic and vital operations quickly in the face of adversity, and

Implementing a secure emergency deployment plan was a necessary element.

SD-WAN for dynamic path selection

Quick access and a reliable, consistent connection are necessary when healthcare staff are at a pop-up ER or a satellite clinic. Staff members need seamless access to centralized medical records, local and remote clinical applications, and many other resources. Secure mobility between locations requires sophisticated identity management integrated with a comprehensive security solution. But remote care delivery must still be cost-effective, and the cost and complexity of provisioning and maintaining secure Wi-Fi access and virtual private network (VPN) connectivity at remote sites has been a challenge.

SD-WAN, or software-defined networking in a wide area network, and other recent technologies make it possible for medical facilities to quickly set up satellite care centers and have immediate access to essential resources. But while this technology may help provide quick access to information needed to solve urgent medical challenges, it can also make distributed healthcare networks much more complex—and, therefore, more vulnerable to attack.

One of the primary benefits of SD-WAN for healthcare organizations is that it provides dynamic path selection among connectivity options— multiprotocol label switching (MPLS), 4G/5G or broadband—so hospitals, off-site clinics and doctors always have an optimized route to telemedicine and other cloud applications. However, without the right security embedded, these path switches can open the door to attacks.

Risks and compliance

Satellite care providers can coordinate care more seamlessly by using digital technology and the Internet of Medical Things (IoMT). But they also bring greater complexity, security fragmentation and risk to hospital networks. Remote telehealth and dispersed pop-up ERs have caused an explosion of new endpoints—all of which need to be reliable, resilient, interconnected and secure.Today’s healthcare networks are seeing unprecedented risk exposures, as the pandemic has also opened up new avenues for bad actors. Since the pandemic began, attackers have specifically and increasingly targeted healthcare facilities. That’s because cyber adversaries know that any downtime or other disruptions can threaten human lives, impact revenue and damage a healthcare organization’s reputation. This knowledge has led to an increase in ransomware of essential organizations. In addition, sensitive medical and financial data is a valuable commodity.

Not only do healthcare providers have to deal with the enlarged threat landscape but they

must also continue to comply with highly regulated national statutes, such as the Health Insurance Portability and Accountability Act (HIPAA) in the United States, which requires institutions to secure protected health information (PHI). This places a considerable amount of responsibility on healthcare organizations to securely manage private patient medical information.

Benefits of secure SD-WAN

For securing remote healthcare, secure SD-WAN solutions are critically important. The technology allows network traffic to move over to more affordable public internet connections—as opposed to traditional WAN’s expensive MPLS links. This can ensure higher-bandwidth connectivity for real-time video conferencing and diagnostics information, for example, to pass between patients and providers. This approach enables emergency pop-ups to configure their security operations quickly and with high performance while ensuring that sensitive patient data and applications are protected right out of the box.

When the connection has secure SD-WAN built in, switching network pathways for better bandwidth does not leave the network vulnerable for any time. It also offers intuitive, zero-touch deployments, saving precious healthcare IT resources. And centralized VPN orchestration automates dynamic connectivity across the most complex network with intuitive workflows, the prioritization of critical applications and self-healing WAN connections.

Best-practice secure SD-WAN solutions include secure wired and wireless access, next-generation firewalls (NGFWs), cloud on-ramping, accelerated application access and robust connectivity, as well as additional security functions like encryption, IPS, AV, web security and filtering, and sandboxing, all centrally managed.

Making healthcare secure

As healthcare providers continue to find innovative solutions for an unprecedented pandemic, they need to quickly set up temporary healthcare sites that are digitally secure. They need solutions that deliver hospital-level performance, networking and security. The solutions must also be affordable and scalable. Secure SD-WAN is a helpful partner in realizing the broad, integrated and automated security these temporary caregiving sites must have. A comprehensive cybersecurity platform of this kind protects patients and their data.

About the Author

Troy Ament  is  Fortinet’s field CISO for healthcare. He brings more than 20 years of experience to Fortinet, transforming information technology and security programs, with 14 years in the healthcare sector as an executive overseeing clinical technology implementations, and serving as the chief information security officer (CISO) at two of the largest integrated health delivery systems in the United States. Before joining Fortinet, Ament held the positions of CISO and director, CISO chief at Sanford Health where he had oversight of the Security Technology, Security Operations, Identity and Access Management, and Governance Risk and Compliance teams.