How Healthcare BYOD Policies Affect Network Security

How Healthcare BYOD Policies Affect Network Security

Healthcare organizations need to take a more involved look at network security, especially with increasing usage of personal devices in the workplace. Earlier, organizations would feel safer with locked-down internal user access and prevention of outside intrusion. But lately, healthcare IT security personnel, including physicians and office managers with small to midsize practices, are finding that the idea of walling themselves in from all sides is an antiquated notion. These administrators now prefer authentication based on the user’s role, their privileges and the nature of the data they are accessing.

Simultaneously, technologies are also evolving in support of this changing viewpoint. For instance, Health Resources and Services Administration (HRSA) are providing basic healthcare network security tips:

Capability and Efficiency

Actual bandwidth requirements depend on several factors such as the location, number of users, real-time transactions and technology used for hardware and storage. For estimating bandwidth requirements, it helps to work directly with IT professionals or the Electronic Health Record (EHR) system vendor.

Protect Your Network

A more robust protection is justified if you have higher valued assets. One of the fundamental requirements is a firewall as a part of the Internet gateway. Verify that all recent patches, upgrades and firmware versions are installed. Audit firewall rules and make sure only legitimate traffic is permitted to pass into and out of the network. Unless it serves a critical business purpose, scrap all file-sharing rules.

Segment Your Network

Isolate the Electronic Health Record system on the network along with any other system requiring access to it. Systems whose users do not need to access the EHR should have no connectivity to it.

Detect Intrusions

Install an intrusion detection system as it will drop anomalous traffic matching the signature of well-known network attacks.

Audit Your Setup

Workstations accessing the EHR system must comply with good security standards. Ensure this by auditing the active directory structure and policy. Before users can access the workstation or domain resources, make sure they are properly authenticated with tokens, smart cards or strong passwords.

Review All Privileges

Manage user rights centrally and review all existing user privileges by employing an active directory. Most clinical users of EHR systems require only a few administrative rights to access information.

Conclusion

Although HRSA does not mention aligning the security measures with BYOD policies, administrators can control all activities on a healthcare network as part of a BYOD control policy. This includes file-sharing access to email flow from one console while integrating these management platforms with network security components such as Network Delivery Controllers and Application Delivery Controllers.

Comments are closed.