Data breaches involving health records have reached a tipping point in the healthcare industry.
Compromised healthcare records due to security breaches are at a crisis level. Recent breaches have exposed network infrastructure monitoring gaps and the level of intent to attack the healthcare industry. Healthcare IT is under pressure as patient health records are extremely valuable on the black market. Various sources indicate that stolen health credentials may be as much as 50 times more valuable on the black market as a stolen Social Security Number or credit card number.
Cyber criminals are targeting health institutions and health systems with increasing frequency. According to an independent research organization, 90% of health organizations have experienced some type of data breach in the last two years, and almost half have had five or more breaches. The cost to U.S. healthcare systems has surpassed $300 billion over a five-year period.
Security of your organization’s patient medical records is a paramount obligation. IT administrators and network architects need a comprehensive strategy to secure and defend this data against attack. That strategy comes in the form of a holistic IT or data center architecture that integrates network monitoring and security. A ground-up monitoring solution is critical to building or updating a network data center.
A network monitoring system creates these primary benefits:
- Provides real-time insight into critical security and network issues across the data center and remote locations.
- Provides instant metrics and visibility across the network for incident response, internal network usage and threat detection.
- Enhances the performance of network performance monitoring (NPM), applications performance monitoring (APM) and security-related tools
- Enables visibility across mission critical links, network usage and virtual environments.
A reliable network visibility architecture will monitor, aggregate, and filter data within large and complex architectures. With healthcare institutions, the architecture needs to account for complex environments including data center and remote locations, such as clinics and care centers. When selecting and building a network monitoring infrastructure, IT managers should consider a flexible and scalable solution that can adapt to existing network architectures and grow as your network grows. A well-engineered monitoring solution will also preserve and enhance investments in analysis tools. When managing the flow of data through your network, here’s what to consider:
- Consider both tools and sources when capturing data. Analyze your network architecture to define specific feeds needed by the various tools. In many hospitals and health systems, information networks have been assembled or consolidated over time, often as a result of continually adding to existing networks or consolidation of facilities, and many organizations have remote sites to support. It’s critical to identify the most effective points to capture the traffic you need to analyze for monitoring and securing your network, whether that is on-premises, at a remote site, or in the cloud. All points of entry where data enters your system must be actively monitored, including desktops, laptops, tablets and mobile phones, and a whole host of other possibilities that might include connected patient health devices.
- Aggregate the data. Once your monitoring system can see all the data, you need aggregation switches to collect all necessary sources for analysis at any time. Organizations must be prepared to develop strategies for aggregating traffic of interest, and then filtering that traffic to extract the most important data for your monitoring needs. An intelligent network monitoring solution can deliver the right data to the right tools at the right time. In addition to aggregation, you will need to consider filtering, port tagging, and load balancing features. With total network traffic visibility, you’ll increase both network security and performance.
- Groom and filter. Filtering data traffic is essential to optimizing the performance of your analysis tools, potentially extending the lifespan and utilization of your network tools and minimizing the expense of adding other tools. Ingress and egress filtering reduces or eliminates packet oversubscription. Another key feature, for example, is the process of deduplication, which removes duplicate packets, saving as much as 55% of total traffic the network analysis tool has to process, and can double the analysis capacity of your security tools. Other advanced features such as packet slicing and header stripping can prime the data for use by specific monitoring tools.
- Send data to tools. Finally, let the tools do their work. To design an effective network, you must first understand what tools you need based on what needs to be analyzed for the purpose of the business. Different stakeholders will have different needs, typically identified by department or function within the hospital system. Essential tool functions will include solutions that monitor overall network performance, analyze specific applications such as VoIP traffic or customer experience monitoring, inline security analysis, and monitoring for forensics.
Scalability and flexibility are key factors in selecting a network monitoring solution and in determining the tools you need to manage and secure your network. Beyond that, advanced features and functionality will help ensure your solution is robust and reliable as you manage greater amounts of data moving at faster speeds. Your ultimate security is dependent on a strong line of defense and a clear view of all potential intruders.
The author of this piece, Richard Rauch, is president and founder/CEO of APCON.
