Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityHospitals & Medical Centers

System security: The key to optimal healthcare

By Stuart Kurutac
Network security within healthcare
March 11, 2021

The combination of new technologies and increased connectivity has the power to enhance almost every aspect of our lives. That’s even true of the healthcare sector, particularly during the current pandemic, with telehealth advances facilitating care that might not otherwise be provided in a safe and timely manner. But it is also important to understand the downside: increased connectivity expands the attack surface of the technology environment.

We all talk about being more connected, but that’s usually in reference to the devices we use and the services we consume. However, there’s also the infrastructure these services traverse to reach our devices. Network capabilities undoubtedly transformed the way and speed at which computers were adopted, providing the ability to communicate between multiple systems over distances of varying degrees and allowing us to utilize all these services for just about any purpose -- something that’s now taken for granted. Imagine the challenges of an Electronic Health Record (EHR) accessible from only one workstation, or multiple installations across hundreds of machines all with different information because the data cannot be easily replicated between them. Luckily, we don’t have to imagine either scenario, thanks to networks.

Current Status

Access to clinical applications and medical information in a digital healthcare environment is vital. From a clinical perspective, the need for system availability often trumps integrity or confidentiality. Of course, this doesn’t mean that integrity and confidentiality are not as important. All three of these concepts need to be carefully and proportionally considered to ensure data and systems are protected against unintended or malicious activities.

There are often headlines about breaches caused by unsecured database systems, misconfigured cloud storage or unprotected servers that allow access to patient data and medical imaging files. Similarly, vulnerabilities in medical devices and IoT are being reported more frequently as the focus on the healthcare industry rises. Attention grabbing headlines aside, it stands to reason that securing infrastructure and applications is essential. We must not forget about the devices that facilitate, segregate and protect the network.

Network devices sometimes get neglected after initial set up and installation, especially if working as expected. It is not uncommon to find switches and routers with a long-running uptime, but this means the device has not been updated or patched during that time and might be missing important security fixes. Additionally, many devices’ default configurations are not secure—they can have vulnerable services enabled and overly permissive or unnecessary ports open.

Considering the amount and types of data traversing network devices, even one compromise may allow an attacker to view, alter or deny network traffic. This will have a significant impact on clinical risk and administrative workflows, ultimately affecting patient safety.

Considerations

Minimizing the attack surface presented by a device is a key aspect of safeguarding any network.

Restricting physical access and hardening devices will reduce the risk of compromise. Configuring settings securely that will prevent unauthorized access – physically and remotely - to the device, disabling the use of vulnerable protocols that are frequently targeted by attackers and utilizing robust password polices that incorporate multifactor authentication should all be considered.

There are many free resources to help harden different assets; for example, the Center for Internet Security offers security benchmark guidance for a large number of platforms.

Device configuration backups should be routinely conducted and stored offline. In the event of accidental or intentional misconfiguration or device failure, a known and recent working configuration can be restored quickly.

System and network outages both have severe consequences, which is why network devices should be managed in the same way as other infrastructure assets such as servers and workstations. Although patching and updating requires downtime, it is one of the most important tasks to undertake when securing any software or software-based device. Network redundancy helps prevent downtime, which is especially important for critical systems. However, where redundancy is not possible, scheduled downtime for maintenance and updates should be factored into support protocols for network devices. Controlled downtime isn’t 100% risk free, but it’s certainly preferable to outages caused by insufficient maintenance or, worse, avoidable cyberattacks.

Implementing policies that manage the lifecycle of devices is also important. This will help prevent end-of-life or unsupported devices and software remaining on the network. Unsupported devices will not be updated with fixes for vulnerabilities discovered after the support date has passed, leaving them open for exploitation.

Conclusion

The compromise of any device can have a serious impact on patient safety. This could be directly through exploitation of vulnerabilities in connected medical devices or, more likely, indirectly from delays in care as a consequence of systems or services becoming unavailable.

Pragmatic security can be complex, but it is integral to patient safety. Ensuring all assets in your environment are configured securely, patched, segregated appropriately, monitored and backed up will help keep patients safe. The processes can be complex and time-consuming, but they are worth the effort.

KEYWORDS: Chief Information Officer (CIO) Chief Information Security Officer (CISO) data breaches data privacy data protection data regulation data security data storage healthcare security network security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Stuart kurutac ncc group

Stuart Kurutac is a senior security consultant at NCC Group, one of the largest security consultancies in the world, focused on researching security in the connected health landscape.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Loader

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Half closed laptop

Sudo Vulnerability Discovered, May Exposes Linux Systems

Person holding cellphone

Millions of Android, iPhone Users Could Be Sending Data to China

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • security-budgets-freepik567.jpg

    Formula for success: How to determine the optimal investment in cybersecurity protection

    See More
  • Women walking on campus

    WCSU uses key management system to boost campus security

    See More
  • Parkview Health, Fort Wayne, Indiana - Security Magazine

    Is Armed Security the Key to Better Hospital Safety?

    See More

Related Products

See More Products
  • facility manager.jpg

    The Facility Manager's Guide to Safety and Security

  • The-Complete-Guide-to-Physi.gif

    The Complete Guide to Physical Security

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!