Industry Trends

Protect Your Patients with Internal Segmentation Firewalls

By Susan Biddle | December 19, 2016

Those responsible for keeping patient data safe in the healthcare industry generally agree that there isn’t a single perimeter security solution that addresses all of today’s threats. Further, in traditional networks of the recent past, attacks that were able to bypass edge security solutions had clear access to the internal portion of the network.

This new reality is largely responsible for driving the development of a new class of security tools, known as internal segmentation firewalls (ISFWs.) ISFWs extend the functionality of edge security deep into the network by identifying anomalous traffic trying to move laterally between network zones, isolating infected sections of the network in the case of a breach, quarantining infected devices, and securing critical data and devices from the rest of the production network.

Let’s take a closer look at some of the ways ISFWs can specifically help healthcare organizations better protect their patients.

Protecting Patient Data

With strategically-placed ISFWs, valuable healthcare data has a better chance of remaining secure. Data that lives within a healthcare network is often the target of cybercriminal attacks because personal patient information, such as credit card and social security numbers are extremely valuable on the black market. Implementing ISFWs into the security framework ensures that virtual walls are built around the servers that protect patient data. It’s important to note that successfully mitigating the risk of data loss will keep your patients secure as well as enable you to avoid HIPAA violations and costly fines. 

Ensuring Operational Uptime  

When patients visit hospitals, they are often in need of around-the-clock care. The mission-critical applications and medical devices that keep patients healthy are the reason why most healthcare organizations run on a 24/7/365 schedule. Network downtime could result in limited access to critical patient health information or the inefficient operation of medical equipment. Downtime in either of these areas could be costly, and sometimes life threatening. ISFWs segment the healthcare network into zones that can be isolated from each other, helping prevent the network from being fully disabled in the event of a cyberattack.

Protecting Access Points  

The number of network access points grows every time a new connected device logs onto the organization. These devices can range from wearables, to personal computing devices, to patient monitoring systems. While the types of devices connecting may vary, from personal devices to medical IoT, it’s likely that they were created with usability at top of mind, and with security somewhere further down the list of priorities. These devices expand your potential attack surface, and enable new vulnerable endpoints as a result. ISFWs protect the expanding number of access points and wireless devices in a similar manner that they protect patient data: by building walls around key areas.

Mitigating Risks Presented by Public Networks

Most hospitals and other healthcare organizations now offer guest network access for patients, their family members, clinicians, and any other visitors. Since these individuals are not directly employed by the hospital or organization, the open networks they are accessing need to be segregated from the employee network that hosts sensitive information. The implementation of ISFWs allows hospitals and other organizations to separate their various networks and monitor device activity, traffic, and applications without having to have absolute control over them.  

Achieving Privacy & Security Requirements

In order to qualify for Medicare and Medicaid electronic health incentive programs, organizations must be able to protect patient health information and keep it confidential. ISFWs minimize the movement of malware that may enter systems and put user credentials at risk by serving as a barrier between the malware and the information being targeted.

Final Thoughts

Since ISFWs are primarily designed to inspect laterally-moving traffic (data, applications, and transactions moving “east-west” between locations within a network) they should be paired with other network security solutions, such as next generation firewalls (NGFWs) for maximum network protection. NGFWs are implemented to primarily inspect “north and south” traffic that enters and exits the edge of the network or a demarcation point, such the edge of the data center. When these technologies are combined, they provide IT teams with a comprehensive picture of the traffic and data being passed throughout the network, along with real-time information about detected malware and other threats.

As a result, healthcare organizations that embed ISFW solutions into their networks will be able to better adhere to industry regulations while protecting their entire distributed network environment, and most importantly, their patients.

Let’s get a conversation going on Twitter! What types of network security solutions does your organization use to protect patient data?