News

Aug 29, 2023

5 Network Monitoring Mistakes and How to Fix Them with Zero Trust

Brian T. Horowitz is a writer covering enterprise IT, innovation and the intersection of technology and healthcare. With connected medical devices and patient data spread across the healthcare

Brian T. Horowitz is a writer covering enterprise IT, innovation and the intersection of technology and healthcare.

With connected medical devices and patient data spread across the healthcare ecosystem, security in healthcare can be a challenge.

As many as 40 to 70 applications connect to electronic health records, says Mike Gregory, CDW Healthcare strategist.

The healthcare industry has an obligation to protect patient data from cyberattacks. Protecting health IT environments is critical for maintaining clinical and operational efficiency, and securing medical devices is the challenge, according to Matt Sickles, healthcare strategist at CDW Healthcare.

“We have aging vendors, we have nonstandard protocols, and we have connectivity that is magical in some way, shape or form,” Sickles says. “The differentiator in healthcare is the clinical component, and the quantity of Internet of Medical Things devices.”

The zero-trust security model is one strategy healthcare organizations can deploy. It means organizations assume the least amount of trust possible rather than instituting automatic trust. It’s based on the concept of “never trust, always verify.”

“Zero trust is not a fail-safe mechanism,” Sickles says. “It is a design that is out there to mitigate threats and to present clear and articulate information on risk management.”

Zero trust consists of five pillars: identity, device, network monitoring, application workload and data.

Related Content:

Explore how zero trust offers a foundation for authentication and access in healthcare.

Learn why healthcare organizations should begin their zero-trust implementations with identity.

Find out how to approach connected-device security from a zero-trust perspective.

Dive deeper into zero trust and how it can protect application workloads in healthcare.

Understand how data encryption protects patient information from malicious actors.

Uncover four adaptive cybersecurity controls to include in a zero-trust strategy.

The network monitoring pillar lets security professionals gain visibility into a healthcare organization’s network.

The functions of network monitoring include network segmentation, threat protection and encryption, as outlined in the Cybersecurity and Infrastructure Security Agency’s Zero Trust Maturity Model.

Network monitoring involves having the controls in place to be able to manage network traffic as well as medical devices, ports and protocols, and then make decisions on what should flow through the network, according to Gregory.

Here are five common network monitoring mistakes and ways zero trust can fix them.

Many healthcare organizations fail to equally enforce policies around access, such as multifactor authentication, Gregory says. Healthcare systems apply preferential treatment regarding access and implement policy exceptions, he says.

“It’s the fidelity and the extent to which you implement these technologies that are going to be effective,” Gregory says.

Click the banner below to dive deeper into zero trust and its benefits for healthcare.

Sometimes senior-level executives fail to commit to investing in network monitoring, according to Gregory.

Plans may not align with their business, or they may lack a clear understanding of the need for healthcare monitoring in their organizations, Gregory says.

“When we don’t see the investment in the right-sizing of the resources in house —and remember, this has to be a 24/7 capability — that’s one of the largest mistakes,” Sickles says. “If you can’t do it yourself with a commitment of resources, you have to have a partner to help you with this.”

Gaining commitment from stakeholders involves education, says Itai Greenberg, chief strategy officer at Check Point Software Technologies.

“Healthcare organizations need to develop a security strategy and educate users, management, operations and system developers on what the policy is and their role in keeping patient information safe,” Greenberg says.

DISCOVER: How CDW services can help healthcare organizations implement zero trust.

Many healthcare organizations have legacy systems that are no longer compatible with existing technologies. They can’t be patched and may lack code, but the technology is still left in place, according to Gregory.

“To implement zero trust, there has to be interoperability and orchestration between the applications and networking components and devices,” Gregory says. “Anything that is on the network needs to be able to talk with everything else.”

Zero trust also involves securing all the Internet of Medical Things (IoMT) devices on the network, according to Greenberg.

“With no security, attackers will use vulnerable IoMT devices to breach your perimeter defenses. Zero trust starts with discovery of IoMT devices and then autonomously applies a least-privilege zero-trust security policy,” Greenberg says.

Sometimes healthcare organizations are unable to properly implement network controls because they can’t advocate for what the controls will do, Gregory says.

In addition, security controls must be deployed so they keep up with the speed of business innovation, Greenberg says.

“If security cannot move at the speed of business innovation, the security controls will most likely be disabled, exposing the business to attack,” Greenberg says. “There needs to be a balance. To make it easier, Security as Code should be integrated into the application DevOps process as early as possible.”

Itai Greenberg Chief Strategy Officer, Check Point Software Technologies

With an expanding footprint of devices to secure wherever users are accessing the network, healthcare systems sometimes don’t implement proper segmentation, Greenberg says.

Segmentation consists of adding firewalls at network boundaries as well as deploying device-level protections at endpoints, for mobile devices and IoMT devices, and for application workloads, he notes.

“To protect against this expanded risk, the network has to be segmented so a zero-trust policy can be implemented,” he says.