Introduction
CIO’s and IT professionals in healthcare organizations are tasked with achieving a balance between the demand for universal access to information and the need to ensure security. In particular, four critical challenges these organizations face in terms of striking this balance include the following:
| Critical Challenges | Description |
|---|---|
| Securing and Provisioning Medical Devices | The proliferation of medical devices on the network presents unique challenges in securing and provisioning network access for these devices – ensuring that known, authorized devices are able to connect to the network, and that unknown/unauthorized devices are not. |
| Securing Network Access for Guests and Visitors | A diverse population of guest users on the network – including visiting doctors, clinicians, and specialists, as well as patients and other “guests” – rely on anywhere/anytime connectivity. IT must ensure the security of the network while minimizing the administrative burden that can accompany guest management. |
| Securing Access to Patient Information |
Provisioning appropriate access for network users is crucial to ensuring that each user has access only to those resources for which he or she is authorized. The need for differentiated access based on each user’s “role” can place a significant management burden on IT staff. |
| Achieving Compliance with Regulatory Standards | Healthcare organizations are subject to a number of industry and government regulations for securing electronic information. Examples include the Health Insurance Portability and Accountability Act (HIPAA), and the Payment Card Industry Data Security Standard (PCI DSS). Compliance with these and other regulations requires effective systems and processes to be in place to ensure protection of confidential data. |
Evolving security requirements in healthcare IT environments have lead to today’s network security landscape being scattered with isolated solutions deployed over time to meet specific security challenges.
Each solution – including firewalls, intrusion detection and prevention systems (IDS/IPS), network access control (NAC), and others – resolves a portion of IT’s overall security objectives. However, these solutions function independently and must be individually managed, which creates additional challenges for IT organizations.