New Thinking in Healthcare Security

New Update
medical education

By Keith Bromely, Ixia Technologies


Everything is becoming “connected” these days. For healthcare providers, this includes patient monitoring, asset tracking, electronic health records, communications, vendor software-as-a-service solutions, and pretty much everything else. What happens if any one of these areas malfunction, or if a security breach occurs? Do you have the immediate response capabilities you need? IT needs to be equipped to prevent as many outage scenarios as possible. Not just in these areas, but in all areas. Just like medical emergency and trauma situations—minutes matter.

So, what can you do to improve security for your healthcare network? Network visibility is fast becoming a new strategy. You can’t defend against what you can’t see and there are so many possible intrusion points in a healthcare network; like patient electronic health records (EHR), patient portals, BYOD, and Wi-Fi. If your network is attacked, or breached, how will you know? A DDoS attack will usually impact website performance. But other than that, how will you “see” a security attack?

This is actually a common problem. The 2015 Trustwave Global Security Report stated that 81% of compromised victims did not detect the breach themselves—they had no idea this had happened. The report also went on to say that the median number of days from initial intrusion to detection was 86 days. So, most companies never detected the breach on their own (they had to be told by law enforcement, a supplier, customer, or someone else) and it took almost 3 months after the breach for that someone else to notify them.


With financial and corporate reputations on the line, most healthcare providers can’t afford any HIPAA or FTC violations. There are some things you can do to both strengthen your network security and lower your mean time to resolution. The most important activity is to create a visibility architecture that integrates into your security architecture. A visibility architecture is simply a coherent plan for optimizing your network monitoring solution.

There are three key capabilities that the visibility architecture enables for you:

  • Deployment of inline security tools
  • Optimization of data for out-of-band security tools
  • IP address filtering to reduce security threats
  • Application intelligence to detect rogue applications

Your first consideration should be about strengthening your inline security tool deployment. Bypass switches and network packet brokers (NPBs) allow you to increase network uptime while deploying security tools like IPS’ and firewalls in an optimum inline manner. This is because bypass switches and NPBs typically have better fail-over and survivability capabilities, when compared to the same types of features directly integrated into the security tools. In addition, you can deploy bypass switches and NPBs in redundant and high availability scenarios to further decrease any chances of downtime. In the case of the NPB, it can also redirect low threat traffic (like voice, video, etc.) back into network to reduce the load by up to 35% on your IPS and other security tools.

A second solution is to deploy NPBs to optimize the flow of critical data to out-of-band tools like data recorders, sniffers, logging tools, etc. If you suspect that you have a security breach, these out-of-band tools will be extremely useful to investigate the threat vector and damage caused. A key factor though is to have everything in-place and enabled with the proper data so once you have an issue, you can respond as fast as possible to limit the damage. You don’t want to have hours of delay spent on programming filters or requesting change board approvals to modify the network to add the debugging you tools you need—they should already be there and ready to go.

A third solution is to install an IP address filtering appliance. This type of equipment is used to eliminate traffic to/from known bad IP addresses. These devices can help reduce the amount of data needing inspection by up to 35% and help ensure that the right data is sent to the right tools, even at high speeds.


Finally, a fourth option is to deploy application intelligence, also called intelligent data processing, specifically to find any rogue applications running on your network. This solution allows you to use existing, or create new, signatures for various HL-7 and other healthcare applications that you use on your network. Once this is done, you can scan your network, especially critical portions, to determine what applications are/are not running on your network. From there you can investigate for any suspicious applications.

Depending upon your needs, application intelligence can be quite useful as you can collect the following information:  the types of applications running on your network, the bandwidth each application is consuming, the geolocation of application usage, device types and browsers in use on your network, and the ability to filter data to monitoring tools based upon the application type. You can also perform SSL decryption at this layer. These capabilities give you quick access to information and insight about your network. This insight gives the data you need to better dimension your network equipment, optimize traffic routes, maximize the efficiency of your tools, and control your capital expenditures (CAPEX).

The end goal of improving network visibility is to be able to capture data that will give you insight into network performance. For instance, network data can tell you which applications or network segments are running slowly (before your internal users tell you). You can even run proactive monitoring applications to test network segments and applications to check that they are working normally or see what kinds of problems they are having.


When thinking about your network, ask yourself these questions:

  • If you can’t see the threat, how are you going to respond to it?
  • For network problems, where should you start your troubleshooting efforts?

Your answers will let you know how important network visibility could be to you.

healthcare-security 2015-trustwave-global-security-report ixia-technologies