- Effective network management is one of the top 10 cybersecurity best practices for healthcare organizations laid out in a recent publication released by HHS and the Health Sector Coordinating Council.
The four-volume publication, entitled Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients, is designed to raise awareness for executives, healthcare practitioners, providers, and health delivery organizations.
The public-private collaboration offers voluntary cybersecurity best practices for healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems.
The publication includes a main document that surveys threats and briefly discusses cybersecurity best practices, two technical volumes that explore cybersecurity best practices in more detail based on organizational size, and a compilation of additional resources and templates that organizations can use.
In Technical Volume 2, the publication goes into detail about network management best practices that medium-sized and large healthcare organizations should implement to improve their cybersecurity posture.
“Networks must be deployed securely to limit exposure to and the potential impacts of cyberattacks,” it noted.
For medium-sized organizations, the publication recommended that firewalls be used to monitor and control network access.
Firewalls should be deployed on wide area network (WAN) pipes to the internet and network perimeter, across data centers, in building distribution switches, in front of partner WAN/virtual private network (VPN) connections, and over wireless networks.
“As part of standard rule management for firewalls, it is important to periodically review firewalls to ensure they are properly structured as required by cybersecurity teams. Consider a monthly or quarterly review of the highest-risk rulesets,” the publication recommended.
“Networks must be deployed securely to limit exposure to and the potential impacts of cyberattacks.”
In addition, medium-sized organizations should partition networks into security zones, a process known as network segmentation, to limit the impact of cyberattacks. The security zones could be based on the sensitivity of assets, such as clinical workstations, medical devices, and guest networks, or on standard perimeter segmentation, such as DMZ, middleware, application servers, database servers, and vendor systems.
Examples of standard network security zones include perimeter defenses, data center networks, critical Internet of Things (IoT) assets, vendor access, general access networks, and guest networks.
The publication advised medium-sized organizations to deploy an intrusion prevention system (IPS) at the network perimeter, data center, and partner connections. An IPS monitors network traffic to detect and possibly prevent cyberattacks.
Mid-sized organizations should also deploy web proxy protection systems to secure networks against phishing and malware attacks. “These systems are implemented at the perimeter of the network or in the cloud to provide protections for your mobile workforce,” the publication related.
Also, medium-sized organizations should provide physical security of network devices. For example, data and network closets should be locked and limits should be place on network ports on switches.
Large healthcare organizations need to do more
For large healthcare organizations, the publication recommended that they take additional network segmentation measures, such as requiring VPN access for privileged servers in the data center.
In addition, large organizations should implement measures to monitor for command and control (C2) traffic that attackers use to maintain access to compromised computers. “C2 traffic consists of beacons, typically outbound from the computer, that check back in to a central server. Identifying such traffic can help detect where an attacker has maintained persistence,” the publication noted.
Large organizations should also deploy tools that can inspect and analyze inbound and outbound network traffic for anomalous behavior. Some tools enable deep inspection that analyzes and categorizes the full contents of data packets.
Also, large organizations should use network-based sandboxing that enables IT security teams to run binaries, executables, and data files in a virtual environment to track malicious activities when the file executes.
“Sandboxing systems provide protection against malicious files. However, they do not provide protection against active attacks inside your network,” the publication stressed.
Finally, large organizations should deploy network access control (NAC) systems, which automatically profile new IT assets that connect to the network, such as wireless and wireless networks or VPNs.
NAC systems can be configured to permit authorized BYOD devices to access the network or prohibit them.
“Cybersecurity is everyone’s responsibility. It is the responsibility of every organization working in healthcare and public health. In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively,” said HHS Acting CISO Janet Vogel in releasing the publication.