Why healthcare IT managers must consider power management in their end-to-end cybersecurity strategies. 

By James Martin

While digital transformation has greatly enhanced the way healthcare organizations operate and care for patients, it has also put more pressure on healthcare IT managers to protect connected IT equipment against cyber threats. In 2023, U.S. hospitals experienced a record number of cyberattacks, compromising the data of over 61 million people. These attacks disrupted services and equipment, forcing some hospitals to turn away patients.

The increasingly interconnected nature of healthcare IT environments has been a catalyst for new innovations as well as the expansion of network access points. To protect these points from potential cyber threats, healthcare organizations should implement an end-to-end cybersecurity strategy that brings under-served elements like power management into the fold.

The Urgency of Power Uptime 

In hospital and healthcare environments, power management plays a critical role in delivering quality and reliable patient care.An unplanned power outage could lead to downtime that results in appointment cancellations or even jeopardize active medical procedures. It can also be costly, with research showing that facilities could face costs in the hundreds of thousands of dollars per event.

In response to these challenges, many hospitals and healthcare organizations leverage power management devices such as uninterruptible power supplies (UPSs), which provide backup for critical IT systems and bridge to generator power in the event of an outage. More and more, hospitals are procuring UPSs with network connectivity as they seek to manage and monitor a multitude of devices over an increasingly distributed network.

As IT admins manage this transition, they must secure their power equipment from cyber threats, just like any other network endpoint. Recently, the Cybersecurity and Infrastructure Security Agency, alongside the Department of Energy, released a public advisory on cybersecurity for connected Uninterruptible Power Supplies (UPSs). This advisory emphasizes the need for organizations to implement protective measures for UPSs and all other emergency power systems against potential threats.

Certified for Cyber Protection

As the cybersecurity landscape has evolved, global standards bodies have responded in expanding their efforts to define processes and methods to certify products as secure. Global safety standards organizations, including Underwriters Laboratories (UL) and the International Electrotechnical Commission (IEC), provide important guidelines for the implementation of appropriate cybersecurity safeguards in network-connected devices. 

Deploying UPSs and rackmount power distribution units with network management cards that carry UL 2900-1 and ISA/IEC 62443-4-2 certifications in distributed environments, such as network closets, can give hospital IT teams peace of mind that their devices have built-in cybersecurity features and capabilities to better protect infrastructure against breaches.

The latest network management cards provide IT teams with a combination of capabilities for enhanced management and cybersecurity. By merging zero-trust architecture with powerful automation and remote and onsite management tools, these solutions can help boost the performance and uptime of critical business systems. Incorporating zero-touch provisioning will also help to ensure that timely network updates are configured automatically—a huge timesaver with large-scale deployments.

As hospital IT administrators manage more connected UPSs over their network, many will seek to execute remote firmware updates to keep their devices up to date with the latest features. Users should look for power devices that require cryptographic signature checks to update firmware to avoid cybersecurity risks. Operators should work with vendors that offer 24/7 monitoring across converged IT/operational technology environments as this can help add an extra layer of protection and visibility for critical infrastructure.

Stay Ahead of the Curve 

Healthcare IT admins should also use cybersecurity best practices with connected power management devices just as they would other components within their IT infrastructure. This includes using firewall and industrial security solutions as well as encrypting information; conducting routine security assessments; regularly updating antivirus software and antispyware; using advanced email filtering; establishing powerful password policies and end-point protection; and offering employees cybersecurity awareness training.

Physical security shouldn’t be overlooked as IT managers seek to round out their overarching strategy for protection. Using smart security locks on IT racks can help ensure that only authorized personnel have access to IT equipment. Additionally, as the proliferation of smart, connected devices link together more elements of IT operations in distributed networks, it will be helpful to partner with technology and solutions providers that demonstrate an ongoing cybersecurity commitment.

Advance with Confidence 

As digital transformation continues, cybersecurity risks will only grow with threat actors taking aim at once inconspicuous devices like those in the power management space. However, by taking an end-to-end approach to cybersecurity, IT managers can ensure that they will remain in the best position for protection. With a commitment to safeguard each network endpoint, healthcare organizations will be ready to stand strong against new threats that emerge in the changing cybersecurity landscape. 

James Martin is a global product manager at Eaton. Questions and comments can be directed to [email protected].