Why healthcare IT managers must consider power management in their end-to-end cybersecurity strategies.
By James Martin
While digital transformation has greatly enhanced the way healthcare organizations operate and care for patients, it has also put more pressure on healthcare IT managers to protect connected IT equipment against cyber threats. In 2023, U.S. hospitals experienced a record number of cyberattacks, compromising the data of over 61 million people. These attacks disrupted services and equipment, forcing some hospitals to turn away patients.
The increasingly interconnected nature of healthcare IT environments has been a catalyst for new innovations as well as the expansion of network access points. To protect these points from potential cyber threats, healthcare organizations should implement an end-to-end cybersecurity strategy that brings under-served elements like power management into the fold.
The Urgency of Power Uptime
In hospital and healthcare environments, power management plays a critical role in supporting vital IT systems and protecting patient data from loss. Because of this, many hospitals and healthcare organizations leverage power management devices such as uninterruptible power supplies (UPSs), which provide backup power for servers and other IT equipment in the event of an outage. And many hospitals are procuring UPSs with network connectivity as they seek to manage and monitor a multitude of devices over an increasingly distributed network.
As health IT admins integrate network-connected power management equipment, however, they must take steps to protect these systems against cyber threats just like every other network endpoint. Failing to do so can leave equipment vulnerable to devastating cyberattacks, compromising everything from patient data to prescriptions and hindering a hospital’s ability to provide patient care. It can also cause millions of dollars in revenue losses, including potentially jeopardizing federal or insurance funding.
Recently, the Cybersecurity and Infrastructure Security Agency, alongside the Department of Energy, released a public advisory on cybersecurity for connected Uninterruptible Power Supplies (UPSs). This advisory emphasizes the need for organizations to implement protective measures for UPSs and all other emergency power systems against potential threats.
Certified for Cyber Protection
As the cybersecurity landscape has evolved, global standards bodies have responded in expanding their efforts to define processes and methods to certify products as secure. Global safety standards organizations, including Underwriters Laboratories (UL) and the International Electrotechnical Commission (IEC), provide important guidelines for the implementation of appropriate cybersecurity safeguards in network-connected devices.
Deploying UPSs and rackmount power distribution units with network management cards that carry UL 2900-1 and ISA/IEC 62443-4-2 certifications in distributed environments, such as network closets, can give hospital IT teams peace of mind that their devices have built-in cybersecurity features and capabilities to better protect infrastructure against breaches.
The latest network management cards provide IT teams with a combination of capabilities for enhanced management and cybersecurity. By merging zero-trust architecture with powerful automation and remote and onsite management tools, these solutions can help boost the performance and uptime of critical business systems. Incorporating zero-touch provisioning will also help to ensure that timely network updates are configured automatically—a huge timesaver with large-scale deployments.
As hospital IT administrators manage more connected UPSs over their network, many will seek to execute remote firmware updates to keep their devices up to date with the latest features. Users should look for power devices that require cryptographic signature checks to update firmware to avoid cybersecurity risks. Operators should work with vendors that offer 24/7 monitoring across converged IT/operational technology environments as this can help add an extra layer of protection and visibility for critical infrastructure.
Stay Ahead of the Curve
Healthcare IT admins should also use cybersecurity best practices with connected power management devices just as they would other components within their IT infrastructure. This includes using firewall and industrial security solutions as well as encrypting information; conducting routine security assessments; regularly updating antivirus software and antispyware; using advanced email filtering; establishing powerful password policies and end-point protection; and offering employees cybersecurity awareness training.
Physical security shouldn’t be overlooked as IT managers seek to round out their overarching strategy for protection. Using smart security locks on IT racks can help ensure that only authorized personnel have access to IT equipment. Additionally, as the proliferation of smart, connected devices link together more elements of IT operations in distributed networks, it will be helpful to partner with technology and solutions providers that demonstrate an ongoing cybersecurity commitment.
Advance with Confidence
As digital transformation continues, cybersecurity risks will only grow with threat actors taking aim at once inconspicuous devices like those in the power management space. However, by taking an end-to-end approach to cybersecurity, IT managers can ensure that they will remain in the best position for protection. With a commitment to safeguard each network endpoint, healthcare organizations will be ready to stand strong against new threats that emerge in the changing cybersecurity landscape.
James Martin is a global product manager at Eaton. Questions and comments can be directed to [email protected].
