The following is a guest article by James Martin, Global Product Manager at Eaton
Protecting healthcare organizations in the era of edge computing
The COVID-19 pandemic caused an acceleration of distributed care due to the rapid increase in the need for acute and critical care in non-traditional clinical settings. For example, virtual care surged in 2020 and continues to grow, while many large hospital networks embraced urgent care clinics as means of delivering essential care. And it is estimated that by 2030 one-third of the healthcare market is going to be dominated by non-traditional providers.
These developments coincide with the continuing digital transformation of healthcare as organizations invest in IT infrastructure across increasingly distributed environments. In an age when cyberattacks, especially ransomware attacks, are increasing in frequency and impact, healthcare providers must be proactive to ensure investments in digitalization don’t leave remote infrastructure open to attack.
Powering Distributed Health Networks
To help manage infrastructure across distributed networks – including urgent care clinics and other non-traditional settings – many organizations have embraced advanced connectivity to automate critical IT processes when no IT staff is on site. This includes deploying connected power devices such as uninterruptible power supplies (UPSs), which provide critical backup power to IT equipment to keep operations up and running in the event of an outage.
These devices, which often serve as a bridge to generator power, can help protect against downtime and prevent the loss of critical data. By leveraging a UPS enhanced with network connectivity, healthcare IT managers can integrate software to remotely manage the device on their network – improving continuity by performing orderly shutdown of servers and storage to avoid crashing these systems. Additionally, they can connect digital services to monitor the health of power devices, obtaining a host of useful data and insights to aid proactive maintenance and better decision-making.
These are just two of many benefits connected UPSs offer for the user. As with any network-connected device however, cybersecurity must be a priority.
A Constant Threat
Healthcare continues to be one of the most targeted industries by cyber attackers, and the introduction of more connected devices into distributed networks can potentially open up more avenues to attack. This includes connected power devices.
Driving home the urgency on this point, the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Energy recently released a public advisory regarding cybersecurity for internet-connected UPSs. The advisory urged organizations to take mitigation measures to protect UPSs and all other emergency power systems against potential threat actors.
Thankfully, with the right approach, healthcare IT administrators deploying connected power devices can reap all the benefits these systems have to offer while also ensuring power infrastructure is protected against potentially devastating attacks.
Securing Connected Power
When leveraging connected devices in distributed settings, healthcare IT administrators should consider several factors that can offer assurance that those devices were built with cybersecurity as a top priority.
One factor is certification. Global safety standards from bodies such as Underwriters Laboratories (UL) and the International Electrotechnical Commission (IEC) provide important guidelines for appropriate cybersecurity safeguards in network-connected devices, including backup power. Deploying UPSs with network management cards that carry UL 2900-1 and ISA/IEC 62443-4-2 certifications can give assurance that these devices incorporate key cybersecurity safeguards and have been rigorously tested to ensure compliance with the latest standards.
Another important consideration is cybersecurity features baked into the UPS. For example, deploying power devices that require cryptographic signatures for all firmware updates can help IT avoid cybersecurity risks. And procuring devices from vendors that offer 24/7 monitoring across converged IT/operational technology (OT) environments will add an extra layer of protection and visibility for critical infrastructure.
It’s important to remember that cybersecurity for connected UPSs shouldn’t be considered in a vacuum. IT administrators should review their comprehensive cybersecurity strategy across the organization and use best practices with power management devices that apply to the full network. These can include regularly updating antivirus software and antispyware; conducting frequent security assessments; using advanced email filtering; establishing powerful password policies (and multi-factor authentication) and endpoint protection; using firewall and industrial security solutions as well as encrypting information; and holding regular cybersecurity awareness training for employees across all levels of the organization.
Finally, physical security should be carefully evaluated when protecting power devices and other IT equipment as many attackers can use physical infrastructure to target critical data. Measures such as putting smart security locks on IT server racks can be helpful to ensure only authorized personnel have access to these components.
The digital transformation of healthcare will only continue, making the investment in connected infrastructure a necessity for many administrators. As this happens, health IT professionals must make sure to consider cybersecurity at every point of the network. By investing in connected power management technology built with cybersecurity in mind, healthcare organizations can get a better handle on their power management needs across their network while safeguarding patient data and other essential infrastructure from attack.
About James Martin
James Martin is the global product manager for power management at Eaton. He has promoted Eaton’s software and connectivity solutions for the past 11 years and built trusted technical adviser relationships with channel partners, field sales and sales operations.
