RTLS and cybersecurity: How to securely track your hospital’s mobile assets
As we noted in our recent post, health care organizations have been on high alert for state-sponsored cyberattacks since the onset of the Russian invasion of Ukraine in late February. Their concern is well-founded, as healthcare organizations have faced increased cybersecurity threats since the beginning of the COVID-19 pandemic in 2020. And the memory of the 2017 WannaCry attack, which crippled the United Kingdom’s National Health Service for days and is largely attributed to the North Korean government, remains fresh in many minds.
“If cyberattacks begin, no one can tell for sure how wide the fallout might be, but what we have seen in the past is that it is usually wider than expected and not necessarily isolated to the target,” MacMcMillan, CEO of the cybersecurity consulting firm CynergisTek, told MedTechDive in a February 2022 article. “Once started, these things are not always easily contained.”
Can hospital RTLS open the doors to hacker activity?
Just about any type of medical technology provides an access point for hackers. A recent study by the cybersecurity firm Palo Alto Networks showed that, of the 200,000+ infusion pumps that ran on networks using one of its products, 75 percent had “known security gaps that put them at heightened risk of being compromised by attackers”.
If a compromised medtech device connects directly to a healthcare organization’s electronic health record (EHR), that device can feasibly provide hackers with access to the protected health information (PHI) of its patients — and that’s an enormous problem.
In hospitals, many real-time location systems (RTLS) operate on the hospital’s central WiFi network. This is typically touted and sold as a benefit: if the RTLS can use the hospital’s existing infrastructure, that can reduce the cost and disruption of the RTLS’ installation. But it also makes the RTLS a potential back door that hackers can use to infiltrate the hospital’s network. And if the RTLS also directly connects with the hospital’s EHR — and some do — that gives hackers access to patients’ PHI, too.
Choosing a Safe and Secure RTLS
The Cognosos RTLS operates with security layers that go above and beyond the industry standard. But that’s not the only cybersecurity advantage our system presents health care organizations:
- Cognosos uses a separate, secure internet network that runs parallel to the hospital’s central WiFi network. Cognosos’ gateways — which connect the RTLS to the proprietary, cloud-based LocationAI system — never interact with the network that serves a hospital’s mission-critical software and equipment.
- Cognosos does not integrate with any systems that contain patients’ PHI. The Cognosos RTLS is solely responsible for tracking the movement of mobile medical equipment, not patients or staff.
In these ways, the Cognosos RTLS presents a minuscule security risk to the health care organizations who use it — unlike many other RTLS technologies on the market today.
To learn more about how the Cognosos RTLS can deliver bottom-line results for your hospital while also minimizing your network’s exposure to cyber threats, check out our healthcare and hospital solutions page.