Human risk: the key concern of the medical sector

The activities of healthcare institutions are of a vital nature. In case of failure, the consequences can be disastrous: and inability to provide care or to produce medicines, but also the leakage, loss or falsification of samples or health data. The performance and availability of IT networks in our healthcare systems is all the more important as patients' lives often depend on the information that circulates within them.

Ensuring service availability

The need for rapid action

The pace of the health sector is driven by emergencies. It therefore requires a rapidreaction in the event of an incident, in conjunction with the hospital's biomedical equipment, its Building Management System (BMS) or its Centralized Technical Management System (CTMS).

This can be facilitated through the provision of secure remote access to technicians or third-party service providers through mobile SSL or IPSec VPNs and via the authentication of users for network data flows. These two measures are also useful for increasing the use of remote maintenance, but also to ensure the secure growth of telemedicine.

They are an integral part of the functionality of our Stormshield Network Security (SNS) firewall range. The products in this range are certified to the highest European level, and also guarantee continuity and availability of services thanks to their bypass functionality and intrusion prevention system.

Mandatory regulatory constraints

Due to its intrinsically critical nature, the health sector is subject to strong regulatory requirements. Many French actors are included in the list of operators of vital importance (OIV) and are subject to the Military Planning Law (LPM). At the European level, this list extends to operators of essential services (OESs) who are required to follow the recommendations of the Network and Information Security (NIS) directive.

Stormshield solutions are recognised by the highest European authorities, and also comply with specific healthcare standards, such as DICOM or HL7protocols and regulations including the GDPR, PSSI (a mandatory information systems security policy in French healthcare establishments), ePHI (electronic Protected Health Information) and the US HIPAA (Health Insurance Portability and Accountability Act) standard. Learn more in our dedicated e-book.

Getting to grips with a unique set of computer assets

There is much more overlap between IT and operational infrastructure in the medical world than there is in other sectors. On average, a dozen smart medical objects are found in an intensive care unit.

The advent of this Internet of Things, and of an operational infrastructure that is increasingly connected to the IT network, is contributing – along with the use of integrated and approved systems – to the development of hospital facilities. In order to achieve this without difficulty, it is essential to segment these networks in order to strengthen their security, but without modifying the systems in order to avoid “breaking” their approval.

For this reason, our Stormshield Network Security (SNS) range provides NAT network functions that are built into the security equipment. SNS also provides in-depth contextual analysis of electronic and operational protocols to prevent both known and unknown attacks. This is complemented by granular control of authorised messages and the use of custom signatures, as well as protected user browsing through URL and application filtering.