JACKSON: “There are two primary indi- cators organizations can observe that may indicate a malicious intrusion attempt in relation to their RTLS system: performance, data accuracy.

“First, a hacking event at the entry point of

the locating device may introduce a flooding of messages to ascertain a potential weak- ness in the RTLS. With Versus RTLS, such messages are filtered from penetrating to the application layer and do not expose any fra- gility in the system to the hacker. However, the volume of traffic would be traceable to help determine a potential cyberthreat has occurred.

“Second is the accuracy of the data main- tained in a system. While Versus main- tains security access controls to software components, local security policies govern authorization to software applications. If the healthcare organization’s centralized user access is violated, the accuracy of data maintained by the RTLS may be compro- mised. In such an unlikely event, Versus provides audit-visibility of access to the software components. This provides full traceability of when the system was hacked and who may have accessed the system and related data.” SULLIVAN: “This is specific to the RTLS modality(or modalities) being used. Regard- less, the key here is to be proactive in both monitoring and protecting the network, data and information. The integrity of the network — wired, wireless, or in the cloud — should be monitored for unusual activity or performance that could indicate attacks or problems. A very powerful system moni- tors and builds a database of ‘normal’ per- formance and operating parameters. This history can then be used to learn over time, enhancing the ability to quickly identify attacks and threats. Furthermore, this data can be used for offline forensic analysis as well as triggering automated protection systems. A good example of this technology is today’s wireless intrusion protection sys- tems that monitor and protect the network via constant analysis of the RF spectrum. “Another potential indicator of attack is disruption of the RTLS system. A thorough RF Spectrum analysis as part of the RTLS system design and deployment can also serve as a baseline for comparison against disruption in the future. If the RTLS sys- tem is suddenly suffering performance or operational challenges without being updated or changed recently it’s always a good idea to determine the root cause of the disruption and whether it could be the result of an attack.”

CARNEY: “Above all, vendors without the proper processes and policies in place are a major warning that a vulnerability is lurking somewhere in the future. Carefully vet any potential vendor partners before integrating with an RTLS or other system. Once integrated, red flags could include unusual traffic, unrecognized changes to the system, anomalies in capacity or bandwidth patterns and the appearance of unexpected data. Also observing requests coming from unusual or unknown sources can be a warn- ing sign as well.” CANNELL: “Different RTLS modalities have different feature/function sets, and thus security should be assessed on a modality-by-modality basis. It is important to constantly monitor and assess the RF environment for vulnerabilities and threats. Any vulnerabilities should be addressed as quickly as possible. It is also recommended that the individual hospital’s wireless net- working team monitor the RF Spectrum and Wi-Fi network using an intrusion detection system, or better still, a proactive wireless in- trusion protection solution (WIPS). A WIPS system will monitor the wireless system and proactively address threats including potentially black-listing devices, ‘jamming’ threats, and denying access to the network. There are various levels of security offered by these systems, and the best network has a level of security and protection com- mensurate with the importance of the data flowing across the network.” MURTI: “In general, the key elements of any security review should consist of a review of the customer’s network policy and firewall architecture, the customer‘s operating environment, back-end processes and software, which would be no different than the security processes and controls for an IoT-enabled software solution.”

If providers find a cybersecurity problem with their RTLS system, what should they do? GEVA: “Immediately contact your RTLS vendor. In our case, we maintain 24/7 sup- port and our support group have direct access to our R&D team to investigate and respond to events. This is really a require- ment in today’s environment for any HIT system, including RTLS.” JACKSON: “While a cybersecurity threat with the Versus system would be rare, the company employs the necessary expertise and engineering resources to identify and secure a potential future threat. Versus works closely with provider organizations on cybersecurity that complies with both

industry and local healthcare IT security policies. In the unlikely event a security threat is identified, Versus expertise is avail- able to diagnose and remedy any potential cybersecurity issues.” SULLIVAN: “It is very important to iden- tify the problem as soon as possible. Quick, effective detection and classification of threats is the first step toward mitigating the problem followed by protection and recov- ery from the attack. Neutralizing threats will depend on accurate analysis of the threat/ attack. Since the RTLS system will likely be connected to the hospital’s network in some fashion, the hospital should follow its own internal processes for dealing with secu- rity breaches and resultant data/privacy requirements.” CARNEY: “Ideally, a quality provider should have an incident response plan to help guide their reaction to a cybersecurity problem of any variety. Should an RTLS- related security problem occur, it’s critical to work with the manufacturer of the system(s) immediately. Basic steps are to diagnose the vulnerability, shut it down, remediate the problem effectively and address exposure appropriately. Time is of the essence with any security incident and the organization and its partner(s) must work quickly to preserve forensic evidence and prevent further exposure.” CANNELL: “This will be determined by the individual hospital system’s wireless network security process. The key is to identify the problem as soon as possible as early detection is critical to minimizing impact. Once detected, the problem needs to be assessed for severity and addressed appropriately. Remediation action must be taken as quickly as possible, but what specific actions to take depends on the spe- cifics of the problem. For a hospital RTLS system, it is important the hospital follow its own internal processes for dealing with such matters, including consideration of any data protection or privacy regulations or requirements that exist.”

Page 71 • HEALTHCARE PURCHASING NEWS • March 2018 69

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82