We’ve discussed several times on this blog before the efficacy of hardware such as medical computer systems when it comes to fortifying your healthcare cybersecurity, but they’re by no means a “set it and forget it” solution. Cyberattacks are constantly occurring at more frequent rates and evolving in sophistication. In fact, according to a recent announcement by the FBI, reports of cybercrime have tripled in recent times due to a number of factors, the pandemic being one of them. 

Regrettably, it’s because the healthcare industry is constantly evolving and digitizing that these attacks are able to occur. Imagine a cyberattack as a virus attacking and infecting a single piece of medical tech. If that tech is connected to other devices through internet connectivity, it’s exceedingly easy to have that virus jump from one device to the next until entire wings of hospital tech are infected. Fortunately, medical devices can combat this in much the same way as us humans combat infection: through proper distancing from other, susceptible hosts of infection. This distancing of interconnected medical hardware can be done through Network Segmentation.

What is Network Segmentation?

Network segmentation is the process of dividing a connected network into smaller parts or “subnetworks”. The philosophy behind this practice is rather simple, but effective- by breaking connections between devices, a cybercriminal won’t be able to jump from one device to the next, eliminating their ability to gain access to more sensitive pieces of patient information.

Of course, this doesn’t mean you’ll want to go splitting up every single piece of tech onto its own network. Some staff members and pieces of hardware need to be able to share information with each other in order to maximize efficiency of care. And so, healthcare network segmentation security best practices dictate knowing where to make these breaks into subnetwork so as to: 

a.) Improve cybersecurity

b.) Do so without jeopardizing workplace efficiency

Healthcare Network Segmentation Security Best Practices

A proper healthcare network segmentation strategy requires a large amount of insight into how your facility functions. Without that insight, splitting up your facility into subnetworks can do more harm than good. Fortunately, there are ways to build up that insight. 

Develop a Deep Understanding of Your Connected Devices

Breaks that don’t jeopardize efficiency can’t be made accurately if you aren’t aware of the devices in your facility and how/why they connect with other devices in the ways that they do. Creating an effective network segmentation strategy requires that you keep an up to date record of your facility’s medical devices and tools. That way, whenever a new device is brought in, it can be added to your inventory and its necessary connections to other devices can be recorded. 

Fortunately, this stock management can be incorporated rather effectively without the need for excessive labor on your staff’s part by simply investing in automated inventory tools. A device like a medical tablet with barcode scanner functionality customized into the hardware, for example, is lightweight, allows for easy scanning of hardware into an inventory software, and, if its manufacturer creates truly medical-grade products, can also help fight infection. 

Run Regular Risk Assessments

Part of understanding your connected device infrastructure is knowing which pieces of tech are at higher risk of cyberattack. Doing so requires you to step into the mind of the average cybercriminal and understand what data they’re after and why. With these ins and outs of healthcare industry cybersecurity in mind, it becomes easier to predict which pieces of hardware are more likely to be targeted in your facility. Once you have a general idea of the most at-risk pieces of tech, you’ll have a better understanding of where you’ll need to make your breaks in your network to cut off access to a criminal. 

It’s also highly recommended that facilities run regular audits on their tech infrastructure. Doing so will ensure that no new devices or connections between devices go unnoticed long enough to be susceptible to an attack. 

Create a Team

Healthcare IT teams have started to play more and more of an active role in the average healthcare facility as interconnected devices and remote care infrastructures enter the mainstream. One need just look at Boston Children’s Hospital’s story for a present day example of just how integral proper IT leadership can be, especially given today’s events. 

While many facilities may believe it best to leave medical device security responsibilities to the biomedical engineering equipment team, hospital IT teams will also need to be brought into the fold as a healthcare network segmentation strategy stands to cause quite a few connectivity issues if not implemented correctly. Regardless of who you plan on assigning these tasks to, ensure the team is put together and everyone is aware of their roles and how they will be asked to collaborate together. 

Once a trusted team is set and the parameters of their responsibilities are clearly defined, that team can also double check and confirm the efficacy of your proposed network segmentation strategy. Checking these network segmentations before they’re made live can ensure clinical operations are slowed or stalled due to an improper rollout.

Must-Haves for a Healthcare Network Segmentation Strategy

So, now that the best practices have been laid out, what are a couple of network segmentation tools you can invest in in order to dip your toes into healthcare network segmentation strategy prep? There are two categories many would recommend when starting out: tools for actually segmenting your network, and security tools for fortifying the cyberdefense of these new networks.  


Virtual LANs (VLANs) are a popular network segmentation tool that allows teams to easily divide their networks into more localized subnetworks. They work by allowing you to group connected devices together on a shared network while also blocking out contact from other networks who don’t necessarily need to be communicating. 

There are a few philosophies you can adopt when deciding what hardware to group together, but the general rule of thumb is to block off departments or machines that don’t require input from one another to care for patients effectively. By using these VLANs to limit the number of connections across devices, you can break down more of the bridges that could have been used by a cybercriminal to infect multiple devices and eventually reach a computer with tons of sensitive patient data. 

Identity Authenticators

Once you’ve undertaken all of these precautions and efforts to build out your healthcare network segmentation strategy, the last thing you want to do is not be on top of tracking who’s accessing your protected data.

With patient data being made more and more transparent in an effort to adopt value-based care, a healthcare facility’s data needs to be readily accessible by the right people, but prohibited to those not within the approved network. That said, investing in some identity authentication hardware can help confirm the right people are being granted access into the network. Software-based imprivata single sign on solutions have remained a proven method of authenticating staff members looking to access data-rich programs such as EHRs and patient records. 

On the hardware side of things, medical panel computers and even portable tablets and computer on wheels setups can be customized with RFID and CaC readers that are known to improve identity authentication accuracy. Facilities looking to even further build out their defense efforts can invest in two-factor authentication by customizing these workstations with biometrics such as fingerprint scanners as well.

A Healthcare Network Segmentation Strategy Starts with Self-Inflection

Network segmentation only works if you know exactly where your facility can afford to have breaks in its connectivity. Those looking to invest in a segmentation plan would be best advised to speak to their teams, especially their IT and medical device security teams, in order to receive the insights needed to pull off these effective plans. If you find yourself interested in getting started with a healthcare network segmentation strategy, contact an expert from Cybernet today to learn about what hardware may be necessary.