Transforming Hospitals with Effective Healthcare IT Strategy
- Iron Bridge
The healthcare system has been under unprecedented attack for all of 2023 and 2024, with 386 cyberattacks in the first three-quarters of 2024 alone. These issues are not only bad for data theft, but can cause significant damage by cutting connections, blocking access, or causing loss of data critical for patient care. The healthcare system must protect its services and retain public trust.
The following article will help you understand how to maintain a robust and effective healthcare IT strategy. So, read on for a guide on digital transformation in healthcare and how to move forward into and beyond 2025 while providing the highest level of care to your patients.
Benchmark Current IT Maturity
One of the first steps you will need to take is to run a complete 360° hospital IT infrastructure scan to audit the current state of your system. The resulting report should cover:
- Peak throughput
- How fast backups kick in when a link drops
- Firmware versioning
- Device ages
This step identifies whether you have any components whose individual failure could spell disaster.
After you have this information, analyze all the different feeds and APIs you use to pinpoint where someone can utilize custom scripts that could cause problems. You also want to discover locations where these systems do not natively talk to one of them, causing interoperability debt.
Checking the Latest Attack Vectors
With 55% of individuals in the U.S. affected by major health data breaches in 2024, you need to test your defenses thoroughly.
Cross-check last year's most common ransomware efforts with your current disaster-recovery playbooks and security systems. You want to be ready to prevent an attack and know what to do should the worst happen.
At the same time, benchmark how well you have done over the past years. Compare your Recovery Time Objectives and Recovery Point Objectives against any logs you have to see if your actions hold up. If you don't have such clear objectives, you must develop some to discover areas of weakness and improve your processes.
Make sure to safely test everything you can that someone could abuse to access your system, and areas that could generally impact your uptime if they fail, regardless of why. For example:
- Secondary network links
- UPS feeds
- Generator systems
- Mirrored storage
You want to ensure your potential downtime is minimal hospital-wide.
Examining how you interface with your third-party vendors may also be wise. If they do not use multi-factor authentication, for example, then they become a potential risk vector. I****f you cannot update the method of interaction yourself, however, you may need to escalate the issue directly to the third party.
Check the Robustness of Your Network and Processes
Benchmark your SAN by simulating CT or MRI uploads through it, measuring the I/O performance. If you suddenly receive more scans in a shorter time, this will prevent them from bottlenecking and causing larger issues. As more detailed scans are available with each technological update, this becomes more relevant.
Make sure to trace your lab middleware pipelines as well. If you find any queues where orders sit for longer than a few minutes, take action to redesign them for efficiency or split these tasks into smaller sections so that you can track their ongoing process in pieces. Doing this allows for discovering where the specific blockages in the process occur so that there is enough data to reflect on them and potentially make improvements.
You will also want to check your working processes to look for areas where people are still updating files, such as CSVs, by hand. Doing the work like this adds greater risk of:
- Typos
- Missing records
- Format mismatches
- Duplicate information
- Malicious action
As such, update the method by which you update these files to remove as much risk as possible.
_Make sure also to set up automated compliance and vulnerability scans._Run these regularly enough to meet regulatory requirements without interfering with your network's workflow or causing problems. You can then take the results from these to fix weaknesses before malicious actors take advantage of the potential area of access.
If you have the authority to do so, consider contracting PEN testers to find issues you would not have otherwise seen. These people will then be able to give you a much more comprehensive set of feedback you can take action with, rather than what you could have compiled alone.
Ensure Healthcare Data Meets Expectations
Run a scan to search for duplicate patient IDs across your systems and then flag those that need an update. Depending on your internal processes, take action to ensure that only one patient ID exists per patient. According to a recent research review, 18% of patient records within organizations are duplicates, causing significant healthcare data management issues.
Next, look at your internal helpdesk or CRM stats for every interface, such as the:
- Lab
- Pharmacy
- Radiology
- Billing
Look for which generates the most tickets. Prioritize that location for an overhaul and see if you can make any process updates to help reduce bottlenecking or other issues.
You must also verify that all the data used throughout your hospital remains encrypted, both in transit and at rest. This audit includes when people are on CT or MRI scanners or interacting with any automated systems in the hospital.
Failing to keep up with this requirement has repercussions related to HIPAA and could cause significant long-term problems should patient data be accessed when it shouldn't.
Set IT Strategy Targets for Better Patient Outcomes
Moving forward, you must create targets to ensure those you care for receive the best response possible. Start by mapping every IT strategy you plan to enact to a specific metric related to patient care quality. For example:
- HEDIS immunization levels
- HEDIS screening rates
- CMS stars hospital quality
- CMS stars patient experience ranking
Tying your efforts to these scores can give you the data you need to communicate to non-IT individuals, such as doctors, how vital your work is. With as many people in the healthcare facility on your side, you can make better changes, impacting both your work and patients' lives.
Automating Goals for Patient Improvement
If possible, _attempt to automate as many processes as you can._For example, you may want to query state registries for vaccinations to see if any of your patients have immunity. You can then receive information on those who have not had a shot to help increase your regional immunization rate.
Setting Goals for New Regulations and Requirements
As you build your plan, make sure to understand any new or upcoming changes to legal requirements, such as HTI-1's upcoming rules and how they affect algorithm transparency. Doing this prevents the business from falling foul of legal issues and avoids litigation. Handling it earlier also prevents you from scrambling to complete the process later.
You might also want to ensure you remain aware of the upcoming HIPAA-related rules.
To prepare for such changes, make sure that you build and maintain an asset inventory and network map that you can refer to later, so that you can plan better for the changes. You should then run through each requirement and perform a gap analysis, working out which steps you have not yet taken, estimating the time to do so, and the cost of each.
If any requirements are likely to cause you issues, you can choose to make only the changes that offer you the best outcome, regardless of whether all steps become regulations. At the same time, plan and prepare for the others without taking the final steps. Then, if you need to respond to them, you should have everything you need to make the whole process much faster.
Developing an Incident Playbook
Document in detail your method for preparing for potential security threats in terms of:
- Detecting
- Investigating
- Reporting
- Responding
- Retrospecting
Include written procedures for recovering any critical systems that may be lost, as well as any data. You should then ensure that the system returns to normalcy within 72 hours at most.
Segmenting Your Network to Avoid a Network-Wide Breach
Use VLANs or other segmentation methods to avoid a breach in one section of your network from traversing the entire infrastructure freely.
Define these VLANs per function or department, such as:
- Clinical
- Guest Wi-Fi
- Servers
- C-Suite
- Admin
You can then ensure any potential threat stays contained even when it broadcasts. Similarly, you should place critical resources such as high-value servers or storage onto exclusive VLANs that one cannot access from other general-purpose segments to keep them safer.
Limit the size of VLANs to reduce the possibility of them being reconfigured for a new purpose and to make troubleshooting any issue that occurs much easier. Also, any inter-VLAN traffic should go through a firewall or router rather than simpler routes, allowing you to block any unauthorized transfers, while limiting those who can access VLANs outside of their specific needs in the business.
Modernize the Hospital IT Infrastructure
Make sure you keep your location as up-to-date as possible by using your budget to match your hardware and software to the needs of an expanding and updating healthcare industry.
Start by consolidating your internal connectivity with 10 Gb backbone switching. Retire any older systems that you may have installed, or patched together from several vendors, and unify your architecture to ensure:
- Simpler cable and system management
- Fewer ports to juggle
- Less possibility of outdated devices causing security issues
- Greater possibility for infrastructure growth
At the same time, look to your server instances and decommission any still using legacy versions of any server software before their extended support periods end. While extended support for Windows Server 2019 ends in 2029, for example, the mainstream support period has already passed.
Ensure you also work on your Wi-Fi coverage, helping it reach every area of your healthcare facility to support medical IoT devices. The first Wi-Fi 7 access points already exist, and you may want to take advantage of this fact now to ensure you remain compliant with requirements for longer. However, if your budget does not stretch to such infrastructure, Wi-Fi 5E is still the baseline for many systems.
If your hospital has carbon-reduction targets, the IT system is a significant power draw. Ensure you set CO2 goals and apply updates that will hibernate or shut down systems, or consolidate workloads, where necessary, while ensuring that your efforts do not cause potential harm or open the system up to attack by malicious actors.
When it comes to the physical connections, you should also start upgrading your Cat-5e cables to OM4 fiber where possible. The 40 Gb connection available from these will help significantly in areas where high-throughput data is essential.
Prioritizing Your Healthcare IT Strategy Efforts
Focus first on areas that deliver clear and measurable wins that have returns within six months. Failing to do this will mean that you will likely lose momentum from the executive team, who may be interested in your changes until they cause issues. Reporting on constant improvements instead gives them the best reason they need to provide you with further resources in the future.
Once you have made changes, you should also report any key metrics so your organization can use the data to negotiate contracts and promote the hospital's work, especially when meeting more recent regulations.
Doing this makes it more likely that you will have additional support to take similar steps later and even make demands that will help you make more of a difference.
Drive Better IT Results in a Healthcare Setting
By modernizing healthcare technology solutions and prioritizing improvements to your security system, you can ensure that your update efforts align with patient needs and regulatory requirements. Plan for an IT roadmap that pushes your organization toward clinical excellence by leveraging all the options available to you to get the best results possible.
Iron Bridge can help you improve your healthcare IT strategy by automating high-volume tasks and using a segmented cloud to boost digital security. No matter the size of your organization, contact us to learn what we can do to future-proof your healthcare IT efforts today.