5G Strategy and Security: Risks and Opportunities for Health Systems

The drive to modernize the delivery of virtual care to support the pandemic is unprecedented. More than ever, innovation is needed to deliver primary care via telemedicine and remote monitoring services, and to protect patient data and reduce medical errors.

Deploying technology to enhance patient care and safety starts one hospital at a time and depends on the adoption of smarter technology. Hospitals by their nature are large, complex facilities that are expensive to build and even more expensive to maintain, and IT has often been an afterthought in hospital construction and infrastructure. The modernizations and upgrades that we have lobbied for as healthcare IT professionals are now essential to support a remote workforce and virtual visits.

A fresh approach to hospital design requires that intelligent infrastructure and other new technologies come together to enable a smarter, more flexible healthcare environment. This creates what’s called the Smart Hospital, defined as “a fully automated hospital that incorporates the patient state, provider’s presence and workflow with medical facilities and equipment to proactively push relevant information to and from the EMR and policy-based management systems.”

5G-enabled technologies can contribute to the development of a Smart Healthcare model. Knowing the location, disposition and condition of all elements associated with care delivery of healthcare drives increased awareness of patients, staff and assets. Hospitals that use this awareness to optimize workflows will improve patient interaction, eliminate medication errors, reduce patient identification errors, and lower hospital operating costs – but they also need to be aware of the risk.

In this post, we will explore how healthcare organizations can prepare for this new network transformation and provide an overview of what we believe is necessary to help secure our healthcare organizations, networks and patient data.

5G Opportunities and Risks

5G is the fifth generation of mobile networks. This standard offers the potential for downloads speeds up to 10 times faster than 4G, along with significantly improved security features such as stronger encryption of data and better verification of network users.

5G will change how we communicate, work and deliver patient care, both inside the hospital and externally via telemedicine, the Internet of Things and wearables. However, 5G also presents security risks – and it’s more than just patching security flaws like with any emerging technology.

AT&T has developed an extensive report called Security at the Speed of 5G. According to the report, “many enterprises are getting a head start with 5G, yet many are challenged with understanding all its dimensions.”

The AT&T report identified three top risks:

  1. A larger attack surface due to the massive increase in connectivity. Approximately 44% of the CIOs surveyed in the AT&T study identified this as their top concern.
  2. The greater number of devices accessing the network.
  3. The need to extend security policies to new types of devices that will be impacted by 5G access.

With 5G on the horizon, how healthcare CIOs and CISOs address this new and enhanced network access will impact their organizations. This will require a review of security policies and procedures. Readiness assessments and early strategic planning will be valuable.

According to the AT&T report, only 25% of CIOs and CISOs are confident that their organization’s current security policies will be effective in a 5G environment. More than half, or 53%, say some adjustments will be required, and 22% anticipate a need to completely rethink their security policies.

Prepare for 5G Vulnerabilities

It's clear that healthcare leaders need to act quickly. By 2025, it’s expected that 65% of the world will have access to 5G, with 45% of all data traffic traversing the 5G network. Worldwide, there will be 2.6 billion 5G subscribers.

Data breaches in the healthcare industry are expected to occur daily. That’s because healthcare data is estimated to be 50 times more valuable than data in other industries – at about $408 per record.

5G’s larger attack surface presents a number of potential vulnerabilities that could increase or create additional risk, some of which are concerns with existing cellular networks, these include:

  • Signaling. A DDoS Attack such as a signaling storm, against an individual entity can be generated by a malicious actor or even a legitimate source. For example, a misbehaving protocol stack in an IoT device can generate a signaling storm cause an outage.
  • User Payload. Victim devices that have connected to malicious APs may be infected with malware payloads trying to spread onto secure networks.
  • Management Plane. Attacks at the management plane and orchestration layers can present challenges to maintain the 5G environment. These challenges this can include hospital infrastructure and access to 5G resources.
  • Interoperability. As more applications and devices are connected at 5G speeds, the promise of more interoperability is a significant benefit to healthcare – but it also presents a security challenge due to the interconnections among different data sources and critical clinical devices.
  • Crimeware. Also referred to as an attack toolkit, Crimeware is currently being sold as-a-service, which has contributed to a dramatic increase in the frequency of cybersecurity attacks. There are also attractive incentives, as cyberattacks come with a low risk but a high pay off. Due to high degrees of digitization, cybersecurity around 5G has become a top concern.

In a healthcare system, everything from EHRs to Ventilators to Wearables will share data over 5G networks, making a re-evaluation of the threats above all the more critical and timely.

To design and implement a stable and secure 5G solution, healthcare organizations will need help understanding 5G technologies and a plan to leverage the wireless standard’s new infrastructure and security features.  For more information, contact me for a discussion of your organization and its 5G plan.

Healthcare IT Leaders CTO Ken Bradberry is a seasoned technologist with 25+ years’ experience focused on innovative security, architectural and technical solutions for healthcare organizations.