By Jeff Wardon, Jr., Assistant Editor

Cybersecurity grows more important by the day for healthcare facilities, especially as they see themselves flanked with countless cyberattacks and data breaches. When thinking about cybersecurity responsibilities, it is usually assumed that those fall to the IT departments. While this assumption is reasonable to an extent, IT should not be the sole bearer. 

These responsibilities can be shared with facilities management in some cases. However, their level of general involvement currently is low, according to Richard Staynings, chief security strategist at Cylera.   

“It is difficult to lump all facilities directors in the same bucket here because there are different processes and organizational structures across different healthcare entities, but we are adding facility systems all the time,” says Staynings. “We now have smart hospital systems with patient rooms where the lights go on when they detect motion. We also have entertainment systems, nurse call systems and all the patient telemetry systems in patient rooms. Additionally, we now have solar panels on the roofs and green roofs on hospitals with automatic irrigation systems, too. We are continuing to add these connected systems to facilities, so cybersecurity for facilities managers really should be an area of focus today and looking to the future.” 

With all these connected systems in a healthcare facility, it becomes apparent how quickly they can be compromised with a cyberattack. Furthermore, these systems can house vital and sensitive information that can be stolen. Preventing a breach can be done through an approach facilities management and IT departments can take called “zero trust.” Charlie Regan, chief executive officer at Nerds On Site, says zero trust is the only cybersecurity approach working in the right direction. However, Regan adds that the systems must be on-site.  

“For instance, the one that we use does not allow anything to leave the physical site of the client, even for assessment as to its first veracity and second security,” says Regan. “All the major players send information up to the cloud to a central clearance depot. Now with the journey to the cloud, there is a potential breach at the cloud, and then on the way back. What we use does not send anything away to be assessed. It is always done on site in the server and network environment of the client.” 

These types of systems work around the clock to guard against hackers and other unauthorized third parties. Similarly, Regan says that the role facilities management plays in assessing and updating the cybersecurity infrastructure is a 24/7 job as well. This is because information and data are constantly being exchanged, even if an organization is not aware of it.  

That is thanks to what he calls “cyber bots” breaching systems, assessing the value of data and then bringing that data out of its original system, creating what is called a data drip. Regan says that facilities managers “quite literally” must keep an eye on all data drip, and that means determining the destination of all data leaving their systems.  

“We can go into a company and find out in 15 minutes you have got data going at 195,000 drips of data every minute,” says Regan. “You have got some going to Poland, you have got some going to North Korea and you have got some going to South Africa. You have clients, trusted suppliers or trusted stakeholders in any of those arenas. If not, then you know that you are experiencing data drip. So, facilities managers must keep a non-stop eye out for the data drip because they must be wary of where the data is ending up is trusted and friendly.” 

Keeping an ever-watchful eye on data and security systems is a responsibility that facilities management and IT can collaborate on. In addition, taking a zero-trust approach can help guard valuable data from unauthorized parties. Through both, a more robust and thorough cybersecurity approach may be developed. 

Jeff Wardon, Jr. is the assistant editor for the facilities market.