Cyber Vulnerabilities In Healthcare Network Closets

Greetings and welcome back!  This week we take a look at a serious security problem: Cyber Vulnerabilities in Healthcare Network Closets.  This is a particularly troublesome problem for most every healthcare facility and one that needs to be considered carefully.

To begin with, electrical and network personnel segment network closets into  two types of rooms:

  • Main Distribution Frame (MDF) – this is the central point where all network and telecom connections arrive at your facility
  • Intermediate Distribution Frame (IDF) – are the individual network rooms located on floors throughout your facility

Your central MDF room and your distributed IDF rooms are the transit points for all of the data that travels within your facility.  That means that anyone who can gain access to one of these rooms has the ability to capture, modify and even alter data as it travels through your network.  Because of this fact, the physical and cybersecurity of these rooms is hypercritical to the security of every healthcare facility.

An excellent study of over 100 network rooms in multiple buildings on a college campus was published by Nathan Timbs at East Tennessee State University.  In this study, there was an average of more than 1 security flaw discovered for each of the network closets in service.  The reason is likely that network closets are often out-of-sight and out-of-mind and, hence, are given very little consideration for either cyber or physical security.  In fact, if you stroll around your facility on any given day, it would probably not be surprising to see a network closet just propped-open when a telecom or network worker is making changes to equipment or wiring in a room.

Perhaps the most damaging type of attack that has become all-too-frequent in MDF and IDF rooms is the cyber/physical attack where the hacker steals massive amounts of data.  Such was the case in one of the largest data thefts on record where an individual broke into network closets at Massachusetts Institute of Technology, connected a laptop to a network switch, and simply left the laptop in the room to gather enormous amounts of data.  This is a sad case for many reasons and makes for interesting reading.

Another type of attack that is becoming more frequent is the use of the network interface on a Rack Power Distribution Unit (PDU) or Rack Uninterruptible Power Supply (UPS) as a backdoor to the network equipment in the room.  A recent case that involved another serious data theft used just such a strategy to use a Rack PDU as a backdoor to navigate to the data that was within systems in the same room.  The data thief was outside the walls of the company’s facility and still was able to navigate through the perimeter firewall and then use the Rack PDU as their fox hole from which to operate.  No one suspected until after the theft had been committed.

HIPAA regulations are explicit in their requirements for securing ANY room in which data is traveling or at rest.  HIPAA also requires the securing of all power systems within ANY room in which data is present.  The specific regulations in play for these requirements are as follows:

  • Physical Access Monitoring and Control – According to the Department of Health and Human Services, nearly half of HIPAA Security violations for 2016 involved breaches of Physical Security. HIPAA regulations specifically define Physical Network Security requirements and these include Section 164.310: Facility Access Controls. Implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.
  • Backup Power Monitoring and Control – Backup Power is a necessity to allow the protection of and access to critical medical records in the event of a power back out or other power event.  This requirement is described in HIPAA Security Section 164.308(a)(7)(ii)(C) Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode. When a covered entity is operating in emergency mode due to a technical failure or power outage, security processes to protect EPHI must be maintained.”

At AlphaGuardian, we take the security of network IDF and MDF rooms very seriously.  Our RackGuardian unit was built as the only product on the market that provides full physical access security for any room while it also provide comprehensive security for all of the following areas:

  • Physical Security – RackGuardian integrates with any Wiegand-based card or biometric access system
  • Cybersecurity – RackGuardian’s private network port is attached to each Rack PDU and UPS system in your room and provides an firewall which renders anything plugged into it to be stealth on your network
  • Operational Security – HIPAA requires that all power and related systems be monitored to ensure their uptime.  RackGuardian can monitor any SNMP or Modbus device and convert its data into encrypted steams which are pushed to our secure cloud service.

We would encourage each reader of this blog to contact us for a confidential discussion of securing your network closets.  Whether  you have 2 closets or 2000, we can cover you and make all your network closets secure.

Unti Next Time,

Be Well!