9 December 2019

A leaking server room or a congested network: What IT in healthcare should (not) look like.

Soitron IT expert: Some hospitals open their door to hackers themselves.

MARTIN ČAPRNKA in cooperation with the editor’s office of Soitron

We talked to Soitron IT expert Martin Čaprnka about what modern IT in a hospital should look like and how to build it with a limited budget.

Many hospitals today are struggling with lack of personnel and desolate buildings. What about their IT in the light of these challenges?

The situation with their IT is very similar. When you see the old and unfit buildings in which they often reside, their communication infrastructure is in a similar condition. It often looks like 20 to 30 years ago. Problems are just plastered over. Staff do not have the time or money to do the overall renovation the communication infrastructure would deserve.

What does IT infrastructure look like in a typical Slovak hospital?

I’ve seen a few them. Some were in a rather woeful state. In one of them, the boiler room was in a better state than the room in which the data and telecommunication equipment was housed. With leaks and mould on the walls, uninterrupted operation could not be guaranteed. Wiring is often undersized for both power and data. I was in one hospital where we would have to turn half of the hospital upside down if we wanted to install another wireless access point.

Let’s say I’m the hospital director and I’m deciding how to best allocate my budget. What’s the benefit of investing in IT infrastructure compared to, for example, training people, renovating the building, and so on?

This can be viewed from several perspectives. Firstly, what do I need to provide for patients and doctors? For instance, I may have a portable X-ray machine and need to send the images somewhere. Or I may need to register patients, store data, and so on. These are the services that hospitals want to provide.

Secondly, how do I keep the technology operating? This is what I have to have in mind when building the whole infrastructure. In the event of a failure, I must be able to keep at least critical systems in operation, the functioning of which may depend on infrastructure: for example, patient monitoring.

And finally, security. Cyberattacks don’t avoid hospitals. The network should therefore be built from the ground up to be secure. Of course, it is more complex than that, and security should be addressed on other tiers as well. However, the more you neglect this aspect, the easier the attacks will be because the communication infrastructure is the foundation of all other systems.

Some hospitals already have Wi-Fi. Is patient data safe?

Some hospitals are more advanced. They have implemented segmentation and use separate secure networks, i.e., one network accessible by visitors or patients and another one not accessible by ordinary people, so that sensitive data is protected.

But of course, sometimes it is the other way around. Several facilities use devices that you can readily buy in supermarkets. I wouldn’t use them even for my home. Such devices are not patched at all, or perhaps are only patched after a year. In this way, they open the door to potential attackers. Not to mention that if Wi-Fi is designed and installed incorrectly, it does not serve its purpose at all. So, it is quite common that there is Wi-Fi in a hospital, but you cannot connect to it because it has not been set up for a large number of users.

Can medical devices run on Wi-Fi?

It is more secure to connect them by cable. However, some devices, such as those that do not monitor patients, can certainly run on a wireless network as well. This includes devices that assist in service tasks, such as an automatic drug dispenser. In this case, a Wi-Fi connection allows the device to monitor the medication the patient takes and prepare it for them. Should this system fail, it is not a critical problem. The system just makes the work for the staff easier.

A typical example of Wi-Fi use is the localization of portable devices such as X-ray machines, sonographs, and so on. It allows staff to quickly find out where each device is and how to get it to where it needs to be as quickly as possible. Again, it saves time.

What common IT problems you see most often?

Undersized network and transmission capacity. In such cases, there is nowhere to connect a new device. The second major problem is security. There is often lack of continuity when the systems are built. If the chief IT expert happens to leave, nobody has a clue how the whole thing is built. Another common problem is lack of redundancies. Critical elements the entire communication depends on often don’t have two power supplies in place, or two physical paths available to prevent the whole system from collapsing in the event of a failure.

Can a hospital on a limited budget significantly improve its IT infrastructure?

In public hospitals this is probably difficult, but in private hospitals this is accounted for. They want to differentiate themselves from past practices and build modern hospitals. IT infrastructure can also be built for reasonable money. We have witnessed it mainly in the private hospitals we have worked with.

If I’m the hospital director who wants it, where should I start?

Start with an audit. First, look at the building. Are the premises suitable? The next thing you should look at is what your hospital provides, i.e., how the departments are structured, how you need them to communicate with each other, what services you provide to patients, and what role the data communication plays. Once the whole hospital has been mapped, a plan of how to build the infrastructure from zero to the final state is designed, and then you can start building it, sort of like with building blocks.

Can it be done part by part?

Definitely. Actually, this is how it’s usually done. It would be ideal to have the whole thing built in one go, but usually hospitals identify critical parts to start with. These investments may sometimes take up to five years, but if you want to get somewhere, you must take the first step. After all, once you fix the problems with unsuitable premises or structured cabling, you benefit from it right away. And you also have the conditions prepared for the future.

Give us an example of a hospital in Slovakia with a good IT infrastructure.

A very good example are the new private hospitals. Since they are filled to the roof with technology, we often have to build an extremely stable and secure network for them. This was also the case of the New Generation Hospital in Michalovce.

However, we can also find good examples in some public hospitals that have made several investments. They have undergone renovations, and some of them have built completely new departments that look like those in the Dr House TV show. And I am happy to say that this is happening all over Slovakia.

Martin Čaprnka

Network Presales Team Leader