How following global best practices can help aged care providers bolster operational technology infrastructure security

As the world becomes increasingly digitised, the convergence of operational technology (OT) with traditional enterprise IT networks is inevitable. This allows aged care providers to better adapt to changing work environments and to harness the power of a connected world. However, while such integration unlocks efficiency and innovation, it also introduces challenges.

Historically, legacy healthcare OT systems have enjoyed a certain degree of security due to an ‘air gap’, which physically isolated these systems from other networks, minimising cyber threats. However, as OT and IT networks intertwine, the air gap is shrinking, causing previously siloed departments to face unprecedented vulnerabilities.

The situation becomes increasingly complex with the surging adoption of Internet of Things (IoT) and Internet of Medical Things (IoMT) devices across both OT and IT domains. Every additional device connected to the network – from medical equipment to communications systems – widens the attack surface. This expansive linked environment provides ample opportunities for potential attackers to exploit vulnerabilities, shifting the discourse from the possibility of an attack to the certainty of one unless comprehensive measures are taken.

Implementing robust security measures in aged care environments

For aged care providers, the urgency cannot be understated. Disruptions in OT systems can lead to life-threatening situations, meaning it's vital that organisations enhance the security and resilience of their systems. By implementing global best-practices, aged care facilities can effectively guard against cyber risks to ensure that residents receive uninterrupted care, even as digital threats evolve.

There are six key steps that aged care providers can take to bring global best practices to a local level:

1. Embrace a holistic approach: organisations should view OT and IT as part of an integrated system, instead of separate entities. This requires a security strategy that encompasses the entirety of the institution’s digital infrastructure, ensuring that there are no weak points for cyberattackers to exploit.
2. Continuous monitoring and assessment: the threat landscape is rapidly evolving, and periodic security assessments aren’t enough. Real-time monitoring tools that offer insights into the network’s health, detecting anomalies and preventing breaches before they wreak havoc, are essential.
3. Educate and train staff: human error remains a significant vulnerability. By training staff on best practices – including recognising phishing attempts and maintaining a strict protocol around password management and device usage – organisations can drastically reduce the risk of inadvertent security lapses.
4. Prioritise network segmentation: keeping critical OT systems segmented from the broader network can reduce the risk of a potential breach spreading. While integration is beneficial, strategic segmentation ensures that, even if one system is compromised, the ripple effect is contained.
5. Implement multifactor authentication (MFA): simple username-password combinations are no longer enough. By integrating MFA, access to critical systems can remain restricted even if credentials are compromised.
6. Stay updated: regularly updating software, firmware, and security patches ensures that known vulnerabilities are addressed. Cyber adversaries often exploit outdated systems, so staying current is a fundamental defence mechanism that should not be overlooked.

Aged care providers hold a dual responsibility to residents to provide quality care while securing sensitive personal and health data. A cyber breach in OT systems not only undermines trust, but also carries legal and reputational risks, affecting long-term resident satisfaction and institutional credibility.

OT systems are a vital part of care across the healthcare industry, and any disruption can result in catastrophic life-threatening outcomes, such as malfunctioning equipment. As technology advances in healthcare – including telemedicine and real-time monitoring – securing OT is no longer just about preventing disruptions, it’s also about empowering seamless innovation, shaping the future of aged care without the constant threat of cyberattacks.

The road to robust OT security in aged care is ongoing: as the environment adapts and changes, so, too, must the protective measures. By embracing global best-practices and fostering a culture of continuous improvement and vigilance, aged care organisations can pave the way for a future where operational continuity and resident safety are never compromised.

Michael Murphy is the head of operational technology and critical infrastructure at Fortinet.

Do you have an idea for a story?
Email [email protected]