Understanding and Securing Healthcare Digital Communication
By Zachary Thoreson, Crowe LLP Digital Security Consulting
Fast, efficient communication is essential to the effective operation of a healthcare organization – but who may be listening? With the growing number of medical applications, biomedical devices, and automated systems entering everyday use in the healthcare industry, it is important to understand how this ecosystem of devices communicates and how to secure it. Can you speak the language that allows for the information systems of a hospital to converse?
Healthcare communication protocols lay the foundation for how information is shared throughout a hospital. Whether it is a small biomedical heartbeat monitor or a complex medication dispensing system, all of these different healthcare information systems need the ability to communicate. Digital communication protocols outline how devices relay information about a patient, their symptoms, and treatments. Healthcare communication channels define the syntax in which a measurement taken by a practitioner using a handheld device can be instantly entered into an Electronic Health Record (EHR) system.
Evolution of a Unified Language
Hospitals and healthcare organizations often have a unique and diverse ecosystem of applications and devices healthcare providers rely upon to provide patient care. Information needs to be centralized and easily accessed regardless if the data is to monitor a patient’s vitals or to review insurance information; as a result, the communication methods used throughout must be standardized. One of the largest organizations working to oversee this standardization is Health Level-7 (HL7).
Founded in 1987, HL7 is a non-profit organization that develops the guidelines for exchange, integration, sharing, and retrieval of electronic health information that supports clinical practice and the management, delivery and evaluation of health services. It is supported by over 1,600 members from 50 countries including care providers, government stakeholders, payers, pharmaceutical companies, vendors, and consulting firms .
When communication between devices is standardized, care providers spend less time on compatibility between hardware, software, and databases and more time focusing on patient care. HL7 has architected how the devices on the network communicate and in doing so have facilitated the development and implementation of healthcare technology. Over time, these messaging protocols have evolved:
HL7 – 1
HL7 version one was released in 1979. The first implementation of the HL7 protocol was fundamental and is generally considered obsolete. It was the first version of a successful protocol that allowed devices to communicate over a shared channel to relay clinical data. Using HL7-1, medical devices were able to interconnect, allowing for seamless integration to EHR and billing applications vastly reducing the reliance on custom code and paper charting.
HL7 version 2 was released in 1989. The second version of the HL7 protocol improved upon the initial version. The version two release improved the ease of connection between devices utilizing the protocol. HL7-2 is currently the most widely adopted version due to its age and ease of use. According to HL7, 95% of US Healthcare organizations utilize a version of HL7-2 . The second version of the messaging protocol allowed for backwards compatibility with HL7-1 devices and continued to reduce implementation costs. Due to its popularity, HL7 is dedicated to continue to support Version 2 and develop it in tandem with version 3.
The third version of HL7 was released in 2005, and offers many improvements over the second including easier implementation of encryption and message verification. However, due to its increased complexity, it has not yet been widely adopted in the healthcare industry.
Fast Healthcare Interoperability Resources – FHIR (Pronounced Fire)
The first official version of FHIR was released in 2014. While not officially a development of HL7, much of the HL7 community including developers and stakeholders, actively support and contribute to its design. Utilizing Application Programming Interfaces (APIs), FHIR is considered by some to be the future of healthcare device communication. It allows for modular code and communication interfaces to be publicly shared between vendors allowing for out of the box integration into a healthcare ecosystem.
Is Easier Secure?
One of the key features in these messaging protocols is also their main vulnerability – the simplistic nature of the message. With every device speaking the same language on a network, it becomes simpler for an adversary to gather information should they gain access to the communication stream. While HL7-2 is utilized in many healthcare ecosystems, there are several security vulnerabilities that allow for exploitation:
- Lack of encryption between endpoints
Without a means of encrypting the data in-transit, HL7 messages can be intercepted and read by anyone on the network. This makes the collection of electronic Patient Health Information (ePHI) possible by intercepting the network traffic and finding HL7 messages.
- No Required Authorization
HL7 messages can be sent or received without any means of identifying who is sending the message or verifying if they are allowed to send the message. This means anyone on the network can send or receive messages regardless of their identity.
- No Message Integrity
Messages that are transmitted through the HL7-2 protocol do not utilize a method of verification to check for integrity. As a result, messages can be intercepted and manipulated between endpoints allowing for an attacker to change the messages or even craft their own.
Coupled together, these vulnerabilities create a potentially dangerous environment where sensitive information is communicated but anyone can read, write, or manipulate what is being transmitted. While alarming, there are ways external to HL7 to supplement the HL7 protocols to make it more secure.
Securing the Conversation
Healthcare networks are complex and intertwined ecosystems with a diverse amount of endpoints ranging from small devices to critical applications housing large amounts of data. Due to the nature of HL7, upgrading devices to the newest version of the protocol is not possible. Medical devices could be decades old but are still utilized for patient care. These devices may still be on version 1 or 2 of the HL7 protocol. Even version 3 of HL7 facilitates encrypted communication, but is not inherently secure out of the box. In order to truly secure the HL7 protocol, additional steps must be taken:
- Network Segmentation
Organizing and dividing the network into several smaller networks can increase the efficiency and security of the endpoints. Separate physical networks or Virtual Local Area Networks (VLAN) for guest internet, employee internet, and critical devices limit the exposure and load on the network. It also inhibits a user on a guest network from intercepting the communication on a network that may have traversing HL7 messages.
- Usage of Tunneling / Encryption
While messages utilizing the HL7 protocol are not encrypted, they can be encapsulated into another message that does utilize encryption. Similar to placing a secret note into a safe and then mailing the safe, encapsulation addresses the vulnerability where anyone on the network can read the communication between endpoints.
This can be accomplished by utilizing a Virtual Private Network (VPN) utilizing Secure Shell (SSH). Instead of connecting the two endpoints together directly using the HL7 protocol, a secure connection is first established and the messages are then sent over the connection. While other users on the network can see a message is being sent between two devices, the contents of the message cannot be deciphered.
In addition to the connection now being secure, encapsulation using a VPN also addresses the authorization and authentication vulnerabilities. To establish a secure connection through a VPN, the two endpoints must communicate who they are and provide proof in order for the connection to be established. This prevents an attacker from crafting their own messages and distributing the message throughout the network to HL7 devices.
- Physical Access Controls
Perhaps the simplest way to secure a network is to lock down the building itself. While wireless networks can be used for simple operations, more critical endpoints should be placed on a physically connected network. This method of protection restricts access to Ethernet ports via secure doors, network access controls, and the situational awareness of staff.
While at first glance the drawbacks of such a simple protocol may seem to outweigh the benefits, the above methods can be implemented to easily secure messages being sent over the network and shut down a malicious actor. Many of these controls are regarded as best practice guidance within any industry and should be implemented regardless of the use of HL7 protocols. Outside entities can also be utilized to audit your HL7 implementation and determine if vulnerabilities are still present in the configuration.
Assessing Your Security Posture
After increasing the security controls within the organization and attempting to secure endpoints, there are methods to continue to develop a strong cybersecurity posture. Performing internal penetration testing allows for the implemented controls to be validated under a simulated attack.
Additionally, the usage of a strong change management procedures when implementing or updating connections can provide great benefit. Change management procedures enforce accountability of alterations on information and communication systems while at the same time preventing un-authorized changes to the critical infrastructure.
Extending security practices to third parties is also important as data often passes hands. It is imperative to review the security practices of third parties as if the third part is breached, the provider organization is ultimately responsible.
Developments in technology have allowed for complex medical devices and applications to seamlessly integrate. These advances in technology occur almost daily and allow for greater ease of use while letting healthcare staff focus on what is important. However, with any technology that is being widely adopted, it is important to understand that it is not always inherently secure. It is important to embrace the change of new technologies, but through a lens of caution.
 Health Level Seven International. (n.d.). Retrieved from http://www.hl7.org/about/index.cfm?ref=nav
 Health Level Seven International. (n.d.). Retrieved from https://www.hl7.org/implement/standards/product_brief.cfm?product_id=185