Part of Architecture pattern for connected medical devices - Pathology Pillar
Network segmentation patterns for pathology diagnostics components
1. Pathology application services
These are applications used to provide various functions in the pathology diagnostics data flow and include:
GP office system – System used in GP surgeries to generate pathology testing requests.
Order and results applications – These are systems that link GP practices directly to test laboratories, meaning requestors can request results electronically. The system allows you to see pathology and radiology results held by the hospital, including ones that have not been requested, and means the laboratory team can see all the information it needs. It also keeps an electronic record in a patient's notes so that there is full accountability.
Patient administration system (PAS) – PAS is a primary component of the IT infrastructure in a hospital system. It is used to manage patient demographic information and admit, discharge and transfer information.
Laboratory automation systems (LAS) – LAS can help laboratories to streamline workflows through the intelligent integration of robotics and laboratory automation software.
Segmentation options for pathology application services
Ordering and reporting systems should be deployed in multiple logical network groups and subnets with appropriate access control policies to ensure only authorised traffic is permitted to/from the systems hosting these applications.
PAS and LAS can be placed in dedicated logical groups and subnet (zone) firewalled with applicable access control policies.
GP systems should be segmented from other office applications in their own dedicated logical group/subnet (zone) with appropriate access control policies.
Databases connected to GP systems, order and reporting systems or PAS should also be segmented in a dedicated logical group/subnet (zone) with the appropriate access control policies to permit only authorised traffic.
Application layer segmentation can be implemented to isolate these systems where possible.
2. Pathology diagnostics devices
Pathology is the study of disease, especially of the structural abnormalities produced by disease, and there are 3 main subtypes of pathology: anatomical pathology, clinical pathology, and molecular pathology.
Pathology diagnostic devices such as analysers are used to analyse the different samples acquired from patients to generate results based on the original test order. Pathology diagnostics devices can be categorised based on the type of testing it performs, for example:
| Pathology sub-type | Definition | Sample diagnostic device type 1 | Sample diagnostic device type 2 |
|---|---|---|---|
| Anatomical | Studies the effect of disease on the structure of body organs, both as a whole (grossly) and microscopically. | Sample tracking software | Immunohistochemistry system (IHC) |
| Clinical | Diagnoses disease through laboratory analysis of bodily fluids and tissues. |
Clinical chemistry analysers |
Immunoassay analysers |
| Molecular | Study of abnormalities of tissues and cells at the molecular level. | Spectrometers | Sequencers |
Table 5: Sample pathology diagnostic devices by category
Recommended segmentation options for pathology devices
As identified in Network segmentation - An introduction for health and care organisations, pathology devices, such as analysers, may have an embedded operating system or firmware where patch release cycles may be different from a current commercial off-the-shelf operating system.
You should segment pathology diagnostics devices connected to the clinical network into logical groups and subnets (zones) behind a router/firewall, supported by appropriate network access control policy to restrict communication to authorised traffic only.
The logical grouping of connected medical devices (CMDs) should be done in compliance with your business continuity plan, to ensure that a successful compromise of one segment does not automatically lead to a lack of service from a particular type of pathology CMD within the organisation in its entirety.
Point-of-care testing devices used either in primary or secondary care should be isolated into dedicated logical network groups and subnets (zones) containing a mix of anatomical, clinical or molecular pathology device sub-types. These should be supported by appropriate network access control policy.
Egress traffic from these logical groups/subnet (zones) should be governed by appropriate access control policies to ensure only authorised communication is permitted.
An important requirement is to maintain a proper device naming convention to ensure devices are properly identified on the network.
3. Pathology storage and archiving components
Laboratory information management system (LIMS): LIMS is a software-based solution with features that support a modern laboratory's operations and is the main repository for the management of pathology testing requests, orders and results. As such, it is a prime target for would be cyber criminals. LIMS is usually deployed in a client/server architectural model utilising 'thin' and/or 'thick' clients to access the LIMS server.
Segmentation options
System actors that interact with the LIMS consist of:
- order and results middleware
- point-of-care testing middleware
- trust integration engine
- LIMS
- National Messaging Assurance Service (NMAS)
- National Pathology Exchange (NPEx) or equivalent
LIMS architecture
LIMS has been deployed using various architecture models and segmentation options.
- Thick client LIMS – A thick client LIMS is a client/server architecture model. The LIMS software is installed on a client computer which does all the data processing and sends information to a server, which has the primary purpose of data storage. Most changes, upgrades, and other modifications will happen on the client side.
- Thin client LIMS – In a thin client LIMS architecture model, the LIMS software is installed on a server (host) which does all the information processing and can be accessed via a web browser. Any necessary changes, upgrades, and other modifications are handled by the entity hosting the server-side LIMS software.
- Web-based LIMS – A web-based LIMS architecture is a hybrid of the thick and thin client architectures. While much of the client-side work is done through a web browser, the LIMS may also require the support of desktop software installed on the client device
- Web-Enabled LIMS – A web-enabled LIMS architecture is essentially a thick-client architecture with an added web browser component. In this setup, the client-side software has additional functionality that allows users to interface with the software through their device's browser. The primary advantage of a web-enabled LIMS is the end-user can access data both on the client side and the server side of the configuration.
Recommended segmentation pattern
For all the above LIMS architectural models, the system hosting the LIMS software should be placed in a dedicated logical network group and subnet/zone, with appropriate access control policies. This ensures only authorised traffic is permitted to/from the systems hosting the LIMS software.
You can deploy deploy LIMS in various deployment models including locally hosted, externally hosted and recently cloud hosted.
Hosted LIMS
You can choose to deploy the LIMS either locally on-premises (a computer room for example) or in a 3rd party data centre, with associated support model depending on your business and strategic requirements.
Cloud-based LIMS
Recently, cloud-based LIMS is being offered via a software as a service (SaaS) deployment model giving clients a choice between an on-premises or cloud-based deployment.
Access to the cloud-based SaaS LIMS should be via a policy enforcement point or cloud access security broker (CASB) configured to enforce:
- reverse proxy
- data leakage protection
- identity access management via an identity provider (IDP)
- authentication and authorisation
- multi-factor authentication
- IP whitelisting
- anti-malware
- data encryption
At a minimum, we recommend you implement these security controls as part of a cloud-based SaaS LIMS deployment.
The SaaS vendor should undergo rigorous information security scrutiny via a third-party assessment and, therefore, should demonstrate competence in assuring the confidentiality, integrity, availability, privacy and non-repudiation of patients' sensitive data hosted in its cloud environment.
The SaaS vendor should provide evidence of compliance to relevant information security regulations and standards including, but not limited to:
- ISO/IEC 27001/27002
- SOC 2 TYPES I, II & III
- Data Security and Protection Toolkit (DSPT)
- General Data Protection Regulation (GDPR)
Additional security controls
As stated in Network segmentation - An introduction for health and care organisations, whilst network segmentation is a very important tool in network security design, it must be supported by additional security controls to assure the security posture of any organisation’s network.
See guidance on protecting connected medical devices for recommendations on additional security controls. These apply to all categories of pathology diagnostics components.
Last edited: 15 November 2023 4:25 pm