Sample network segmentation pattern

Below is a recommended virtual local area network (VLAN) configuration for you to adopt when segmenting pathology devices on your clinical network:

Order and request VLAN- This VLAN will host all applications and system components used to facilitate the request and ordering of pathology tests for patients and the distribution of test results.

Patient administration services (PAS) VLAN – The VLAN will host PAS systems or equivalent.

Hospital information system (HIS) VLAN – This VLAN could host the HIS and/or PAS as determined by your trust's subject matter expert.

Laboratory information management system (LIMS) VLAN – This VLAN is a logical grouping of LIMS components (application, middleware, server) connected to your clinical network.

Integration VLAN - This VLAN will be dedicated to hosting your the integration engine components.

Point of care testing 1 (POCT1) VLAN – This VLAN will be dedicated to all POCT devices that connect to your organisation’s clinical network to communicate sensitive patient information acquired via testing using POC devices.

POCT2 VLAN - Another VLAN comprising additional POCT devices to ensure continuity of service in the event of a negative cyber event.

Analyser1 VLAN – This VLAN will host only pathology analysers connected to your clinical network (for example, in a laboratory or secondary care location).

Analyser2 VLAN – Another VLAN comprising additional pathology analyser devices to ensure continuity of service in the event of a negative cyber event. 

Below is an example of VLAN configuration of pathology diagnostic connected medical devices on a clinical network for a medium to large sized health and care organisation.

Table 6: Sample VLAN configuration for pathology connected medical devices.