Healthcare organisations today are uniquely vulnerable to insidious security threats. This is due in part to the extremely high value of their data, but it is also because healthcare has lagged behind in security. For years, healthcare IT administrators have been pushed to adapt to new regulatory schemes and provide new functionality for providers and staff. Security, unfortunately, has received neither the attention nor the funding required to ward off the smartest attackers.
Too many healthcare organisations have chronically underinvested in IT security measures to protect critical systems and data, leaving them far more vulnerable than their peers in other industries. In financial services, security has been a top business and regulatory priority for years. According to an IDC report released in 2015, 50% of healthcare organisations have experienced 1 to 5 cyber-attacks in the past 12 months.
When it comes to security, healthcare is in the middle of a perfect storm. On one hand, access to data distributed across devices and locations is paramount, diverse providers and connected organisations need that data to flow freely in order to do their jobs. While on the other hand, securing sensitive patient records has never been more important or difficult. Electronic protected health information is extremely valuable to hackers and scammers, 10X more valuable than credit card data. Patient health records have much higher value on the black market than credit cards and other financial data, making health providers a prime target for cybercriminals.
Essentials
- Hospital and data centre: The central data storage facility should be fortified with hardened data protection to ensure safety and usefulness of patient data. Enhance control and visibility of network traffic so that the most important hubs of care can operate at full capability.
- Firewall management: CIOs need to protect healthcare locations by deploying a security infrastructure which can provide coherent management of fragmented networks and data streams, complete with logging and analysis. With advance infrastructure, a complex data picture is simplified and visibility is enhanced.
- Medical offices and home workers: Ensure security across distinct offices and home locations with flexible security practices and technologies.
- Mobile users: The unique challenge of embracing BYOD is that it invites an infinite range of device types, user habits, and locales into the IT environment. These devices may connect to the network from either outside the main firewall or from within the network perimeters.
- Threat protection: Reducing the available attack surface of a healthcare organisation can prevent many attackers from obtaining information.
Creating a virtual fence around valuable health IT assets is an effective way to catch activity before attackers can steal sensitive data or compromise patient care systems. Today’s solutions involve looking at network security as an ecosystem. Perimeter-based protection alone are no longer sufficient, since threats can now come internally or from the proliferation of connected medical devices that access the network from within a traditional firewall. An indispensable tactic is to employ internal segmentation firewalls, which can compartmentalise the damage and isolate that threat to keep it from spreading.
With the rapid advance of healthcare applications into Africa, Perry Hutton at Fortinet explains what are the basic elements of security that service providers should invest into while scaling their operations.
Click below to share this article