Business & Technology

Getting a Firsthand Understanding of Healthcare Cybersecurity Challenges

By Susan Biddle | November 02, 2017

Fortinet recently hosted nine information security and healthcare IT leaders at its Healthcare Advisory Board Meeting in Miami. Over the course of the two-day event, leaders from Fortinet met and collaborated with these members of the healthcare information security community to get a full understanding of the cybersecurity challenges they face every day on the frontlines of protecting critical patient information and proprietary medical research.

This is an exciting and challenging time in the healthcare technology industry. Technical innovations such as EHRs and wearable devices are improving patient care, while simultaneously making patients more susceptible to cyberattacks. The goal of the advisory board event was to give IT leaders the chance to speak candidly in a variety of settings about how to improve patient care without compromising security.

Discussions at the meeting focused on understanding where there are industry gaps, how to protect critical patient information, security issues the industry is facing, building a security-aware organization, and more. All of the presentations and conversations at the advisory board culminated in a “collision of the minds” to discuss how we can work together with healthcare leaders to solve complex security challenges.

Key Conversations at the Healthcare Advisory Board

While this event was full of networking opportunities, roundtable discussions, and presentations, we have highlighted three conversations that focused on different challenges facing the healthcare industry, and which provided key insights into where healthcare cybersecurity has to evolve moving forward.

Medical IoT and Device Security

One theme that continued to come up over the course of the event was medical IoT and device security. There are many new wearable and connected medical devices on the healthcare market today that make it easier to provide patient-centric care. However, many of these devices were not designed with security in mind and often lack even basic security functions. This presents a huge challenge to healthcare IT leaders as they have to ensure these devices are all patched, or more difficult, all recalled if a vulnerability is discovered. If one insecure, infected device connects to the network, it can result in the entire network being compromised.

To this end, discussions around medical device security were closely aligned with conversations around network segmentation. As healthcare providers struggle to defend – and defend against - against these insecure devices, internal segmentation offers a solution by dynamically isolating data behind firewalls within the network based on specific security protocols. This ensures that a compromised device is never able to infect the entirety of the healthcare network.

Security and Compliance

Healthcare is a highly regulated field and has the unique challenge of not only having to secure patients’ personal information, but also comply with rules imposed by multiple regulating bodies. As new regulations take shape, Fortinet discussed its strategies to ensure our own ability to meet compliance with each regulation by their respective deadlines, and  to share best practices for compliance with our healthcare partners. These strategies include:

  • Establishing reporting metrics to measure and track security improvement
  • Leverage automation to perform routine security tasks, allowing teams to focus on new security challenges
  • Implementing layered defenses to counter a range of threat vectors

With these and other tactics in mind, Fortinet aims to meet compliance with the EU’s General Data Protection Regulations, ISO 27001/27002, and review supply chain risk management according to NIST 800-161.

Automated Intelligence

Cybersecurity automation is at the forefront of every IT professional’s mind. As automation develops it gives healthcare security professionals the ability to keep pace with the growing onslaught of malware attacks that are specifically targeting the health sector.  

During this roundtable, Fortinet leaders and our healthcare advisory board members discussed the differences between deep learning and machine learning, developments being made in automated intelligence, and what this means for healthcare’s fight against malware. At FortiGuard Labs, we are using automated intelligence to improve the quality of security alerts and the information we can provide about them to inform IT managers not just of what is happening in their network, but also who the threat actors are.

Final Thoughts

As we continue to develop and hone our security solutions, we are constantly looking for opportunities to get input and to collaborate with leaders in the industries we serve. Meeting with our healthcare advisory board allows us to better understand the challenges they face on a daily basis so we can fine-tune our focus to better meet those needs. Ultimately, our goal is to work together to develop enhanced industry relevancy and more granular servicing of healthcare data security needs in order to help them deliver positive business outcomes combined with the best possible care.

Read more about how Fortinet can help secure healthcare organizations.

Let’s get a conversation going on Twitter! How you are protecting your healthcare network?