Business & Technology

Security That Restores Patients as Priority

By Susan Biddle | December 22, 2017

The healthcare space is undergoing drastic changes in terms of operations and patient communication as a result of digital transformation initiatives and the patient-centric care movement.

Healthcare providers are implementing new technology to improve patient care and outcomes. Such innovation has simplified physician-patient communication through applications and wearable devices, as well as physician collaboration through electronic health records and cloud analytics. Now, patients are able to talk to doctors and get medical care without physically going to medical facilities, and doctors are able to perform research leveraging newly available computing power.

These advancements in healthcare have opened up immense opportunities for medical communities. However, they have also opened up opportunities for cybercriminals. Greater technology use means increased attack vectors for cybercriminals to target as a means to steal confidential data, with 90 percent of healthcare providers having been victims of at least one data breach in the last two years.  

CISO Panel Recap

To continue to develop new services designed to improve care, without sacrificing data security, healthcare providers have to carefully establish cybersecurity protocols and select security solutions that provide defense in-depth without hindering IT functionality.

This was the subject of our recent CISO panel webinar, "Security That Restores Patients as Priority." In this webinar, Fortinet CISO Phil Quade spoke with Hussein Syed, CISO at RWJBarnabas Health, and Erik Devine, CISO at Riverside Healthcare, about how they are addressing some of the most pressing IT challenges facing healthcare while enabling technical innovation.

Here are some of the top healthcare IT challenges highlighted by our CISO panelists.

  • Speed
    Today, consumers, administrators, and physicians alike demand speed. People have become accustomed to having information rapidly available at their fingertips. Despite being necessary, security can often be seen as an inhibitor to speed, and particularly cumbersome security measures might have employees circumventing protocols altogether to get to information faster. In healthcare, where time can be a matter of life and death, it is crucial that security not slow operations down.
  • Ransomware
    Following the WannaCry ransomware attack that hit the NHS in the UK, protecting against ransomware has been a top priority for healthcare providers. Ransomware is a type of malware that encrypts a user’s or network’s data, and does not return it until a certain amount of money has been paid. Hijacked and encrypted electronic healthcare records can have a catastrophic effect on medical facilities as they attempt to treat patients without a full medical history on hand. Moreover, once data is returned, it can be difficult to validate that none of the records have been tampered with.
    As ransomware continues to target healthcare providers, healthcare security teams are adopting security controls to prevent and prepare for ransomware attacks, including redundant systems, offsite data backup, network segmentation, and effective security systems combined with real-time threat intelligence.
  • Geographical Distribution
    Healthcare does not happen in a single space. Rather, it happens in labs and clinics and medical practices, sometimes located all over the world. As healthcare providers aim to secure the expanding borders of healthcare, they must implement access management systems that can restrict access to sensitive information based on location, user privileges, and roles.
    Fewer people with access to data means fewer data breaches. As such, only necessary employees should be able to access confidential information.
  • Agile Segmentation
    As healthcare organizations embrace more technology, they often look to cloud adoption as a way to enhance resource sharing, maximize efficiency, and reduce spending. As network traffic shifts from traveling north-south to east-west across the distributed network, internal segmentation is critical to mitigating risks brought on by things like cloud adoption, virtualization, and mobility. As a result, agile segmentation is quickly gaining traction as a critical option in the healthcare space to drive security deep into the network infrastructure to provide protections across business units, applications, and east-west traffic.

Each of these healthcare technology trends improves the ability of healthcare professionals to provide high-quality care for patients, yet they also affect how IT professionals must approach cybersecurity. Thus, as medicine evolves to include greater digitization, security strategies and protocol must evolve alongside it to ensure strong functionality combined with defense in-depth.

Final Thoughts

High-quality patient care cannot be sacrificed for cybersecurity. Or vice versa. However, making security a secondary consideration can lead to major consequences for organizations and individuals in the event of a data breach or other security compromise.

You can still hear from our healthcare CISO panel to get expanded information on these and other cyber challenges, as well as guidance on mitigating threats in these today’s sophisticated digital environments. To learn how healthcare providers are leveraging technology for digital transformation and the patient-centric care movement while incorporating fast and effective security, watch the webinar on demand.

Read more about Fortinet solutions for healthcare.