Recent high-profile attacks globally on healthcare organizations ranging from large hospitals to major insurance providers have highlighted the need for security that goes far beyond merely compliance with relevant regulations. Unfortunately, too many healthcare organizations have chronically underinvested in IT security measures to protect critical systems and data, leaving them far more vulnerable than their peers in other industries such as financial service where security has been a top business and regulatory priority for years. According to an IDC report released in 2015, 50 percent of healthcare organisations have experienced 1 to 5 cyber-attacks in the past 12 months.
“When it comes to security, healthcare is in the middle of a perfect storm. On the one hand, access to data distributed across devices and locations is paramount – diverse providers and connected organisations need that data to flow freely in order to do their jobs. While on the other hand, securing sensitive patient records has never been more important or difficult, since electronic protected health information (ePHI) is extremely valuable to hackers and scammers – 10 times more valuable than credit card data,” said Rajesh Maurya, Regional Director, SAARC at Fortinet.
Patient health records have much higher value on the black market than credit cards and other financial data, making health providers a prime target for cybercriminals. The solution is for healthcare providers to adopt end-to-end security measures that allow them to embrace new technologies and ways of working while also protecting their most valuable asset: information.
Maurya advocates holistic security approaches that can ensure security across diverse IT environments that include:
Main hospital and data centre
The central data storage facility should be fortified with hardened data protection to ensure the safety and usefulness of patient data. Enhance control and visibility of network traffic for centralized staff and providers so that the most important hubs of care can operate at their full capability.
Next-generation firewall management
CIOs need to protect distributed multiple healthcare locations by deploying a security infrastructure which can provide coherent management of fragmented networks and data streams, complete with logging, analysis, and reporting functionalities. With such advance infrastructure, a complex data picture is simplified, visibility is enhanced, and all of its moving parts are protected.
Distributed medical offices and home workers
Ensure security across distinct offices and home locations with flexible security practices and technologies.
BYOD mobile users
The unique challenge of embracing BYOD is that it invites an essentially infinite range of device types, user habits, and locales into the IT environment. These devices may connect to the network from either outside the main firewall or from within the network perimeters, requires technologies that allow for rapid scaling, policy enforcement, and simplification.
Advanced threat protection
Reducing the available attack surface of a healthcare organisation can prevent many attackers from obtaining information. Ensure that advanced threat protection tools cover user authentication, VPN, SSL inspection, application controls, antivirus, and other factors. CIOs need sandboxing technology that can expose previously unknown malicious threats and examine them within a secured environment, hence provide the intelligence and protection necessary to secure the healthcare environment from escalating cyber threats.
“Fortinet is well positioned to meet the varied and critical security needs of healthcare organizations worldwide. With solutions that offer industry-leading security effectiveness, scale to any size and deliver third-party validated, unmatched performance, Fortinet network security appliances ensure that healthcare institutions never have to choose between performance and security,” says Maurya.