By Susan Biddle
THE number of opportunities a cyber criminal needs to exploit health-care network vulnerabilities, steal passwords, install malware and ultimately work their way through the entire information-technology (IT) ecosystem is high. Once inside, they could hijack control of medical equipment, gain access to patient data, and much more, ultimately putting patient lives and organizational reputation on the line.
The shift toward deploying and managing a more patient-friendly health-care environment that includes the myriad of devices being accessed by patients and employees can be very challenging, especially when it comes to endpoint security.
Let’s take a closer look at the role endpoint security plays in today’s healthcare environment, and why it needs to be part of the larger network security puzzle.
Supporting the PCC movement
HEALTH-CARE providers of all types are now being required to provide platforms that allow for seamless communication and collaboration between key stakeholders. As a result, information that needs to be securely shared and stored is now flowing at an increasingly rapid rate, and in many different directions, creating a need for security solutions that can support these exchanges.
This move toward patient-centric network services has decentralized the monitoring process and resulted in patients, providers and other stakeholders accessing information that originates from outside the hospital’s physical walls.
The more information accessed and shared outside the hospital setting, the greater the risk of malicious content working its way inside. While some health-care systems are adjusting to these changes by employing endpoint security and robust security solutions, there are still a number of organizations that have left the doors to their data wide open. Endpoint security is critical to keeping the patient and other stakeholders’ data secure.
Securing endpoints
The growing number of connected devices used by employees in the health-care sector is leading to more information sharing. But it’s also placing the endpoint at greater risk than ever before.
It’s very common to see smartphones, tablets and laptops being used inside today’s hospitals, and the data that’s being accessed needs to be secured, from the Internet to the endpoint. This data often contains sensitive medical information that’s being shared between health-care professionals, including medical imaging data, transcriptions, prescriptions and more, and typically needs to be vetted by a number of different individuals (physicians, employers, claims processors, etc.) to determine protocols and procedures.
This need for a collaborative digital workspace to enable internal and external collaboration makes it critical that endpoint security be taken seriously. Without appropriate endpoint security solutions in place, health-care systems will not be able to enhance their existing systems and processes without an overabundance of risk.
Endpoint blueprint
SOLELY deploying security end to end is simply not enough in today’s health-care industry, as it lacks two key components—integration and automation. Endpoint security, today and in the future, needs to be part of a much larger security framework that can work together with other security elements, like threat intelligence.
From inside the network to the cloud, powerful and integrated end-to-end solutions need to protect the attack surface at all points along the kill chain. When different security sensors and tools are able to work together to collect, analyze and coordinate a response to threats, the entire health-care environment will be better protected. Security solutions must be ready and able to deal with the sophisticated threats of today in real time.
Let’s get a conversation going on Twitter. What role do you think endpoint security plays in today’s health-care IT environment and where do you think we are headed in 2017 and beyond?
****
Susan Biddle is the senior director of healthcare of Fortinet Inc. The views she expressed in this contributed article do not necessarily reflect those of the BusinessMirror’s.
1 comment
Attacking IoT devices is simple. Just look at what happened with the Dyn attack. Last October, when the attack happened a security researcher analyzed the code that basically took down the internet (Mirai) and said it was “fairly amateurish.” The code was designed to scan for IoT devices with weak or default passwords, and then take control and launch DDoS attacks using specified methodologies. It worked, obviously!
IoT, like other endpoint devices such as printers, must be secured. It’s going to take a while, but it’s very important as you point out.
–Karen Bannan for IDG and HP