The challenges facing healthcare during COVID-19 are more than biological. Healthcare providers are weathering a perfect storm as hackers take advantage of the commotion and ramp up their attack frequency and sophistication.
This isn’t surprising for those familiar with the hacker playbook, as cybercriminals typically go after victims that are the right combination of vulnerable and profitable. And right now, the valuable troves of personal health data held by providers, focused on battling COVID, are especially at risk.
To mount a rapid response, healthcare providers’ IT teams have had to expand their arsenals and make a change that had previously been slow coming. The benefits of embracing the cloud have helped healthcare IT teams rationalize the transition from expensive on-premises infrastructure, and better defend patients’ data.
That said, reliance on the cloud alone doesn’t guarantee data security for healthcare providers, and if it isn’t done carefully, the effort of the cloud transition is hard to justify.
Cloud Closes Gaps to PHI
As world leaders push for action when it comes to protecting healthcare data, there is momentum to adopt cutting-edge technology solutions that allow healthcare organizations to safely move both paper and EHR (Electronic Health Records) to the cloud. Patient health information (PHI) must be not only accessible and shareable, but effectively protected as it bounces between applications, providers, and patients.
The PHI of patients is some of the most complete, saving hackers from having to piece together information from other sources before they’re able to steal an identity. Typically, patients’ healthcare records go for around $1,000 on the dark web, because hackers are able to do much more damage with them, not only compromising financial accounts and credit cards but also using immutable medical records to blackmail patients for life.
More than the impact of data theft on an individual, at the enterprise level a breach may cost the provider tens of millions of dollars. These nerve-inducing numbers have helped healthcare administrators cope with one traditionally large obstacle to cloud adoption: uncaptured ROI from existing infrastructure.
But now, budget-conscious IT executives have begun to pivot their departments around the idea that cloud tools can be used to align with larger business goals, as the cloud is more scalable and economical for bandwidth needs. Instead of building infrastructure that must consider the peak amount of traffic, cloud-based solutions can spin up more power as necessary, and reduce it during downtimes so that providers can avoid paying for unused capacity.
Cloud computing also makes it easier to share medical records, can automate crucial compliance efforts, and enable remote telehealth efforts. However, security is the primary reason that cloud adoption has accelerated. Though data is technically outside the network and exchanging more hands, when it’s on the cloud, it’s typically safer.
One reason is that SaaS services come with dedicated security teams that are continuously focused on plugging holes in the network, monitoring, patching, and preparing for new vulnerabilities. Most healthcare providers don’t want or can’t afford to allocate such resources to the security of their traditional IT infrastructure but, through the adoption of cloud technology, they don’t have to.
Unfortunately, simply replacing all existing infrastructure with cloud solutions isn’t the most efficient way to go about it.
Avoid a Messy Cloud
Tool sprawl is a term used to describe an unmanageably varied stack of different IT products, whether they’re on the cloud or not. This is as much a risk to PHI privacy as outdated legacy systems, because instead of managing hardware, IT is instead configuring multiple solutions to work together and remain compliant, and these efforts aren’t always successful.
Configuration management is a risk when too many cloud tools enter the picture because a misaligned setting on one service might create an easy entryway into the network. Additionally, too many solutions proliferate another issue called alert fatigue, in which many tools designed to increase network visibility actually reduce it, because they overwhelm security professionals with a swarm of alerts that are hard to distinguish between or prioritize.
Instead of hiring security professionals to operate redundant products and alerts that have no meaning, it’s necessary for CIOs and CISOs to take inventory and plan for an intelligent cloud transition:
1. Take Inventory of Cybersecurity Tools: Your organization must carefully count and understand the purpose of the various tools it has implemented. This will help your team to understand which are unnecessary and which are valuable.
2. Integrate and Consolidate: Before adding another cloud tool or a cybersecurity vendor to the mix, ensure that it doesn’t also add extra steps or “noise” to crucial business flows. The only time an additional deployment is recommended is if it fits seamlessly into existing tools and makes orchestration easier, not harder.
3. Centralize Your Cybersecurity: A top tip is to find single vendors that offer as many vital tools as possible within one management panel. These solutions are easier for IT to operate, reduce costs and alert fatigue, and represent the glue of a strong data ecosystem.
In recent years, new cybersecurity models have emerged that are purpose-built to address these ideas, including SASE, or Secure Access Service Edge. A term invented by research firm Gartner in late 2019, SASE is a cloud-based network security product that integrates with the local and SaaS resources used in healthcare. From a single admin panel, a hospital’s IT team can deploy security tools on the network, segment custom access on the network following Zero Trust, least-privilege principles, and gain visibility with monitoring and alerts that are easier to orchestrate.
There’s A Right Way to Embrace the Cloud
Presently, a cloud ecosystem that has been properly built can bring healthcare networks and data security into the 21st century. In the near future, cloud ubiquity in the healthcare sector will change the status quo by reinforcing trust between patients and practices, and show healthcare IT teams that adding the latest tools doesn’t complicate the security of PHI, but simplifies and reinforces it.
The most important reason to embrace the cloud is that the nature of cybersecurity is that threats are always evolving. The flexibility of cloud systems and cloud-based security tools such as SASE make them easier to pivot and brace against new attacks. However, only if the approach is carefully reinforced by a deliberately-chosen handful of integrated tools will healthcare providers make themselves a smaller target.
About Amit Bareket
Amit Bareket is the Founder and CEO of Perimeter 81, a provider of Secure Access Service Edge (SASE) solution. Amit is a cybersecurity expert with extensive experience in system architecture and software development. He is the author of 7 patents issued by the USPTO for storage, mobile applications, and user interface. Prior to Perimeter 81, Amit worked as a Software Engineer for major enterprises including IBM XIV Storage and BigBand Networks. He served in the Israel Defense Force’s elite cyber intelligence unit (Unit 81) and graduated Cum Laude with a B.Sc. in Computer Science and Economics from Tel Aviv University.