Guest post by Dan Ross, CEO of Promisec.
Healthcare organizations maintain a juggling act of caring not only for their patients’ well being, but also the safety and security of the sensitive information that comes in the front door with every patient, doctor, technician and nurse. Data security issues are top-of-mind for information technology professionals in healthcare today, driven by a trifecta of factors: the large number of endpoint devices in use; a rise in the number and frequency of malicious attacks; and strict privacy laws such as HIPAA and regulations related to the Affordable Care Act.
For healthcare IT professionals, it has never been more important to ensure that endpoint security systems are up-to-date and functioning properly so that every endpoint is constantly secure and meeting compliance.
Take HIPAA regulations, which require that end user devices containing sensitive data cannot also have unapproved software running on them. Knowing exactly what software is installed on hundreds or even thousands of endpoints can be tremendously difficult, especially when there isn’t an easy automated way to track this information. Unapproved software is just the tip of the iceberg. What about approved software that isn’t working properly? For example, antivirus software installed on a PC running in a doctor’s office may be outdated, or completely disabled, without the administrator’s knowledge. This gives attackers an open door from this individual endpoint to gain access to the larger network—and a whole host of private information.
Managing multi-user machines and knowing which users are doing whatis an additional challenge prevalent in healthcare. If there are multiple nurses and doctors using the same station, it is often impossible to pinpoint who may be infracting policy. Many endpoints are widely dispersed and out-of-reach of the IT department and may be running outdated or unlicensed software.
A major challenge across these endpoints is the inability to inventory what licenses are necessary, and which are wasting resources. Additionally, if folders containing sensitive information are left with default settings, they could inadvertently be open and available to the wider network. This is the equivalent of leaving a filing cabinet filled with patient data unlocked in the waiting room.
It is no wonder that there still seems to be regular incidents that show healthcare organizations’ endpoint security stances are lacking. In fact, according to the Ponemon Institute, 94 percent of healthcare organizations had experienced at least one data breach over the past two years. Nearly half of those had dealt with more than five breaches over the same period.
To prevent data breaches, compliance gaps and other would-be security issues, IT needs holistic endpoint visibility—that is, they need to understand the state of security across every individual endpoint in real-time, from a single point of view. This is especially critical in healthcare environments where dispersed, distributed infrastructures create sizable challenges in physical device management and rapid remediation.
One effective approach to managing these endpoints—and their related security postures—in real-time is to use automated tools to frequently scan and remediate endpoints. Instead of costly desk-side visits to manually fix a detected issue, learn what lives on an endpoint or install an agent, agentless technology provides ongoing, scalable access to all endpoints without needing to install any software on the device. As a result, IT can constantly identify and remediate issues such as a missing hot fix or security patch before they turn into something worse.
Endpoint security and management in healthcare environments presents unique challenges, but with the proper tools to enable proactive visibility and protection, plus the tools needed to identify and remediate issues remotely, IT can stay ahead of the curve and have confidence that they, and the patients that depend on them, are protected.
Dan Ross is CEO of Promisec, a provider of actionable endpoint management solutions that works with healthcare organizations to achieve holistic endpoint visibility and control.