Guest post by Dan Ross, CEO of Promisec.
Healthcare organizations maintain a juggling act of caring not only for their patients’ well being, but also the safety and security of the sensitive information that comes in the front door with every patient, doctor, technician and nurse. Data security issues are top-of-mind for information technology professionals in healthcare today, driven by a trifecta of factors: the large number of endpoint devices in use; a rise in the number and frequency of malicious attacks; and strict privacy laws such as HIPAA and regulations related to the Affordable Care Act.
For healthcare IT professionals, it has never been more important to ensure that endpoint security systems are up-to-date and functioning properly so that every endpoint is constantly secure and meeting compliance.
Take HIPAA regulations, which require that end user devices containing sensitive data cannot also have unapproved software running on them. Knowing exactly what software is installed on hundreds or even thousands of endpoints can be tremendously difficult, especially when there isn’t an easy automated way to track this information. Unapproved software is just the tip of the iceberg. What about approved software that isn’t working properly? For example, antivirus software installed on a PC running in a doctor’s office may be outdated, or completely disabled, without the administrator’s knowledge. This gives attackers an open door from this individual endpoint to gain access to the larger network—and a whole host of private information.