By Perry Price, CEO and president, Revation Systems.
Amid the latest security breaches at well-known companies like Facebook and Marriott, cybersecurity has never been at the forefront of conversation more than it is today. No other industry knows the dangers of information vulnerability better than the healthcare sector, where confidential patient data is stored and shared across often obsolete systems on a regular basis. Although advancements in technology are allowing hospitals and clinics to digitally transform their networks, maintaining a high degree of security continues to be a challenge, which is why it’s important for organizations to carefully evaluate their current processes and decide which networking models to implement for the future.
Why legacy-oriented architectures can’t defend against cyberattacks
Today, many medical providers have networks built on legacy-oriented architectures that run a broad range of enterprise applications. While legacy EHR systems have performed positively in protecting patient records, legacy networks have not historically protected patient information flowing across a variety of applications used by staff and providers.
Legacy networks, which primarily offer only border protection, do not adequately protect the enterprise applications and data existing outside of a medical records system. This type of environment is vulnerable to cyber hacks. Think back to the numerous cyberattacks on credit card information in the last few years, including Equifax’s data loss. As internal applications are not protected to the same extent as EMRs, networks built on legacy technologies are not designed to defend against users on cloud applications or internal vendors, patients and customers/business partners that may occasionally gain access.
The rise in zero-trust, session-based networking
In today’s digital landscape, modern healthcare networks must utilize zero-trust models to truly secure sensitive data. Session-based networking models are designed to use an exclusive two-way exchange of information between two specific endpoints. This type of model is context-aware and scalable across network boundaries, making the design more secure than overlay networks of the past. In addition, zero-trust networks are rooted in the principle of “never trust, always verify,” and work to treat internal and external access the same. They are designed to address lateral threat movement within the network by managing access enforcement based on user, data and location. But even as modern healthcare networks adopt these new models for enhanced security, challenges still remain.
Challenge #1: Packet-level authentication
A common challenge for legacy-oriented architectures is ensuring that all data within the network is automatically encrypted. Zero-trust models, on the other hand, require authentication for every packet in a provider’s network. These models have a unique ability to thwart malicious intents directly from the network layer. This next-generation feature secures networking while simultaneously increasing performance by using standard compute utility infrastructure (no different than servers) to replace proprietary and legacy networking devices.
Challenge #2: Maintenance and updates
Updating modern networks requires continuous work, and the healthcare industry is struggling to maintain network access rights. As IoT-connected devices continue to permeate the industry, it is becoming necessary to secure these new access points on a daily basis. In fact, by 2020, 40 percent of IoT technology will be health-related, making up a $117 billion market. As modern waiting rooms are flooded with patients opting to kill time on their mobile devices rather than flipping through magazines, sensitive information is increasingly at risk of being accessed on these networks.
Challenge #3: The cultural mindset within organizations
The implementation of a modern network model impacts the entire healthcare organization. Since deploying network security can involve team members from all levels within the organization, it is crucial that all members are educated and aware of security and policy advancements. Unfortunately, according to an AT&T Cyber Security Insights report, roughly 78 percent of all employees fail to comply with their organization’s security policies and procedures. Creating a sense of personal responsibility and motivation to adhere to security policies within an organization can make all the difference in the fight to protect confidential data. Moreover, since zero-trust networks require cloud-based infrastructures, selecting the right partnership with a secure vendor can prove difficult.
While cutting-edge technology presents an array of opportunity for the healthcare industry, which has infamously been slow to adopt system changes, it also poses unique challenges for network security that healthcare organizations will need to work to surpass in the coming years.