Healthcare Information Security

Cybersecurity News

3 Tips to Ensure Healthcare Data Security in Evolving Environment

Good monitoring, properly managed technologies, and assessments are all key to organizations keeping their healthcare data security strong.

healthcare data security strategy requires risk assessment

Source: Thinkstock

By Bill Kleyman

- There’s so much happening with new types of advanced security technologies. Healthcare data security teams must analyze solutions around on premise as well as cloud options.

Furthermore, the granularity of security makes it a challenge to keep up. There are options around user management, data segmentation, granular network visibility, data loss prevention, and much more.

Here’s the other reality: the evolution of security technologies won’t stop. And, healthcare organizations must invest in intelligent security solutions to stay ahead. We read about security challenges and breaches on a seemingly weekly basis.

With that in mind, investing in good security practices and solutions is the best way to stay proactive. To that extent, healthcare is already a leading buyer around security solutions.

IDC’s Security Spending guide forecasts worldwide revenues for security-related hardware, software, and services will reach $81.7 billion in 2017, an increase of 8.2 percent over 2016. Global spending on security solutions is expected to accelerate slightly over the next several years, achieving a compound annual growth rate (CAGR) of 8.7 percent through 2020 when revenues will be nearly $105 billion.

READ MORE: What Are Critical Considerations in Risk Management?

"The rapid growth of digital transformation is putting pressures on companies across all industries to proactively invest in security to protect themselves against known and unknown threats," said Eileen Smith, program director, Customer Insights and Analysis. "On a global basis, the banking, discrete manufacturing, and federal/central government industries will spend the most on security hardware, software, and services throughout the 2015-2020 forecast. Combined, these three industries will deliver more than 30 percent of the worldwide total in 2017."

Their study indicated that following telecommunications, the industries with the next fastest five-year CAGRs are state/local government (10.2 percent), healthcare (9.8 percent), utilities (9.7 percent), and banking (9.5 percent).

With all of this growth in the security field, lets pause for a moment and look under the hood to understand what healthcare organizations are doing to better manage their environments.

In my experience with healthcare data security, I can easily say that there is no silver bullet; no one solution to solve all of your challenges. However, there are great best practices and approaches to security to help you create a more proactive environment. With that in mind, consider the following tips to keep up with security.  

How good is your current management, visibility, and monitoring platform?

When it comes to overall healthcare security strategies, a good monitoring and management environment is absolutely critical. New solutions allow you to unify management frameworks to understand what’s happening at almost all levels of your data center. This helps converge security logs, traffic information, and data movement into one management architecture.

READ MORE: Data Security Considerations in Healthcare Interoperability

When it comes to your own network, how do you know if there is anomalous traffic hitting an application? Or, what if a certain network segment is experiencing a network traffic flood? Can you detect rogue devices or access points? Can you lock down any segment of your infrastructure from one console? What about deploying policies to different types of security devices?

Here’s the thing: security monitoring has become an interactive (and proactive) process, which is much more detailed and granular than ever before. You need to remember a very critical point here: Healthcare security isn’t just at the edge; it also revolves around network policy control, mobility management, remote user security, and data integrity.

A good healthcare management and monitoring system goes far beyond just showing you numbers and metrics. It shows you data correlation and allows you to make intelligent decisions around the evolution of your security platform.

You will have multiple security technologies in your healthcare environment. How well can you manage them all?

As I said earlier, there is no silver bullet here. Rather, leading healthcare organizations will leverage best-of-breed security systems to support their own use-cases. With that in mind, your edge device is a Palo Alto NGFW, you have Citrix XenMobile as your mobility management control system, you monitor internal applications and traffic with a Cisco ASA leveraging their advanced malware protection (AMP) engine.

So, how are you keeping an eye on these systems? Most of all, how do you deploy policies across different devices? What if they’re in different locations?

READ MORE: How Data Encryption Benefits Data Security

A good healthcare security model must be able to aggregate these services and allow you deploy security policies across a number of different platforms. Even more so is the ability to allow these policies to scale between data centers and the cloud. 

Protect your data at all times; assess your ecosystem and test

No one wants to experience a data breach. If you’re in the healthcare world, it goes without saying that your data is absolutely critical. This is why we’re actually seeing more data loss prevention and protection solutions.

Encrypting your information when it spans data centers and the cloud is also very important. However, one great way to keep your healthcare data secure is by continuously testing your system.

Partners can help conduct pen tests and help you understand where there are holes in the network. Vulnerability assessments help you stay one step ahead of the bad guys. Remember to segment your networks and make sure that administrative policies are in place. Assessments, good policy controls, and constant testing will allow you evolve quickly; and escape security complacency.

As you continue to design and evolve your own security strategy, it’s critical to keep an eye on the shift that’s happening in the security industry.

According to Gartner, a significant portion of organizations are shifting existing resources away from the operational aspects of security technologies, such as security device administration and monitoring, toward mitigation and incident response. This new dynamic has given rise to significant growth throughout the globe for managed security services.

Here’s the big takeaway: By 2018, more than half of organizations will use security services firms that specialize in data protection, security risk management, and security infrastructure management to enhance their security postures.

This defines a new kind of agile security strategy. One that looks at your healthcare environment much more proactively and secures the most critical aspects first. One of those being data.

Security breaches are aimed at taking valuable pieces of information. This is why healthcare data security must be approached from a truly holistic perspective. This means looking at a variety of security systems within your organization. Firewalls, edge devices, DLP/IPS/IDS services, policy management, mobility control, and other security services are no longer isolated security parameters within your organization. Rather, they must all be managed and monitored to create a truly proactive security system.

Healthcare security administrators must always be on alert when it comes to their security strategy. Work with good security partners to help find holes or weaknesses in your environment. It takes just one spreadsheet on a poorly secured machine to cause some serious healthcare data breach issues.

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks