Healthcare Information Security

Cybersecurity News

3 Top Tips for Migrating, Upgrading Healthcare Data Security

Organizations should understand their security architecture and document all policies and procedures before migrating or upgrading their healthcare data security.

Healthcare data security considerations are necessary before data center migration or upgrades.

Source: Thinkstock

By Bill Kleyman

- It goes without saying that the modern healthcare organization absolutely revolves around its own data security capabilities.

How well is PHI data being secured? How well are you pushing out critical updates? How are users accessing your data center both internally and externally? Now comes the big question: what if you have to migrate all of it to a new platform?

Trends around healthcare security aren’t going to slow down. A recent IDC Health Insights Report indicates the following:

Predictions are suggesting that the next three years will be focused on the adoption of disruptive technologies which will enable healthcare digital transformation. The drivers include the rise of computer-based intelligence with the increased adoption of cognitive/AI and robotics. The increased adoption of internet of things (IoT) technology is resulting in the convergence of mobile, social and sensors. The illness burden across the globe is continuing to increase with an aging population, an epidemic of chronic illness and the continued outbreak of infectious diseases will continue to drive healthcare technology innovation and force changes in reimbursement and contribute to shortages of medical and pharmaceutical resources.

This increase of innovation around healthcare brings very real concerns when it comes to securing data. That same report when on to predict that by 2018, there will be a doubling of ransomware attacks on healthcare organizations.

READ MORE: The Role of Risk Assessments in Healthcare

So, what happens when you need to upgrade your firewall? What about other components within your security architecture? How do you move all of this effectively without compromising security?

Now, with cloud computing and distributed data points – security administrators have a new task of controlling a number of data points spanning many sites. Since nothing in technology ever really constant – how do you control and manage a healthcare security migration? What if you have multiple different vendors spanning both virtual and physical appliances? With that in mind – let’s look at three ways where you can make migrating your healthcare security a bit easier.

Create Complete Visibility into Your Healthcare Security Architecture

A security upgrade or migration can be as simple as moving from one model to another – or, as it so happens in many situations, it can be a lot more complicated. For example, some healthcare organizations are tasked with moving from one firewall technology to a completely new one that’s not even in the same data center. Cloud computing has introduced a new kind of complexity around security and firewall change.

The first thing any security administrator must do is gather information, create a visual understanding of the security traffic, and plan around current as well as future needs. Not only is this a great way to create a migration or upgrade plan, you’ll often find holes or misconfigurations along the way.

There are tools that can help you create dynamic maps of your security architecture. This visual as well as technical data will help you architect a more strategic migration plan. The criticality of your security means that all aspects of your security platform must be documented planned when doing a migration

Document Policies, Understand Protocols, Prepare Your Data Center

READ MORE: Utilizing Administrative Safeguards to Prevent Insider Threats

Once you visualize your security architecture, it’s time to look under the hood. Moving or upgrading one piece of your security environment might be easy, but is it ever really just one security appliance? The dynamic nature of the modern data center has created models where multiple security vendors can live under one roof. So how do you create policy migration plans around heterogeneous platforms?

Today, there are aggregation tools that are able to identify and quantify security policies residing on various firewall, network, and security end-points. Administrators can then document these policies, security services, and network algorithms. By having this piece of information, security professionals can implement a parallel migration process allowing them to test and document new process on a new system.

Understand How This Migration or Upgrade Strategy Will Impact the Business

Are you completely clear as to how your applications communicate with various security components? What if you have specific business units relying on specific firewall traffic? How are various data centers being segmented by your security policies?

Migrating a security strategy will have a business-wide impact.

The role of the healthcare security engineer is to ensure that this impact is absolutely minimal.

READ MORE: 5 Tips for Healthcare Data Security Success in 2018

This means directly understanding how your entire business model interacts with security technologies. This piece must be planned out for an effective healthcare security migration project. If any piece of the business is forgotten, technological headaches may become the least of the IT departments concern. The value of today’s business data requires careful planning around applications, business process, and user interaction.

Migrating a security strategy doesn’t have to be hard, but it must be well planned. Your healthcare data center will be processing more data and that data will become a lot more distributed.

One of the biggest recommendations from the security industry is to create proactive visibility into a security architecture. Remember, this could mean multiple data points spanning a number of physical environments. Make sure to leverage the right tools to help you visualize your migration strategy, map out the process, and always focus on how this will impact the overall healthcare organization.

Finally, don’t do this alone. Even during the planning stages, a good security vendor or partner can really guide the way. If anything, this will provide an extra set of eyes to ensure best practices.

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks