- Security in the healthcare world continues to be a very interesting topic. We’re seeing growing concerns around data, virtual systems, and much more adoption around cloud services. At the healthcare level, new types of services are impacting patient care and how we deliver critical systems.
But here’s the big question: is healthcare IT infrastructure security strong enough?
With so much new data being created every second, advanced persistent threats (APTs), as well as new threat vectors, have forced a new way of thinking around healthcare security practices.
New technologies are becoming available with better security intelligence, predictive and proactive capabilities, and cross-cloud API security integration.
These new security platforms are designed to make your networks smarter, your data center more secure, and your cloud a lot more agile.
According to the 2015 Accenture Technology Vision Report, 81 percent of executives believe that industry boundaries will dramatically blur as platforms reshape industries into interconnected ecosystems. This means it’s critical for healthcare organizations to align with new security trends, better network designs, and the cloud.
Before we dive in, let’s ask one simple question: What’s your data worth?
According to Cisco, the current market around cybercrime actually ranges between $450 billion and $1 trillion per year. Further estimates expect this number to increase. So how much is your data actually worth? Consider this:
- Social Security Number: $1
- DDoS as a Service: About $7/hour
- Medical Records: >$50
- Credit Card Data: $0.25 - $60
- Bank Account Info: >$1000 (Depending on the type of account and balance)
- Mobile Malware: $150
- Malware Development: $2500 (commercial malware)
- Spam: $50 for about 500k emails (depending on number of emails and destination)
- Custom Exploits: $100k - $300k
- Facebook Account: $1 for an account with at least 15 friends
These numbers give us a perspective of how much hackers can make off of your data. But what does it actually cost a business to experience a data breach or loss of vital information?
New findings from Juniper Research suggest that the rapid digitization of consumers' lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015.
Furthermore, the average cost of a data breach in 2020 will exceed $150 million, as more business infrastructure gets connected.
The Two Layers of Healthcare IT Infrastructure Security: Physical and Logical
Let’s start with physical healthcare data center security.
If you want to avoid someone walking off with a backup tape, a laptop, or an entire server, you’ll absolutely have to evaluate your physical security practices. For healthcare organizations looking for truly secure facilities, consider the following:
Employ data center security staff
Having an in-house (or properly sourced) security team ensures that those employees have the healthcare data center’s security needs in mind. Armed guards (if needed) and a full security staff should be a consideration in the data center security design process.
Multi-factor identification and authorization
Ensuring the safety of millions of dollars’ worth of equipment should require ID checks, biometrics, and other forms of identification measures. Carefully assess who has access to your critical healthcare environment and where they can get in.
Layered security zones
Layered security zones ensure that there is redundancy in the security policy as well. Entry points, floors, and access to customer cages all represent layers of security. Some data centers have gone so far as to build a building within a building for maximum security.
Camera and security systems monitor the 360-degree healthcare IT infrastructure layout
Truly secure environments will fully prohibit any public access. Furthermore, environments which are hosting critical data points must be secured 24x7x365. In your design considerations, look for advanced security measures including state-of-the-art camera systems, bollards, fencing (for external systems as needed), and security all the way from the roof to the parking lots.
Advanced security certifications
Some data centers are taking the next step in securing their infrastructure by obtaining advanced certification and audit metrics. Cloud providers, for example, are providing services for government, educational, and even healthcare workloads – all compliant and secure.
Now, let’s look at the logical layer. This is all of your data, your VMs, your desktops, and your applications. Your heavily virtualized healthcare ecosystem must be secured at several layers to ensure complete IT infrastructure security. Consider the following:
Traditional unified threat management (UTM) appliances certainly have their purposes. However, next-gen security technologies, including firewalls and virtual services, take security to a new level. These are contextual security engines which deeply inspect user and network traffic. Look for these systems to run internally, at the edge, and when integrating with critical data repositories.
VM and cloud-level security
With heavily virtualized and now cloud-ready environments, security must be able to adapt. New security systems integrate directly into the virtualization layer to provide even greater levels of visibility into VM traffic. Furthermore, integration with cloud allows healthcare shops to truly span their environments. When creating these kinds of environments, look for security solutions that can support on premise and cloud requirements.
Network segmentation and intelligence
The network layer is one of the most critical points within a healthcare IT infrastructure. Deeper interrogation capabilities now allow administrators to control the network traffic flow even better. This means locking down traffic, isolating users, and ensuring that compliance workloads stay secure.
With virtualization comes more data agility and compliance concerns. Your logical environment can now include the cloud. In working with cloud and security solutions, ensure that you can enforce your policies and that your cloud/security partner can align with your healthcare IT security strategy.
Involving the user and mobility
As the end-user utilizes more devices and IT services, it’s critical to secure the data and the information they are consuming. In this manner, don’t focus as much on the device. Of course, you want to make sure these devices remain compliant and secure, but make sure you keep an eye on the apps and data being delivered. You can apply very granular device and usage policies to maintain good security practices.
Testing, management, and visibility
Please remember that healthcare IT infrastructure security is an on-going process. It’s important to create plans, runbooks, documentation, and good practices around your security strategy. This means incorporating good security management technologies, proper levels of visibility, and constant testing.
Healthcare IT infrastructure security is an ongoing, constantly evolving process. IT teams must be aware of new types of threats aimed at both their physical and logical environments.
As the value of data continues to increase, there will be more threats against data points and healthcare locations. Always work to evolve your healthcare IT security strategy to better support your services and your users. Most of all, a good security strategy will actually bring even more value to the healthcare services you already provide.