Healthcare Information Security

Cybersecurity News

Creating Strong Healthcare IT Infrastructure Security

Organizations must ensure that they maintain strong healthcare IT infrastructure security, especially as they adopt and implement new technologies and devices.

By Bill Kleyman

- Security in the healthcare world continues to be a very interesting topic. We’re seeing growing concerns around data, virtual systems, and much more adoption around cloud services. At the healthcare level, new types of services are impacting patient care and how we deliver critical systems.

Healthcare IT infrastructure security must keep pace with changing technology

But here’s the big question: is healthcare IT infrastructure security strong enough?

With so much new data being created every second, advanced persistent threats (APTs), as well as new threat vectors, have forced a new way of thinking around healthcare security practices.

New technologies are becoming available with better security intelligence, predictive and proactive capabilities, and cross-cloud API security integration.

These new security platforms are designed to make your networks smarter, your data center more secure, and your cloud a lot more agile.

READ MORE: What Should Entities Expect for Healthcare Security in 2017?

According to the 2015 Accenture Technology Vision Report, 81 percent of executives believe that industry boundaries will dramatically blur as platforms reshape industries into interconnected ecosystems. This means it’s critical for healthcare organizations to align with new security trends, better network designs, and the cloud.

Before we dive in, let’s ask one simple question: What’s your data worth?

According to Cisco, the current market around cybercrime actually ranges between $450 billion and $1 trillion per year. Further estimates expect this number to increase. So how much is your data actually worth? Consider this:

  • Social Security Number: $1
  • DDoS as a Service: About $7/hour
  • Medical Records: >$50
  • Credit Card Data: $0.25 - $60
  • Bank Account Info: >$1000 (Depending on the type of account and balance)
  • Mobile Malware: $150
  • Malware Development: $2500 (commercial malware)
  • Spam: $50 for about 500k emails (depending on number of emails and destination)
  • Custom Exploits: $100k - $300k
  • Facebook Account: $1 for an account with at least 15 friends

These numbers give us a perspective of how much hackers can make off of your data. But what does it actually cost a business to experience a data breach or loss of vital information?

New findings from Juniper Research suggest that the rapid digitization of consumers' lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015.

READ MORE: What Does 2016 Hold for Healthcare Data Security, Storage?

Furthermore, the average cost of a data breach in 2020 will exceed $150 million, as more business infrastructure gets connected.

The Two Layers of Healthcare IT Infrastructure Security: Physical and Logical

Let’s start with physical healthcare data center security.

If you want to avoid someone walking off with a backup tape, a laptop, or an entire server, you’ll absolutely have to evaluate your physical security practices. For healthcare organizations looking for truly secure facilities, consider the following:

Employ data center security staff

READ MORE: Homeland Security Issues Ransomware Alert for Networked Systems

Having an in-house (or properly sourced) security team ensures that those employees have the healthcare data center’s security needs in mind. Armed guards (if needed) and a full security staff should be a consideration in the data center security design process.

Multi-factor identification and authorization

Ensuring the safety of millions of dollars’ worth of equipment should require ID checks, biometrics, and other forms of identification measures. Carefully assess who has access to your critical healthcare environment and where they can get in.

Layered security zones

Layered security zones ensure that there is redundancy in the security policy as well. Entry points, floors, and access to customer cages all represent layers of security. Some data centers have gone so far as to build a building within a building for maximum security.

Camera and security systems monitor the 360-degree healthcare IT infrastructure layout

Truly secure environments will fully prohibit any public access. Furthermore, environments which are hosting critical data points must be secured 24x7x365. In your design considerations, look for advanced security measures including state-of-the-art camera systems, bollards, fencing (for external systems as needed), and security all the way from the roof to the parking lots.

Advanced security certifications

Some data centers are taking the next step in securing their infrastructure by obtaining advanced certification and audit metrics. Cloud providers, for example, are providing services for government, educational, and even healthcare workloads – all compliant and secure.

Now, let’s look at the logical layer. This is all of your data, your VMs, your desktops, and your applications. Your heavily virtualized healthcare ecosystem must be secured at several layers to ensure complete IT infrastructure security. Consider the following:

Next-generation security

Traditional unified threat management (UTM) appliances certainly have their purposes. However, next-gen security technologies, including firewalls and virtual services, take security to a new level. These are contextual security engines which deeply inspect user and network traffic. Look for these systems to run internally, at the edge, and when integrating with critical data repositories.

VM and cloud-level security

With heavily virtualized and now cloud-ready environments, security must be able to adapt. New security systems integrate directly into the virtualization layer to provide even greater levels of visibility into VM traffic. Furthermore, integration with cloud allows healthcare shops to truly span their environments. When creating these kinds of environments, look for security solutions that can support on premise and cloud requirements.

Network segmentation and intelligence

The network layer is one of the most critical points within a healthcare IT infrastructure. Deeper interrogation capabilities now allow administrators to control the network traffic flow even better. This means locking down traffic, isolating users, and ensuring that compliance workloads stay secure.

Ensuring compliance

With virtualization comes more data agility and compliance concerns. Your logical environment can now include the cloud. In working with cloud and security solutions, ensure that you can enforce your policies and that your cloud/security partner can align with your healthcare IT security strategy.

Involving the user and mobility

As the end-user utilizes more devices and IT services, it’s critical to secure the data and the information they are consuming. In this manner, don’t focus as much on the device. Of course, you want to make sure these devices remain compliant and secure, but make sure you keep an eye on the apps and data being delivered. You can apply very granular device and usage policies to maintain good security practices.

Testing, management, and visibility

Please remember that healthcare IT infrastructure security is an on-going process. It’s important to create plans, runbooks, documentation, and good practices around your security strategy. This means incorporating good security management technologies, proper levels of visibility, and constant testing.

Healthcare IT infrastructure security is an ongoing, constantly evolving process. IT teams must be aware of new types of threats aimed at both their physical and logical environments.

As the value of data continues to increase, there will be more threats against data points and healthcare locations. Always work to evolve your healthcare IT security strategy to better support your services and your users. Most of all, a good security strategy will actually bring even more value to the healthcare services you already provide. 

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks