Healthcare Information Security

Cybersecurity News

Prioritizing Healthcare Security Yet Still Enabling the User

Healthcare security does not need to be compromised as organizations work to further enable users.

By Bill Kleyman

- Today, your users are the driving forces behind healthcare operations, daily business functions, and patient care initiatives. In the past, healthcare organizations were able to use central terminals, controlled-access endpoints, and even pen and paper to get the job done. This isn’t the case any longer, especially when it comes to healthcare security.

Healthcare security does not need to be compromised while enabling users

A recent Cisco report outlines how the increasing number of wireless devices that are accessing mobile networks worldwide has become one of the primary contributors to global mobile traffic growth. Each year, several new devices in different form factors and increased capabilities and intelligence are being introduced in the market.

By 2018, there will be 8.2 billion handheld or personal mobile-ready devices and 2 billion machine-to-machine connections. For example, medical applications making patient records and health status may be more readily available.

As real-time information monitoring helps companies deploy new video-based security systems, while also helping hospitals and healthcare professionals remotely monitor the progress of their patients, bandwidth-intensive M2M connections are becoming more prevalent.

As the digital proliferation continues, what can healthcare organizations do to better secure their workloads, devices, and the users? Here are five great ways to empower the user, without compromising security.

READ MORE: What Does 2016 Hold for Healthcare Data Security, Storage?

Create Internal Threat Protection

Did you know that insiders represent a growing source of risk for organizations of all sizes and across all industries? Remember, this means both malicious and non-malicious threats as well. New technologies allow you to automatically onboard and off board entire groups of users as needed. Temporary healthcare workers, contractors, and consultants can all be controlled via intelligent policy. Rights can be given for a certain duration of time, and then removed automatically. An email is generated to let IT and HR know that a person has been either added or removed. Tight integration with Active Directory prevents rogue accounts and even rogue access to applications. Furthermore, you can control what users are installing, which services they’re requesting, and even how they’re assigned resources based on role, location, device, and so on.

Create Better IT Controls

Appropriate services can be dynamically accessed or revoked based on a user’s role, function and when the user changes context (location, date/time, access device, USB identifier, WiFi hotspot). For example, if a user goes outside a secure geo-fence (based on WiFi hot spot or IP subnet), sensitive corporate apps and data access can be revoked temporarily. Furthermore, you can scale this into controlling USB ports, email access. For example, when employees or contactors are accessing confidential apps and/or secure data, you can enforce a policy allowing for automated approval processes when needed.

Allow Secure Employee Enablement

READ MORE: OIG: NC Medicaid Eligibility Data Security Measures Must Improve

It’s all about giving your users access to those resources that make them most productive. With that in mind, we’re also incorporating security. By creating good, secure, employee enablement policies,  you only provide access to applications, devices, and services that employees should have access to. This allows associates to easily request any other IT service via a centralized IT management portal, with proper approval oversight for better compliance. This means integrating MDM tools, end-points, and other specific devices to enable the end-user. The amazing part about employee enablement is that you allow your users to request specific services to stay productive. New solutions allow users to access a 24x7 centralized portal to get IT apps and services as well as the ability to register, remote wipe, lock and locate their mobile devices.

Lock Down and Secure End-Points

Have you ever found a 16GB USB stick and wondered what was on it? How many folks reading this actually put it into their machine to find out? Well, this was a tactic used for pen-testing environments. And, the percentage of people who would actually pick up “lost” USB sticks and put them into their workplace machines was staggering. New security solutions allow healthcare organizations to control and lock down applications, web sites, data, printers and IP connections, as well as USB removable storage devices. Moreover, you can lock down USB and storage devices down to the manufacturer and serial number. You can also control read/write and access into these devices across the entire organization. These solutions scale dynamically (and contextually) between users, their devices, and the workloads being accessed.

Centralize Workload Delivery

Your ability to lock down and secure a workload has never been so advanced. Virtualization and intelligent security services allow you to control where an application is stored, how it’s being delivered, and who is accessing the resource. You can geo-fence users, lock down devices, control access points, and even control which piece of hardware an application resides on. Integration with virtualization, networking, and security technologies have come a long way. New solutions are reducing control complexity and allowing administrators to deliver complex workloads to a variety of business users. A great way to enable, and still secure, the user is to give them secure access to applications from any device. All of the security controls are done at the data center level and the user can be continuously productive.

READ MORE: How End-Point Evolution Will Impact Healthcare Data Security

Your organization is advancing very quickly – and so is your competition. Today, your business is directly aligned with the capabilities of IT and how fast it can help your organization evolve. A good healthcare security strategy solidifies user experiences and allows them to access their critical content, while still staying secure. Remember, a good security architecture isn’t there to hinder your business, but rather to empower it. With this in mind, it’s critical to create an environment that allows the users to be productive and secure. 


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks