- We can spend the entirety of this article discussing all of the breaches, security holes, and data loss that happened within healthcare this year alone. There are plenty of examples around encryption, physical device loss, lost user accounts, and improper access policies all creating horrible security events. To that extent, it’s clear that healthcare security is going to be a critical factor mobbing forward.
In 2017 and beyond, healthcare will see an influx of new technologies impacting critical health services. According to a new report from MarketResearch.com, the healthcare Internet of Things (IoT) market segment is poised to hit $117 billion by 2020. Furthermore, a very recent Forbes article pointed out that Philips and Qualcomm announced a partnership to develop an important Internet of Things health care ecosystem.
Medicare estimates $17 billion is spent each year on avoidable readmission costs. Frequently, the cause of readmission is patients suffering from the complications of multiple chronic conditions like diabetes.
So, we see that new technologies will shape the way we receive and administer healthcare. In seeing all of this new data and all of these new devices, it’s important to understand what the new type of threat will look like.
Consider this: Arbor Networks recently stated that DDoS remains a commonly used attack type due to the ready availability of free tools and inexpensive online services that allow anyone with a grievance and an internet connection to launch an attack. This has led to an increase in the frequency, size and complexity of attacks in recent years.
Their research illustrates the following:
- A 73 percent increase in peak attack size over 2015, to 579Gbps.
- 46 attacks over 200Gbps monitored in 1H 2016, versus 16 in all of 2015.
- The US, France and Great Britain are the top targets for attacks over 10Gbps.
With that, we come to the events of October 21, 2016. This was the day we experienced the single-most impactful DDoS attack on record.
Aimed at DynDNS services, the attack was implemented, at least in part, by using a botnet created by software called Mirai. This botnet hijacks poorly secured IoT devices, like DVRs, CCTV environments, Nest Thermostats, and much more. The attack, according to an analysis by ThousandEyes, a provider of global network monitoring services, was directed at 17 DYN sites.
“At the height of the attack, approximately 75 percent of our global vantage points sent queries that went unanswered by Dyn’s servers,” Nick Kephart, senior director of product marketing at ThousandEyes, wrote in a blog post. “In addition, the critical nature of many of these affected services led to collateral damage, in terms of outages and performance impacts on sites that are only tangentially related to Dyn (including this blog).”
Now, let’s focus back in on healthcare.
In 2017 and beyond, we need to understand three truths when it comes to healthcare security:
1.Your data will become a target. It’s really only a matter of “when.”
2.Threats will come from non-traditional sources. Think IoT, cloud, and even drones.
3.No security architecture is ever written in stone.
To get over the hurdle that is security in near future, you’ll need to really think outside the box here. Consider the following:
Leverage next-generation security systems
There are so many options to consider when we look at new types of security technologies. New solutions from Palo Alto, Checkpoint, and Cisco aim to redefine the way we secure entire data centers and networks. However, there are powerful systems that have changed the way we secure truly next-gen resources and data points. Rapid7 has helped push cloud security and monitoring to a new level by enhancing visibility and helping with compliance, auditing, and detecting unknown malicious behavior. Other security technologies have taken on the end-point and remote resources. Bit9, CarbonBlack, Crowdstrike, and others are creating a new breed of end-point security. This means machine learning and even advanced AI capabilities around user, device, and data security. If you’re a healthcare security expert, broaden your horizons beyond what you might know today. New security tools are shaping the way we deploy future systems, helping us keep pace with digital healthcare requirements.
Follow a simple security lifecycle: Plan, Execute, Validate, Repeat
Testing new security technologies has become much simpler with cloud and virtualization environments. Too often, healthcare organizations have loose requirements around security deployment. Now, before you get angry – yes, there are great policies in place and set ways to deploy certain security technologies. But, what about testing new security solutions? What about understanding impacts on legacy components or critical dependencies? Finally, what’s the impact on the user? If you’ve got those bases covered, you’re in good shape. However, many organizations aren’t leveraging cloud or virtualization to test out new security systems. Remember, one of the best ways to see if the solution works for you is to test it in your ecosystem. Don’t be afraid to seek out new ways to secure your sensitive data and PHI. Competitive healthcare organizations are leveraging powerful security technology to build patient confidence, and offer amazing new healthcare services.
Put yourself in the user’s shoes (and their devices)
Consider 2017 and beyond to be known as the era of the digital device revolution. Aside from all of the new data we’re creating, interconnected devices are impacting everything from homes to healthcare. However, with amazing advancements come very real threats. Automation and orchestration systems help you lock down users, devices, data points, applications, desktops, peripherals, and much more. No more lost administrators, and no more lost physical assets. However, beyond control, always monitor user experiences. You create technology champions by building confidence. This means ensuring a positive experience while securing the session. The best piece of advice here is to place yourself in the user’s shoes. When deploying a new system, tool, software, or device – ask how the user would utilize it. Learn what they do today and how these new tools will make their lives better. A technology for technology’s sake doesn’t always translate to business benefits. However, a technology with a direct, positive, business use-case becomes an indispensable tool.
Arguably the final, and most important point is to always test out your security infrastructure. Lost data center infrastructure components create the perfect storm for data loss or a breach. That said, nothing is ever perfect, and as mentioned earlier, nothing is ever written in stone. Administrators must take the entire healthcare organization into consideration when creating a security architecture.
Most of all, a new security paradigm must take user experiences into the design. This means leveraging intelligent security models while still allowing the users to experience the healthcare digital revolution.