Securing the healthcare sector’s digital lifeline: a three-phase approach

Last year we saw the global healthcare industry suffer more data breaches than any other. So, while data is starting to transform patient care, a seriously compromised security landscape is impacting the progress being made. Author: Bart Coole, Country Manager VMware Belux

Last year we saw the global healthcare industry suffer more data breaches than any other. So, while data is starting to transform patient care, a seriously compromised security landscape is impacting the progress being made. How can healthcare providers continue to ensure on one hand, the confidentiality and integrity of data, and on the other, its easy availability to authorized health professionals?

Data risk vs. reward

Data is at the heart of all the major advancements in healthcare and life sciences today. Research into molecular genetics is aiming to combat the spread of illnesses caused by pathogenic bacteria such as salmonella, while DNA sequencing is beginning to identify and screen for previously difficult-to-diagnose diseases. In the future, artificial intelligence-enabled machines will instantly mine every piece of relevant medical research on the planet to diagnose us. Today, standardized, digitized healthcare records provide a complete picture of your health when you walk into a hospital.

More data, however, equals more exposure to security threats. Different hospitals, countries and healthcare systems are at radically different levels of digital sophistication; IT infrastructure is often randomly scattered rather than centralized – making it more vulnerable to hacker attacks and physical theft. The introduction of mobile devices loaded with innovative applications has been transformative, but the need for different doctors and nurses to access and share data across different devices and networks means that sometimes this seems like one step forward, two steps back.

A three-phase approach to security

To realize the opportunity at hand and successfully use data to improve healthcare, organizations need to ensure:

  1. Confidentiality of data – it has to be better protected than it’s ever been

Doctors and staff work in high pressure environments demanding mental acuity and focus on patient safety. They can prevent sensitive information being displayed inappropriately or left in a not secured location, but those I’ve spoken with assume IT teams have the technical security of data covered.

Solutions are having to become increasingly sophisticated to support this. Virtual networking and security software, for example, enable IT teams to isolate medical devices that may be running vulnerable operating system versions, prevent compliance breaches by remotely wiping lost or stolen mobile devices, and reduce the potential attack surface for electronic medical records through network micro-segmentation. All this supports doctors focussing on their priority; making people better.

 

  1. Integrity of data – inaccuracy can have fatal consequences

Application-centric healthcare is already beginning to revolutionize everyday processes. Take on-call tasks. These can be logged onto a system by nurses and pushed to an app-enabled ‘on-call’ phone that functions as a remote digital checklist. Doctors can respond to and tick off tasks as they’re progressed and nurses can call them directly for urgent matters.

These applications cannot afford to display inaccurate data … day in day out, medical professionals rely on the integrity of this data as they become responsible for the lives of others. Traditional network perimeter security models alone can no longer protect this increasing sprawl of applications and users – rather, organizations need to insert security everywhere in their infrastructure and, today, this includes a data center endpoint security solution to directly protect the applications themselves.

  1. Availability of data – different systems must talk to each other

Most healthcare organizations have more than one physical location, and many diagnoses require multiple inputs from different places.  The point is that healthcare processes are only going to work if different IT systems talk to each other seamlessly and the required data remains available at all times. As healthcare moves further and further beyond the physical walls of hospitals, institutions will need to ensure their compute and storage resources can scale, extend and integrate without disruption, as changing demand dictates.

With the three healthcare commandments of confidentiality, integrity and availability intact, data can act as a ‘digital lifeline’ for the healthcare industry – helping organizations transform and manage the balancing act between improving care while keeping patient safety at the centre of everything they do.