Securing the healthcare sector's digital lifeline

By Ian Jenkins, Head of Network Security at VMware.

  • Wednesday, 19th September 2018 Posted 6 years ago in by Phil Alsop
While it’s hard to think of an element of healthcare that couldn’t be transformed by better access to data, the security breaches plaguing the sector threaten to compromise the impact data could have on fighting disease, treating ailments and improving our lives.

The first half of 2017 saw the global healthcare industry suffer more data breaches than any other – 228, in fact, almost double that of the second most hit. Some 31 million records were stolen in these attacks, up 423% from 6 million in the previous six months. So, while data is starting to transform patient care, a seriously compromised security landscape is impacting the progress being made.

Against this context of data-driven innovation and increasingly complex security challenges, how can healthcare providers continue to ensure on one hand, the confidentiality and integrity of data, and on the other, its easy availability to authorised health professionals?

Data risk vs. reward

Data is at the heart of all the major advancements in healthcare and life sciences today. Research into molecular genetics is aiming to combat the spread of illnesses caused by pathogenic bacteria such as salmonella, while DNA sequencing is beginning to identify and screen for previously difficult-to-diagnose diseases. In the future, artificial intelligence-enabled machines will instantly mine every piece of relevant medical research on the planet to diagnose us. Today, standardised, digitised healthcare records provide a complete picture of your health when you walk into a hospital – meaning more personalised and faster diagnoses, and fewer people in hospital beds.

More data, however, equals more exposure to security threats – and the healthcare industry presents a particular set of tough challenges. Different hospitals, countries and healthcare systems are at radically different levels of digital sophistication; IT infrastructure is often randomly scattered rather than centralised – making it more vulnerable to hacker attacks and physical theft; many IT systems remain complex and convoluted, with discrete, often minimally integrated point solutions to capture, input, order and review medical scans for example – potentially compromising data integrity and availability. The introduction of mobile devices loaded with innovative applications has been transformative, but the need for different doctors and nurses to access and share data across different devices and networks means that sometimes this seems like one step forward, two steps back.

A three-phase approach to security

To realise the opportunity at hand and successfully use data to improve healthcare, organisations need to ensure:

Confidentiality of data – it has to be better protected than it’s ever been

Doctors and staff work in high pressure environments demanding mental acuity and a laser focus on patient safety. They can prevent sensitive information being displayed inappropriately or left in an unsecure location, but those I’ve spoken with assume IT teams have the technical security of data covered.

Too often this still isn’t the case – a single attack can cause unprecedented damage. Britain’s NHS, for example, experienced one breach that exposed the medical records of patients held by 2,700 practices to Britain’s NHS, for example, experienced one breach could have exposed the medical records of patients held by 2,700 practices.

Solutions are having to become increasingly sophisticated to support this. Virtual networking and security software, for example, enable IT teams to isolate medical devices that may be running vulnerable operating system versions, prevent compliance breaches by remotely wiping lost or stolen mobile devices, and reduce the potential attack surface for electronic medical records through network micro-segmentation. All this supports doctors focussing on their priority; making people better.

Integrity of data – inaccuracy can have fatal consequences

Application-centric healthcare is already beginning to revolutionise everyday processes. Take on-call tasks – the things the out-of-hours doctors have to do or review. These can be logged onto a system by nurses and pushed to an app-enabled ‘on-call’ phone that functions as a remote digital checklist. Doctors can respond to and tick off tasks as they’re progressed and nurses can call them directly for urgent matters.

These applications cannot afford to display inaccurate data … day in day out, medical professionals rely on the integrity of this data as they become responsible for the lives of others. Traditional network perimeter security models alone can no longer protect this increasing sprawl of applications and users – rather, organisations need to insert security everywhere in their infrastructure and, today, this includes a data center endpoint security solution to directly protect the applications themselves.

And as these applications are launched, changed, and decommissioned with increasing rapidity, IT needs to keep pace – providing context and maximum visibility into this evolving infrastructure, in order to secure all interactions and ensure data accuracy.

Availability of data – different systems must talk to each other

Most healthcare organisations have more than one physical location, and many diagnoses require multiple inputs from different places – whether that’s a dermatologist reviewing a patient’s skin complaint from a different physical location, or the need to access a combination of data sitting in a public cloud, such as Amazon Web Services, and possibly a local in-house database. And consider just how quickly processes within an emergency department would come to a halt if historic medical records and notes weren’t instantly available from a variety of different sources and locations.

The point is that healthcare processes are only going to work if different IT systems talk to each other seamlessly and the required data remains available at all times. As healthcare moves further and further beyond the physical walls of hospitals, institutions will need to ensure their compute and storage resources can scale, extend and integrate without disruption, as changing demand dictates.

With the three healthcare commandments of confidentiality, integrity and availability intact, data can act as a ‘digital lifeline’ for the healthcare industry – helping organisations transform and manage the balancing act between improving care while keeping patient safety at the centre of everything they do.