- Digital transformation puts pressure on health IT infrastructure as organizations plan for assimilating new technology into their IT ecosystems. No matter which technology organizations choose to adopt, entities need to consider how these infrastructure changes affect healthcare network security.
In the coming year healthcare organizations should expect significant changes in their IT infrastructure with new solutions being deployed, according to a recent 451 Research report.
“As digital transformation inherently drives organizations into a data driven world, 94 percent of organizations are using sensitive data in cloud, big data, IoT, containers or mobile environments – this is creating new attack surfaces and new risks for data that need to be offset by data security controls,” report authors explained.
Thirty-six percent of enterprises across all verticals were breached in the last year, the report found. This is up from 26 percent last year and an increase from 21 percent the year before. The increased surface area IT infrastructure leaves healthcare data vulnerable to new and evolving threats.
Data breaches will continue to increase because organizations have not increased their network security budgets to accommodate more advanced threats. Organizations are not prioritizing increased spending on data at rest security, according to the report.
Cloud adoption is almost universal with nearly every healthcare organization using cloud for some aspect of its health IT infrastructure. The addition of more mobile and Internet of Things (IoT) devices spreads IT infrastructure. Organizations are no longer only concerned with what’s deployed in their walls because their infrastructure expands to public internet connections and cellular data.
“Successful breaches have reached an all-time high for both mid-sized and enterprise class organizations, with more than two-thirds (67 percent) of global organizations and nearly three fourths (71 percent) in the U.S. having been breached at some point in the past,” 451 Research Principal Information Security Analyst Garrett Bekker said in a statement. “Further, nearly half (46 percent) of U.S. respondents reported a breach just in the previous 12 months, nearly double the 24 percent response from last year, while over one-third (36 percent) of global respondents suffered a similar fate.”
“Clearly, doing what we have been doing for decades is no longer working,” he continued. “The more relevant question on the minds of IT and business leaders, then, is more direct: ‘What will it take to stop the breaches?’”
Traditional IT infrastructure security methods such as firewalls and encryption are not enough to protect the expanded surface area. As infrastructure technology grows more sophisticated, so do the attacks against the network.
Organizations need to look at automating certain network security tasks and consider more proactive security methods.
Modern IT infrastructure starts with network monitoring but the security must extend beyond simply observing what’s happening. Taking a proactive approach instead of a reactive approach is the biggest distinction between traditional network security methods and modern security methods.
Proactive security techniques include using machine learning to understand complex data and trends. This data can be used to find trends to predict and test network weaknesses.
Automation and verification are also methods organizations can employ to sort through IT infrastructure’s growing complexity, Veriflow CTO Dr. Brighten Godfrey explained to HITInfrastrucutre.com.
“There’s dozens of vendors and new layers like virtual networks in the cloud,” said Godfrey. “There might be thousands of firewall rules where the network is assisting with security and many vendors’ products that need to be integrated and networked together.”
Organizations have complex systems that are constantly changing and primarily depend on IT staff manually making or overseeing those changes. This leaves the network vulnerable to human error, which is a large reason why data breaches that damage critical infrastructure occur.
Automating security tasks wherever possible and understanding network weaknesses will help healthcare organizations protect their network against cyberattacks. Being proactive rather than reactive about network security will significantly decrease the chances of PHI being stolen.