NEW YORK, Feb. 9, 2017 /PRNewswire/ -- With HIMSS17 scheduled for February 19th through 23rd in Orlando, the annual conference will bring together more than 40,000 health professionals, clinicians, executives and vendors to address issues, concerns and new approaches toward improving the health sector, and security will be one of the leading topics of discussion. Cybersecurity has become an area of great interest in the health sector and a top priority for healthcare CIOs. With over 100 data breaches among healthcare organizations in the past year alone, industry experts estimate the cost for lost records in 2016 was nearly $3 billion.1 While all breaches are not directly related to the electronic health record (EHR) or billing systems, that's where cybercriminals tend to go first to acquire valuable patient data. According to Logicalis Healthcare Solutions, the healthcare-focused arm of Logicalis US, an international IT solutions and managed services provider (www.us.logicalis.com), there are key aspects of securing patient information within the EHR and across the healthcare network that must be addressed holistically. To help jumpstart that conversation, the healthcare security experts at Logicalis have outlined five of the top security issues quickly becoming top-of-mind among healthcare CIOs.
"We need to balance ease-of-use and ease-of-access to patient data with the ability to secure this information not just within the health entity itself, but across all member health organizations that support it. Understanding data flow and system connectivity is key," says Ed Simcox, Healthcare Practice Leader, Logicalis Healthcare Solutions. "As a result, healthcare CIOs must take a holistic, collaborative and consultative approach to security – examining the systems and human interaction of patient information throughout its entire lifecycle."
"You have to take an architectural approach to healthcare security looking at the whole organization and all data interaction points, not just the sum of its parts," says Ron Temske, Vice President, Security Solutions, Logicalis US. "Don't fall prey to buying disparate best-of-breed solutions which are often deployed in isolation. Without proper integration and sharing of actionable threat intelligence, you won't have an effective holistic view of your security."
Five Top Security Issues for Healthcare CIOs
Cybersecurity is one of the most important issues healthcare IT professionals face today. Below are the five security topics expected to top HIMSS17 conversations. Logicalis Healthcare Solutions suggests healthcare CIOs open an internal dialogue, explore questions with colleagues and engage an experienced solution provider who understands the complexities of security and healthcare IT. Taking a proactive approach to complex issues will ensure healthcare IT leaders ask the right questions and implement effective strategies to avoid costly breaches before they occur.
- Securing EHR Environments: Today's top electronic health record (EHR) providers – companies like Epic, Meditech and Cerner – offer very clear guidance to hospitals regarding the architecture of their computing environments. These prescriptive guidelines, while created to ensure the functionality of the EHR solution, can also constrain the healthcare CIO from enhancing security to protect the patient information contained within the EHR system. The burning question on many healthcare IT pros' minds, therefore, is how to secure an EHR application and its associated data without interfering with or degrading the application itself. To build an effective data perimeter that works in cooperation with these top vendors' EHR applications, healthcare CIOs may need an experienced solution provider's help.
- User Authentication: Think of the sheer number of users that legitimately log on to a hospital's wireless network daily – patients, family members, visitors, physicians, subcontractors (i.e., visiting surgeons, for example) – extremely high volumes of network traffic to monitor. Which is better – knowing that "Guest 321" has just entered a secure area or that "John Smith" has entered it? Taking the issue of authentication a step further, since hospitals often have computing terminals in every patient room, if a doctor logs into the EHR system to upload patient notes, but forgets to log out, protected health information becomes easily penetrable by cyber adversaries as well as well-meaning patients, their family and guests. Single-sign-on solutions with scheduled timeouts is an example of an effective tactic to help resolve these concerns.
- Preservation of Identity: While authentication is critical, so too is the preservation of user identities. With the virtual desktop infrastructure (VDI) hospitals typically use in their EHR environments, user identity can be difficult to capture and audit. Solutions exist, but if the IT professional delivering the EHR implementation is not familiar with possible security protocols that can preserve the identity of users throughout the system, these safeguards won't be enacted.
- Proliferation of End Points: In a hospital setting, there are a myriad of computing devices in play – desktop and mobile computers, tablets, smartphones – any of which can be used to deliver malware or even ransomware into the host network. The key is to gate access and deploy tighter controls on what users can see, how they are authenticated and what policies are deployed if a device is lost or stolen.
- Internet of Things: One of the newest challenges for healthcare CIOs is the vulnerability inherent in connecting to Internet of Things (IoT) devices; any piece of medical equipment with a built-in operating system – even if it doesn't have patient data stored on it – can become a "zombie" used for nefarious purposes by a would-be attacker. This challenge is similar to the EHR security issue in that IoT devices are often too small for a security software agent to be loaded onto the device requiring the healthcare CIO to consider a protective data barrier around the organization's IoT infrastructure.
1 Modern Healthcare, January 20, 2017; "Vital Signs: How America's Youth is Key to Fixing the Sad State of Cybersecurity."
Want to Learn More?
- Is it time to step up your security game? Don't be held hostage by ransomware; read these 10 tough security questions every CIO must be able to answer.
- Managing a comprehensive security solution can overwhelm an IT department with a continuous swarm of alerts – find out how managed security services can help: http://ow.ly/fZzA308y6Xl.
- Logicalis has nearly two decades of experience helping healthcare CIOs tackle their toughest IT challenges; read our most recent healthcare and security news to learn more, then visit the Logicalis Healthcare Solutions website here: http://ow.ly/SHSX308y7eh.
Logicalis is an international multi-skilled solution provider providing digital enablement services to help customers harness digital technology and innovative services to deliver powerful business outcomes.
Our customers cross industries and geographical regions; our focus is to engage in the dynamics of our customers' vertical markets including financial services, TMT (telecommunications, media and technology), education, healthcare, retail, government, manufacturing and professional services, and to apply the skills of our 4,000 employees in modernizing key digital pillars, data center and cloud services, security and network infrastructure, workspace communications and collaboration, data and information strategies, and IT operation modernization.
We are the advocates for our customers for some of the world's leading technology companies including Cisco, HPE, IBM, NetApp, Microsoft, VMware and ServiceNow.
The Logicalis Group has annualized revenues of over $1.5 billion from operations in Europe, North America, Latin America and Asia Pacific. It is a division of Datatec Limited, listed on the Johannesburg Stock Exchange and the AIM market of the LSE, with revenues of over $6.5 billion.
For more information, visit www.us.logicalis.com.
Business and technology working as one
To learn more about Logicalis activities through a variety of social media outlets, click here.
SOURCE Logicalis US