EDITOR ’ S QUESTION
WITH THE RAPID ADVANCE OF HEALTHCARE APPLICATIONS INTO AFRICA WHAT ARE THE BASIC ELEMENTS OF SECURITY THAT PROVIDERS SHOULD INVEST WHILE SCALING THEIR OPERATIONS ?
Perry Hutton is Vice President of Africa at Fortinet .
Healthcare organisations today are uniquely vulnerable to insidious security threats . This is due in part to the extremely high value of their data , but it is also because healthcare has lagged behind in security . For years , healthcare IT administrators have been pushed to adapt to new regulatory schemes and provide new functionality for providers and staff . Security , unfortunately , has received neither the attention nor the funding required to ward off the smartest attackers .
Too many healthcare organisations have chronically underinvested in IT security measures to protect critical systems and data , leaving them far more vulnerable than their peers in other industries . In financial services , security has been a top business and regulatory priority for years . According to an IDC report released in 2015 , 50 % of healthcare organisations have experienced 1 to 5 cyber-attacks in the past 12 months .
When it comes to security , healthcare is in the middle of a perfect storm . On one hand , access to data distributed across devices and locations is paramount , diverse providers and connected organisations need that data to flow freely in order to do their jobs . While on the other hand , securing sensitive patient records has never been more important or difficult . Electronic protected health information is extremely valuable to hackers and scammers , 10X more valuable than credit card data . Patient health records have much higher value on the black market than credit cards and other financial data , making health providers a prime target for cybercriminals .
Essentials :
• Hospital and data centre : The central data storage facility should be fortified with hardened data protection to ensure safety and usefulness of patient data . Enhance control and visibility of network traffic so that the most important hubs of care can operate at full capability .
• Firewall management : CIOs need to protect healthcare locations by deploying a security infrastructure which can provide coherent management of fragmented networks and data streams , complete with logging and analysis . With advance infrastructure , a complex data picture is simplified and visibility is enhanced .
• Medical offices and home workers : Ensure security across distinct offices and home locations with flexible security practices and technologies .
• Mobile users : The unique challenge of embracing BYOD is that it invites an infinite range of device types , user habits , and locales into the IT environment . These devices may connect to the network from either outside the main firewall or from within the network perimeters .
• Threat protection : Reducing the available attack surface of a healthcare organisation can prevent many attackers from obtaining information .
Creating a virtual fence around valuable health IT assets is an effective way to catch activity before attackers can steal sensitive data or compromise patient care systems . Today ’ s solutions involve looking at network security as an ecosystem . Perimeter-based protection alone are no longer sufficient , since threats can now come internally or from the proliferation of connected medical devices that access the network from within a traditional firewall . An indispensable tactic is to employ internal segmentation firewalls , which can compartmentalise the damage and isolate that threat to keep it from spreading .
60 INTELLIGENTCIO www . intelligentcio . com