BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Increasing reports of new vulnerabilities in computers and mobile devices are sending chills through hospital IT departments as they face the reality of more threats for which they need to prepare. Things look even worse for healthcare, since it has been a favorite target of cybercriminals looking to hold valuable health data for ransom.
These newly discovered exploits in the wild are yet another reminder to hospital security teams of the importance of leveraging security platforms that can adapt to and protect against various threats. Cloud security tools have offered the best promise to deliver meaningful system protections.
In March 2017, WikiLeaks released confidential CIA documents that detailed the numerous vulnerabilities in devices, computers and the internet of things. The documents highlighted the increasing liabilities that hackers can exploit to cause serious data breaches.
The CIA is not the only organization aware of potential weaknesses and exploits that exist in the enterprise. In April 2017, a security research firm announced the existence of a Microsoft Word vulnerability that could allow an attacker to execute code without the need to enable macros.
These are concerning events for hospital IT executives, as they signal real threats surrounding them, and remind them that they are already vulnerable. Security specialists and hospital CISOs are increasingly looking beyond standard protection tools to keep their environments safe and resistant to attacks. With the notion that no one can completely prevent an attack, there have been four key rules that healthcare has been able to adopt when it comes to new security measures that help mitigate some of the risks and ensure patient health data is protected.
Cloud security tools offer around-the-clock protection
It is a common occurrence for hospitals to engage outside security firms to perform security scans and penetration testing in their environments to gauge their overall level of security readiness. These steps are not required under the HIPAA Security Rule, but they can help ensure that no hackers are active within the environment. It can also help identify any changes or gaps that might present a risk.
Unfortunately, the increasing volume of attacks from cybercriminals is forcing hospitals to ditch their on-premises solutions and the periodic security checks for something that offers around-the-clock monitoring. This shift has laid the foundation for cloud security tools that can connect to and monitor networks continuously, while providing teams of experts with access to alerts that they can address in real time. Delivering the tools through a hosted model also reduces the complexity associated with implementation and management.
Cloud security tools reduce upfront infrastructure costs
The digital threats facing hospitals come in different shapes and forms; some infiltrate through email, while others find their way into systems through browser vulnerabilities. No matter what method a cybercriminal uses to infect an organization, IT is constantly adjusting the tools in use and expanding their capabilities by adopting more products.
However, at the current rate of change in security tools, traditional on-premises security options will likely require additional infrastructure. These additions increase the overall costs required upfront, as well as the time for setup and configuration.
In considering cloud-based security tools, IT is finding it more cost-effective to subscribe to a service that can easily be expanded without having to install new servers. Cisco, IBM, Microsoft and McAfee are a few of the platforms available today in the cloud, and they offer different tiers of support with different features a la carte. In most cases, these products must deploy special agents in some of the nodes that need to be monitored. They can also integrate with email services and network appliances to offer full coverage on all potential entry points.
A holistic approach to security and infrastructure safeguards
For a security strategy to be effective, a CISO must implement protections at multiple levels. This includes the firewall, networking appliances, endpoints, mobile devices, encryption, email, content access and web traffic.
Even with the tools that are available today, several can let newly generated threats through if their signature has not been cataloged and pushed out to the local system. To remedy that issue, many of the new cloud service providers are moving to a model in which they leverage machine learning and data collected from their deployed agents to detect threats. This method of identifying an attack prior to developing a patch or update for it can be extremely valuable to a hospital, especially when many of the ransomware attacks tend to get around antivirus tools. Some cloud security tools analyze and detect threats ahead of time.
Security at the edge is becoming a reality
Today, a hospital looking to increase their cloud usage can rest assured that their cloud provider offers security add-ons to go along with their implemented hosted workloads. Whether the hospital is using Amazon or Azure, enabling security extensions on workloads is a matter of a few clicks. This applies to hosted emails and cloud storage, as well. This reality has encouraged IT to let the vendors hosting their workloads manage their own security, removing that responsibility from IT and allowing them to sleep a little better at night.
Adopting cloud-based solutions is a viable alternative to the on-premises implementation of security tools. The increasing threats that hospitals face require a new set of protection tools that can quickly adapt and deliver a much wider scope of protection.
As with any cloud-based service, concerns around possible connectivity outages and denial-of-service attacks can create a lapse in coverage and protections. As hospitals decide to make the shift toward using more cloud-based solutions, it is important to address these vulnerabilities.
Cloud is one option to protect hospitals from ransomware
Data security and HIPAA compliance pose challenges to cloud adoption
Cloud providers offer data backup services