Topic: How cybersecurity supports digital transformation in health care

Digital transformation in the health care sector has been underway for a few years now and the COVID-19 pandemic has only accelerated the rate of adoption. For instance, we’ve seen a massive uptick in telemedicine. The entry of several digital native players in the health care ecosystem has resulted in greater digitalization of the engagement value streams and business processes. Now, there’s greater adoption of cloud-based systems and digital tools in health care, facilitating an ecosystem approach to delivering health care services.

Along with the massive benefits of going digital, the health care industry has also become increasingly vulnerable to cyberattacks. The U.S. Department of Health and Human Services has reported a 50 percent year-over-year increase in breaches at hospitals and health care provider networks.

Because health care operations are so critical, they make an attractive target, both from commercial and political standpoints. Ransomware attacks can bring down mission-critical systems leading to considerable chaos and even loss of life. As health care organizations roll out telemedicine, there’s greater access to remote data because of an increase in online consultations. Sensitive data such as PHI can fetch criminals large sums of money on the dark web. R&D efforts such as COVID-19 vaccine development are easy and valuable targets.

Complex and connected health partner ecosystems consist of varied participants, including patients, physicians, payers, and pharma companies, making them particularly vulnerable. Health care apps, connected devices, and medical devices too increase exposure and vulnerability. Given the increased threat landscape, ensuring cybersecurity has become a critical success factor for any digital transformation effort in health care. The following are six best practices for health care organizations to improve security posture to support their digital transformation goals:

• Implement sound security standards and stricter guidelines.

Organizations must insist on strict adherence to prescribed gold standards for operating systems. This means ensuring up-to-date operating systems and patches with transparent processes for patching and security updates, replacing outdated medical devices, and implementing IoT security measures for remotely connected devices. Also, security teams must harden guidelines considerably, especially for internet-facing and high-risk systems. Older systems with vulnerabilities must get patched. In effect, the team has to have a zero-tolerance approach when it comes to IT hygiene.

• Adopt a Zero Trust model.

Now that the perimeter has shifted towards home offices, organizations need resilient new models that work in the new environment. Apply greater network segmentation to ensure that mission-critical systems such as life support and drug R&D systems are kept separate. Adopt a principle of least privilege so people only get the access they require to get the job done. Practices such as multifactor authentication for admin access and remote access and the use of secure web gateways for remote access instead of traditional VPNs also help. Rather than connecting remote users to the corporate network, expose them only required applications for remote access.

• Instill a data security focus.

Security teams managing remote users should secure data both at rest as well as in transit. Automated systems for data identification and classification can help better protect critical data. Data loss prevention (DLP) systems at email, network, and endpoints can enable real-time loss monitoring. Also, using industry best encryption and data masking solutions and periodic access reviews can help ensure that only authorized users can access data.

Topic Discussed: How cybersecurity supports digital transformation in health care

Read Original Article