The healthcare sector is among the most targeted by threat actors in the business world, with sensitive patient data needing a strong, constant cybersecurity strategy wherever it resides. Attacks including ransomware have frequently proved damaging to companies in the space in the past few years. While many healthcare networks have successfully migrated to the cloud, improving security and scalability, skills gaps and insufficiently protected legacy infrastructure remain barriers.
According to research conducted by Microsoft, it takes the healthcare industry an average of 236 days to identify a breach, and 93 days on average to contain a breach — almost two months longer than other sectors. What’s more, a breach can cost an average of $7.13m, and over 20 per cent of healthcare providers reported an increase in patient mortality rates after a cyber attack. Indeed, possible damage to organisations across healthcare go beyond the financial realm.
To help healthcare providers to optimise protection of all data at their disposal, global IT consulting and services organisation Avanade is facilitating an end-to-end hybrid cloud approach to data infrastructure, while allowing for secure, long-term innovation. Avanade’s senior vice-president, global lead — managed security service and industry security solutions, Gaurav Agarwaal, spoke to Information Age about the considerations that the company takes into account when it comes to cybersecurity for healthcare clients.
Keeping threat actors out
A much needed zero trust approach to cybersecurity has proved key to keeping cyber threats at bay. Holistic in nature, an architecture that calls for users to ‘never trust, always verify’ encourages constant vigilance against possible attacks to the network — a measure much needed to allow staff to focus on caring for patients.
“Through advisory, transformation and managed security services, we evaluate and define the cybersecurity strategy and to continually improve your governance, risk and compliance state,” explained Agarwaal.
“We know it’s not a question of if they will be attacked, but when, so we help our clients to get an accurate picture of their security landscape. This way, we are able to build resilience so that they can recover quickly if and when an attack takes place.”
Through working with Avanade, healthcare providers can gain full visibility of the attack surface, minimise risks brought by third party systems, and properly protect their endpoints — all while reducing technical debt brought by enhancements leaving other areas of the network behind.
Four key steps were identified towards successfully adopting a zero trust mindset:
- Gather a baseline view — accessing current and future risks before defining a realistic solution in a hybrid cloud environment.
- Build zero trust principles — modern identity solutions can be utilised in order to improve protection of critical assets across the network.
- Enhance threat protection — quickly close any vulnerabilities, and nurture an adaptive cybersecurity approach.
- Secure care team collaboration — by promoting deployed products, distributed teams can seamlessly and securely work together from wherever employees are.
Shifting from insecure legacy infrastructure
No technical infrastructure can be fully operational forever, and vulnerabilities to be addressed will emerge over time. While it may not be clear immediately, there are ways to determine when it it time to migrate to a hybrid cloud environment.
“Companies would need to start evaluating both the security and compliance of their infrastructure,” Agarwaal explained. “The key is to plan out cloud migrations, with a secure cloud foundation in mind to ensure that everything you then do in a public or hybrid cloud meets the security and compliance requirements.”
Moving to the cloud offers a faster, more efficient path for healthcare organisations to advance virtual care services such as telehealth and remote patient monitoring. With 88 per cent of healthcare providers having accelerated spending on cloud migration, this acceleration has led to an exponential rise in data stored in hybrid cloud, creating a management challenge. To keep assets manageable and secure, confidential patient data needs to be easily accessible to staff, both on-site and remotely.
“The typically urgent nature of the medical industry means staff need to be able to share information immediately – there’s no time to pause and consider the security implications of the devices they’re using,” Agarwaal added.
Overcoming the skills gap
When considering why the healthcare industry tends to be less quick to identify and contain data breaches, another key factor identified by Agarwaal was insufficient internal cybersecurity training.
While understanding and evaluating available skills is vital, healthcare providers can also adopt human-centric security in order to make day-to-day security initiatives more purposeful to an individual, as well as across the team.
Agarwaal advises: “Establish security awareness and training to enable your employees to become security advocates; evaluate changes needed for a hybrid cloud workplace; and encourage senior executives to get behind and sponsor awareness campaigns across the organisation.”
Power through collaboration
As well as taking security measures on an advisory, case-by-case basis following communication with staff and examination of the network, another strength cited by Agarwaal in Avanade’s cybersecurity services is collaboration with its partner ecosystem, which includes capabilities from Microsoft.
Having support from partner organisations in place goes a long way in closing any cloud and security gaps.
“Our deep expertise on Microsoft Security platform and strong relationship with Microsoft and Accenture allows us to innovate faster to develop repeatable solutions – which reduces the delivery risk and makes are solution cost effective,” said Agarwaal.
“We have the highest number of Microsoft Security Certified professionals. We have also invested in developing a dedicated platform for managed security services, threat intelligence, application security and vulnerability management.”
No organisation, whether in the healthcare industry or any other sector, can innovate securely alone. Choosing the right IT service provider is vital towards mitigating knowledge gaps and keeping data secure.
With the right security strategy and partnership with a security services partner, healthcare providers can mitigate the security risk and drive a culture shift where security is seen as a business enabler, instead of being the top blocker for innovation in the cloud.