Getty Images/iStockphoto
Could The SASE Model Move the Needle on Healthcare Cybersecurity?
The threat landscape is evolving faster than healthcare cybersecurity. AT&T Cybersecurity’s Rupesh Chokshi believes secure access service edge (SASE) might better support providers.
The multiple, massive cybersecurity incidents across the globe have demonstrated the ease in which threat actors can take control over critical infrastructure entities and their valuable data. For healthcare cybersecurity, where patient safety is at risk, it may be time for a new security model.
It’s clear from the current threat landscape that global hacking efforts have turned a dark corner: From the cyberattack on the Colonial Pipeline that spurred panic in consumers on the East Coast, to the latest attack on meat plants disrupting the supply chain.
In the past month alone, nearly two dozen entities have seen their data posted onto dark web blogs after attackers stole data from their networks.
And in healthcare, multiple health systems have been driven to EHR downtime in the middle of a pandemic, including Scripps Health. The California-based provider just reported that data was stolen during the ransomware attack, days after bringing its system back online
Meanwhile, multiple providers have reported data breaches this year tied to vendor incidents, many of which include reports of suspected or confirmed data theft.
Threat actors are becoming more sophisticated, yes, but many of these attacks are automated or require little skill. Multiple federal alerts show hackers are continuously scanning for unpatched vulnerabilities, some of which were patched by the vendor years ago.
The Elephant in the Room: Healthcare’s Complexity Complicates Solutions
While it may appear as if there’s a simple reason for healthcare’s cybersecurity issues, and thus, an easy answer (i.e. improve patching and reduce access), the sector faces a complex supply chain, a host of connected devices that rely on outdated platforms, and resource issues, just to name a few.
For Rupesh Chokshi, vice president of AT&T Cybersecurity, these issues rapidly expanded during the pandemic due to the increase in remote work and implemented devices.
“With data, users, applications, and devices spread across hybrid environments, connecting to the network from diverse locations, as well as managing and controlling access through authentication and authorization has taken on unprecedented priority and urgency,” said Chokshi.
“Security teams are struggling not only to control who and what devices have access, but to also consider when, why, and for which purpose. This has brought security to the forefront,” he added. “Gone are the days of security as an afterthought. Today, a security-first mindset is driving the conversation.”
Provider organizations are far too often riddled with woefully inadequate security practices, weak and shared passwords, and vulnerabilities in code, which leave the door open to attacks. Chokshi stressed that the mobility of the workforce and IoT data consumption is serving to compound these risks.
Further, healthcare’s heavy reliance on the flow of information better supports patient care but heightens risks to patient privacy and confidentiality, and the need for better security practices -- particularly as the risks and attacks are predicted to worsen this year and into the foreseeable future.
Providers would benefit from leveraging advanced technologies that promote information security and rely on industry-standard frameworks to protect PHI, Chokshi explained.
“Security leaders will be looking for ways to consolidate security tools and decrease the number of vendors they’re working with, while simultaneously increasing security investment,” Chokshi said.
“However, they also need complete visibility of their complex environment to automate processes and in some cases preemptively orchestrate them using advanced analytics, and to improve response times for known threats and the unforeseen ones that will come with emerging technologies such as edge applications,” he continued.
A SASE Breakdown
With a host of connected devices, applications, vendors, and employees, healthcare providers need continuous, real-time monitoring into their networks. Chokshi noted that as many look to security virtualization to manage a host of tools, security teams are also looking to simplify and centralize management of needed security tools.
Other needed tools include converged network and security, and WAN capabilities or software-defined wide-area networking (SD-WAN), combined with appropriate network security functions.
Some healthcare security professionals are looking to secure web gateways (SWG), cloud access security brokers (CASB), and firewall-as-a-service, and Chokshi explained that cloud solutions are increasingly becoming a priority.
The secure access service edge (SASE) delivers these tools as a cloud solution able to support decentralized, digital businesses, like healthcare -- although the complete definition for SASE is still being debated, he added.
“Healthcare organizations are looking to address latency issues they are having with traffic going into their data centers - exacerbated by changes to the business due to the pandemic,” said Chokshi. “Like most businesses, they were faced with how to protect a large remote workforce.”
“While in response to COVID-19, healthcare providers significantly increased their remote clinic locations to minimize patient impact on hospitals, this change in their business models requires an equal pivot in their network and security approach in order to meet the demands on the network and to facilitate application performance,” he added.
To Chokshi, the SASE model provides benefits to the network and security, including:
Business agility as they modernize networks and security infrastructures, allowing for quick adaptation in the face of challenges brought on by the pandemic.
An increase in productivity from employees working from home, and protection for those employees accusing the network from such locations.
Support for business continuity and resiliency through network and security virtualization - allowing for faster changes on an as-needed basis.
Relief for overloaded internal IT staff delivering best practices for security policy, provisioning, and continuous global monitoring
Smaller healthcare providers can also leverage SASE to consolidate tools able to connect to clinics and branch offices, as well as remote users. Chokshi noted the tool also applies a unified security policy across users, locations, and devices, while closing security gaps.
But a key component of SASE is Zero Trust, which means providers must also implement Zero Trust security security policies around access needs.
“Because SASE policies go beyond security to also govern quality of service, path selection, dynamic routing, traffic shaping, cost and latency optimization among other network-centric policies, SASE cannot be seen solely as the fast-lane approach to implementing Zero Trust,” said Chokshi.
“Using SASE can help drive innovation for healthcare providers by delivering highly secure and efficient experiences for their end-users,” he added. “Working with a trusted advisor to determine the best-fit methodology to meet today’s and tomorrow’s needs for ever-changing network and security requirements is an important consideration.”
For some healthcare providers, the Zero Trust model has become a business imperative to stymie the risks. In September 2020, an AT&T global survey of 1,000 enterprises found 94 percent of enterprises are researching, implementing, or have completed implementation of a Zero Trust initiative in their network.