Getty Images/iStockphoto

Securing the Present and Future of Health IT Infrastructure

New approaches to health IT infrastructure bring with them novel threats to essential systems and sensitive data, signaling the need to modernize health data security efforts.

The healthcare industry is undergoing unprecedented digital transformation, with the leaders of provider organizations increasingly turning to the cloud to support current business needs and prepare for future innovations. But all this change comes at a cost, namely the dangers posed by an influx of end-users and the ongoing need to keep sensitive information secure.

Seventy-percent of healthcare CIOs reported reducing IT costs as their prime motivation for deploying software-as-a-service (SaaS) — the most widely used healthcare cloud service model — in a recent survey of College of Health Information Management Executives (CHIME) members. The ability to manage upgrades more easily (62%) and improve accessibility (59%) were next on the list of top-five priorities.

The majority of respondents noted that their organizations use six or more SaaS applications — most commonly for patient engagement, telemedicine, and mobile communication. This reliance on the cloud, however, is offset by growing concerns about health data security and privacy. Fear of a data breach or malicious attack represented the top cloud concern for healthcare CIOs.

In 2017, the Department of Health and Human Services Health Care Industry Task Force detailed a troubling state of affairs for healthcare cybersecurity:

  • Most hospitals operate without a designated chief information security officer
  • Cybercriminals see healthcare as a prime target
  • Most providers are underprepared to handle the current threat landscape

Two years later, awareness has improved across healthcare, but the industry is still struggling to secure its complex digital environments.

According to Moody’s Investors Service, hospitals and other healthcare providers face not only the highest risk of cyber exposure but also the costliest impact when successfully attacked. In fact, hospitals represent about $250 billion in rated debt, with much of the risk tied to the need for constant data access and its trove of sensitive data. As a result, the industry remains one of the most targeted by hackers.

From fragmentation to integration

A federal push for healthcare interoperability is forcing providers away from fragmentation and toward integration. The result is a complex digital ecosystem responsible for supporting numerous health IT systems, applications, and connected devices.

The desire to streamline their digital footprints have led healthcare leaders to the cloud and a new kind of complexity. Recent survey findings point a growing interest among healthcare organizations in multicloud and hybrid cloud infrastructure, which means departments bear the responsibility for managing on-premise as well as remote infrastructure. The continued push for greater cloud adoption carries with it a new kind of risk for healthcare organizations, access management. Numerous individuals using different types of devices are requesting access to applications and data. Small and resource-strained IT departments can't keep up.

“Through collaboration, businesses are extending, and absorbing, the risk and vulnerabilities of their ecosystem partners. Yet most businesses still look at cybersecurity as strictly an individual effort,” wrote the authors of a recent Accenture report on healthcare innovation.

“This heightened level of exposure is good news for the 'bad guys' who view ecosystems as an ever-widening attack surface,” they continued. “Healthcare businesses must, in response, evolve their approach and stand up a stronger security posture that factors in ecosystem partners.”

The Accenture study went on to note that more than three-quarters of healthcare executives “agree that protecting their organization in an ecosystem relies on security practices that they have limited ability to control.”

While integration efforts in healthcare have typically focused on merging sites of care and service lines, they must also extend into other areas of the organization. According to the study, healthcare organizations must spread the burden of health data security across departments, bringing security and development and operations team together.

Security has enterprise-wide implications. Healthcare organizations cannot afford to task their security team with complete ownership for safeguarding IT infrastructure, yet many do. Healthcare leaders must work to spread responsibility across the organization, freeing security professionals to focus on the most pressing challenges facing health systems, hospitals, and physician practices. Such an approach enables the organization to become more agile in response to new and old security threats.

Balancing innovation and security

Innovation is driving healthcare organizations to leverage the ever-evolving capabilities of the cloud, but providers have only established a tenuous foothold in this “new” environment. With the healthcare industry in transition as a whole, IT staffs are responsible for maintaining on-premise (and oftentimes legacy) infrastructure while supporting the organization's demand for modern applications and services delivered via the cloud.

To successfully manage and secure complex digital environments, healthcare organizations must strike a balance between innovation and security. Both are top priorities, but neither can be considered without the other. With its data garnering more interest among bad actors, the healthcare industry must work smarter, not harder.

Fortunately, products and services are emerging that help shift more and more IT maintenance and security activities outside the organization, freeing internal resources to support providers in the delivery of high-quality, data-driven care. The challenge remains developing an organization-wide strategy that eliminates siloes in favor of a shared responsibility to protect the systems and resources that enable the business of healthcare to thrive.

________________________________________

About SailPoint

SailPoint enables healthcare provider organizations to cost-effectively protect healthcare data, reduce financial risk from poor audit performance, and avoid disruptions to patient care. Infused with artificial intelligence, its predictive identity governance anticipates how access should change, shows where attention is needed, and recommends actions. Ideally suited for healthcare, the SailPoint platform increases IT and operational efficiencies by automating processes and simplifying the on-boarding and management of complex healthcare user populations (employees, affiliated physicians, contractors and others). SailPoint is consistently recognized by Gartner, Forrester and KuppingerCole as the leading authority on identity governance, and the preferred partner for numerous healthcare organizations.

Dig Deeper on Cybersecurity strategies