Anurag Kahol, CTO at Bitglass discusses the growing concerns about data security in the healthcare sector and what can be done to safeguard sensitive patient information.
The past twelve months have been some of the most challenging ever experienced for healthcare providers worldwide. In the UK, only a series of strict lockdowns prevented the NHS from being overwhelmed by the huge influx of patients suffering from COVID-19. However, as the world now looks to bounce back from the damage caused by the virus, there’s another malicious spectre on the horizon that cannot be ignored.
Healthcare is one of the fastest-growing sectors for cybercrime, something which the COVID-19 pandemic has only exacerbated. This is because hospitals and healthcare facilities have a wealth of sensitive data stored on their networks that need to be accessible around the clock in order to maintain a high quality of patient care. Put simply; they can’t afford to be locked out of their data. When combined with the chaos and resource strain caused by the pandemic, it has made them the perfect victims for cyber criminals looking to make profits, despite how despicable and unscrupulous it may seem to the rest of us. Obviously, cyber criminals are not known for their compassion.
In the last few months alone, attacks have disrupted numerous healthcare organisations worldwide, some with deadly consequences. In September, a ransomware attack disabled computer systems at Düsseldorf University Hospital in Germany, leading to the death of a critically ill patient who had to be diverted to another hospital over 30 kilometres away. Around the same time, another cyberattack on Universal Health Services (UHS), which runs approximately 400 hospitals and care centres across the US and UK, crippled its entire network, jeopardising healthcare for millions of people. The massive scale of the UHS attack made it one of the largest medical cyberattacks in US history.
The cost of cyberattacks in the healthcare sector is rising at an exponential rate
While it can be difficult to put exact numbers on individual attacks, a recent report estimates that the total cost of healthcare breaches has risen by almost 200 percent over the last three years, from around £3.4bn in 2018 to more than £9.5bn in 2020*. Additionally, the cost per breached record has grown from roughly £295 to over £360. When you consider that a typical breach involves hundreds of thousands of records, the cost of an attack can quickly reach astronomical levels.
Remote work is creating more new challenges for the healthcare sector
As with many other industries, the healthcare sector has also seen a huge shift to remote work over the past twelve months, causing additional problems. While frontline workers and hospital staff naturally must remain on-premises, many support and administrative staff have been working from home. Unfortunately, most healthcare IT security systems currently remain focused on on-premises security, which isn’t a good fit for remote working. As such, sensitive data becomes highly vulnerable once moved off-site.
How can organisations protect themselves more effectively?
So, what’s the solution? As is often the case, the answer lies in a combination of technology and education.
To better adapt to the ‘new normal of remote working, many organisations are looking to the cloud. However, as part of this, they also need to deploy a security solution specifically built for the task at hand. Such a solution must enable secure access to web and cloud services, block rampant threats like malware, prohibit data leakage, and enable adherence to compliance frameworks.
Secure access services edge (SASE), pronounced ‘sassy,’ refers to a comprehensive cloud security platform that delivers on this new way of working. SASE integrates cloud access security broker (CASB), zero-trust network access (ZTNA), and secure web gateway (SWG) technologies into a flexible platform designed to defend data wherever it goes.
SASE platforms allow enterprises to extend consistent security to all enterprise resources from a single control point. This enables the corporate security team to configure policies that secure software-as-a-service (SaaS) apps, control access to malicious web destinations, and prevent leakage in on-premises resources without the need for virtual private networks (VPNs). In other words, SASE replaces multiple disjointed point products, delivers significant cost savings, and provides the comprehensive security needed for a remote workforce in a cloud-first world.
In addition to the above technologies, education remains critical. Regular cybersecurity training for all employees offers CTOs and CISOs some of the best return on investment available. Even advanced cyber threats still frequently rely on basic methods to infiltrate their targets, such as phishing emails and social engineering. By conducting regular training sessions and educating employees to identify and avoid such schemes, healthcare organisations can save themselves huge headaches.
- HSBC is the first US bank that lets US SMEs “pay like a local” in foreign currencies
- The next generation of sound: Apple Music to rollout Spatial Audio with Dolby Atmos
- Why customer conversations are vital for brand survival in a post-COVID-19 world
- What can corporates learn from digital transformation in the COVID era?
Whether they like it or not, healthcare organisations worldwide are in the eye of an increasingly dangerous cybersecurity storm. However, all is not lost just yet. With the right security tools and training techniques, the NHS and other healthcare providers can enjoy all the benefits that remote work and the cloud have to offer without needing to fear any impending attacks. Doing so will help ensure sensitive patient and operational data remains secure and help them provide the best quality of care possible in these unprecedented times.
For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!