With
HIMSS approaching on March 14,
cybersecurity will take center stage at this year's conference. Ahead of the
event, a number of industry experts from well-known technology firms including VMware,
AT&T Cybersecurity, Citrix and more share their thoughts below on healthcare
security trends and technology topics to expect at the show, in a Security Health Check
round-up.
++
Joe
Partlow, Chief Technology Officer, ReliaQuest - booth #300-38
- Healthcare orgs are lacking
visibility: "A
major pain point for healthcare organizations today - and what will likely
be one of the most talked-about topics this year - is a lack of visibility
into security tools. Accessing and correlating information from across
healthcare applications, such as EMRs, is still a massive challenge and
large visibility gap for security teams today. What's more, most new
medical equipment has some sort of networking capability, meaning IoT
security is even more crucial to effectively secure these technologies.
Lastly, not only is ransomware continuing to rise, but we are also seeing
more data extortion attempts now that most corporations have beefed up
email and endpoint controls. Overall, healthcare organizations are facing
a myriad of cybersecurity obstacles today amid an increase in destructive
attacks. The more visibility they can get into their security tools and
data, the more effectively they can reduce cyber risk and better protect
their organizations."
++
Rick
McElroy, Principal Cybersecurity Strategist, VMware - booth #2121
- Healthcare application security
becomes a priority:
"The influx of new healthcare applications spurred by the increased
popularity of telehealth and need for vaccination documentation is creating
a significant cyber risk for the healthcare industry. While these
applications provide patients with flexibility and convenience, the way
they exchange data can be very insecure. For example, data such as
COVID-19 vaccination status is being shared not only with government
agencies but also with companies in the hospitality industry, as proof of
vaccination is increasingly required in public spaces. Cybercriminals are
certainly capitalizing on this trend, as demonstrated by breaches such as
the one on Indonesia's COVID-19 app. Healthcare organizations and
government entities with applications that gather and manage sensitive
personal data must take proactive security measures, including running
ongoing threat hunting programs and prioritizing cloud workload
protection. And if developing a healthcare application, it's more
important than ever to ensure security is built-in from the beginning."
++
Theresa
Lanowitz, Head of Cybersecurity Evangelism, AT&T Business
- Securing the edge takes center
stage: "AT&T
Cybersecurity data indicates that the edge is gaining surprisingly
strong momentum, despite the substantial perceived risk surrounding
deploying and securing edge computing. In fact, these findings show a full
75% of respondents are either planning, have partially implemented, or
have fully implemented an edge use case. In the foreseeable future, I
expect that every industry-healthcare included-will utilize multiple types
of edge. This also means that workloads will be required to adjust to
different types of data flow activity. Network edges and workloads call
for security strategies that cross locations, platforms, and
partners.
In the healthcare industry,
which has traditionally operated with less defined cybersecurity controls, many
individual medical practices are looking to standardize and secure processes in
their facilities as well as experiment with new edge use cases in areas such as
remote hospitals and telemedicine."
++
Damian
Chung, Business Information Security Officer, Netskope
- COVID "Year Three" Brings a Perfect
Storm to Healthcare Security: "As
we begin year three of the pandemic, COVID continues to take up the
majority of resources within our healthcare system. One of the sustained
economic consequences for hospitals has been a majority of elective
surgeries being put on hold to treat COVID patients. Elective procedures
are where most medical institutions make their margins-which ultimately is
impacting budgets for IT and security advancements. At the same time, ransomware attacks against health care systems have
spiked during the pandemic, threatening patient care.
Despite increasing cyber
risks, many clinicians also continue to resist strict network controls that
could inhibit access to information and communications to treat patients and
save lives. Healthcare security leaders are facing a perfect storm of fewer
budgetary resources and a "damned if you do, damned if don't" choice between
ransomware and quality of care. To cope with this difficult situation,
organizations need security that supports contextual controls and better
visibility across healthcare networks."
++ Enit Nichani, Vice President of Marketing, Global Alliances and Events, IGEL - booth #5443
- The importance of user experience in driving patient outcomes. “In healthcare, better user productivity, experience and data access translates into improved patient outcomes. At HIMSS 22, IGEL and our ecosystem of IGEL Ready partners for the healthcare industry are pleased to showcase how together, we make it easier for healthcare leaders to deliver a familiar, secure, and trouble-free environment. As a result, clinicians and healthcare staff have the elevated end user computing experience that benefits both the organization and most importantly, patients.”
“In the IGEL Partner Pavilion, IGEL and nine IGEL Ready partners including ControlUp, Dynabook, eG Innovations, EPOS, Lenovo, LG Business Solutions, Liquidware, Login VSI, and Tricerat, will showcase how they integrate to empower healthcare organizations with combined technologies that secure and optimize endpoints for higher performing healthcare environments that help yield better patient outcomes.”
++ Jason E. Smith, VP Product Marketing and Alliances, Liquidware - in IGEL booth #5443
- Securing the Digital Workspace: "In today’s increasingly mobile, hybrid world, it’s paramount for clinician’s to have a ‘follow-me’ persona that automatically detects the location and context at login and to utilize a single sign-on mechanism. This enables their user profile, policies, access to data and location-aware printing are instantly configured. This process should also allow workspace features to be locked down to ensure a secure environment and ongoing regulatory compliance. Vulnerable applications and operating systems are the target of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker. Regular use of technology to diagnose and monitor the workspace environment will also help administrators spot abnormal processes or non-standard applications. By conducting an inventory of the environment including all users, machines (devices) and applications, Healthcare IT can identify categories of users who can be designated as “standard” users versus providing administrative access on workspaces, thus reducing the range of access points for hackers to enter systems. In addition, any applications or devices that are unapproved or outdated that can provide additional openings for breaches can be instantly spotted and addressed."
++ Dave Russell, VP of Enterprise Strategy, Veeam - booth #4965
- Investments being made in innovation and data protection. "Veeam expects HIMSS2022 to strongly feature security trends & topics, such as Cybersecurity/ransomware, privacy, patient and medical professional records and research access, safe data exchange, and ways to share masked data for broader analytics. Unfortunately in the last two years we have seen healthcare disproportionately targeted by bad actors as compared to general IT. This has accelerated many healthcare organizations to explore as-a-Service deployments, centralize IT operations when possible, and to retire aged applications and infrastructure; whereas previously segments of healthcare were known to be on older operating systems, aged infrastructure, and to use niche applications and databases, such as MUMPS (Massachusetts General Hospital Utility Multi-Programming System).
Veeam recently completed the industry’s largest ever backup/recovery survey of almost 3,400 enterprises across 28 countries in the 2022 Veeam Data Protection Trends Report (http://vee.am/DPR22). On average, healthcare respondents expected their organization’s budget for data protection, including both backup and BC/DR, to increase by 4.9% globally in 2022. The unique circumstances of healthcare IT over the last two pandemic years were unprecedented. With the new dynamics that come with telehealth adoption, staffing shortfalls, supply chain disruptions and especially increasing cybersecurity threats, it’s understandable that 2022 could see a myriad of investments in innovation and data protection as organizations strive to improve the security, quality, and their capacity, for, patient care."
++
Gary Ogasawara, Chief Technology Officer, Cloudian - booth #2527
- The ransomware threat means organizations must move beyond traditional defenses: "Healthcare organizations are a key target for ransomware given the sensitivity of data they manage and the fact that disrupted operations can endanger patient lives. Unfortunately, traditional defenses such as anti-malware software and anti-phishing training have proven ineffective against increasingly sophisticated ransomware attacks. To truly protect themselves, organizations should keep an immutable (unchangeable) backup copy of data. Immutability prevents cybercriminals from encrypting or deleting data, enabling victims to quickly restore the uninfected backup and resume operations without paying ransom. In addition, organizations should encrypt their sensitive data both in flight and at rest. Encryption prevents hackers from reading the data or making it public in any intelligible way, eliminating the other form of ransomware extortion. By employing data immutability and encryption, organizations can not only minimize the financial costs and operational disruption caused by ransomware but also help break the cycle of ransom payments funding further attacks."
++ Matt Crawford, Director, Solutions Marketing, Citrix - booth #5049
- Digital transformation driving the future of healthcare: "As we enter the third year of the pandemic, many healthcare organizations are reeling from burnout, revenue disruption, and shifting care-delivery models — not to mention the constant threat of cyberattack. But for all the challenges you’ve endured, the outlook is far from bleak. In fact, a new wave of digital transformation offers exciting opportunities to support growth, strengthen security, and provide better ways for clinicians and staff to work. Join Citrix at HIMSS22 on the exhibit floor at booth #5049 to explore the latest Citrix solutions and how they can help you drive digital transformation across your operations. And discover what the future of healthcare can look like for your organization."
++ Giorgio Bonuccelli, Growth Marketing, Parallels
- Mobility and security for healthcare workers: "Two of the healthcare sector's most significant challenges today are mobility and security. Health workers need to access the vital applications they need, no matter their device or location—be it the hospital, clinic, home, or office. It is essential that applications and desktops are secure, whether on-premises, using the public cloud, or a hybrid of both. Not only do healthcare workers need a solution that improves data security and provides access to critical software and data, but one that enhances flexibility, scalability, and mobility with single sign-on (SSO) across multiple devices."
++ Josh Gluck, VP Global Healthcare Technology Strategy, Pure Storage - booth #2421
- Backup and recovery will be top of mind for healthcare organizations in 2022 and beyond. "The need for healthcare companies to rapidly scale their digital infrastructure and protect their data has never been greater, and I expect this to be a core theme at this year's HIMSS conference. According to the US Cybersecurity and Infrastructure Security Agency (CISA), healthcare is one of the 16 critical infrastructure sectors 'whose assets, systems and networks whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.' As a result, malicious actors are always looking to exploit healthcare organizations under immense strain. But while having the proper precautions in place to prevent a cybersecurity attack is absolutely essential, it’s equally as critical that organizations plan for recovery. At next week's HIMSS conference, the idea of implementing meaningful business continuity planning, security and data privacy programs will be top of mind - particularly those that take into account the necessary recovery through which data can be rapidly restored, at scale, in order to avoid major business disruptions, patient care, and ultimately negative financial impact."
++ Scott Raymond, Chief Information Officer, Global Healthcare at NetApp – booth #2073
- Protecting and recovering from ransomware. "Ransomware is the leading attack vector on healthcare institutions and during the pandemic, ransomware activity across the healthcare sector has increased dramatically. Considering this, healthcare organizations should focus on a few key capabilities to protect themselves, and more importantly recover when, not if, they experience a ransomware attack. First, have an immutable and indelible backup of all the critical data and systems that are necessary to run the business. Second, deploy MFA for access to all systems and applications, including end-users. And lastly, the data should be encrypted and have a key management system deployed that allows insights to the data – where it is, who has access to it, and that recognizes if the data gets exposed to non-authorized users. Healthcare organizations worldwide should employ these tactics to practice good data governance and data stewardship."
##
|
|