Virtualization Technology News and Information
Article
RSS
Security Health Check: Hot Topics to Expect at HIMSS 2022

himss2022-health-check 

With HIMSS approaching on March 14, cybersecurity will take center stage at this year's conference. Ahead of the event, a number of industry experts from well-known technology firms including VMware, AT&T Cybersecurity, Citrix and more share their thoughts below on healthcare security trends and technology topics to expect at the show, in a Security Health Check round-up.

++

Joe Partlow, Chief Technology Officer, ReliaQuest - booth #300-38

  • Healthcare orgs are lacking visibility: "A major pain point for healthcare organizations today - and what will likely be one of the most talked-about topics this year - is a lack of visibility into security tools. Accessing and correlating information from across healthcare applications, such as EMRs, is still a massive challenge and large visibility gap for security teams today. What's more, most new medical equipment has some sort of networking capability, meaning IoT security is even more crucial to effectively secure these technologies. Lastly, not only is ransomware continuing to rise, but we are also seeing more data extortion attempts now that most corporations have beefed up email and endpoint controls. Overall, healthcare organizations are facing a myriad of cybersecurity obstacles today amid an increase in destructive attacks. The more visibility they can get into their security tools and data, the more effectively they can reduce cyber risk and better protect their organizations."

++

Rick McElroy, Principal Cybersecurity Strategist, VMware - booth #2121

  • Healthcare application security becomes a priority: "The influx of new healthcare applications spurred by the increased popularity of telehealth and need for vaccination documentation is creating a significant cyber risk for the healthcare industry. While these applications provide patients with flexibility and convenience, the way they exchange data can be very insecure. For example, data such as COVID-19 vaccination status is being shared not only with government agencies but also with companies in the hospitality industry, as proof of vaccination is increasingly required in public spaces. Cybercriminals are certainly capitalizing on this trend, as demonstrated by breaches such as the one on Indonesia's COVID-19 app. Healthcare organizations and government entities with applications that gather and manage sensitive personal data must take proactive security measures, including running ongoing threat hunting programs and prioritizing cloud workload protection. And if developing a healthcare application, it's more important than ever to ensure security is built-in from the beginning."

++

Theresa Lanowitz, Head of Cybersecurity Evangelism, AT&T Business

  • Securing the edge takes center stage: "AT&T Cybersecurity data indicates that the edge is gaining surprisingly strong momentum, despite the substantial perceived risk surrounding deploying and securing edge computing. In fact, these findings show a full 75% of respondents are either planning, have partially implemented, or have fully implemented an edge use case. In the foreseeable future, I expect that every industry-healthcare included-will utilize multiple types of edge. This also means that workloads will be required to adjust to different types of data flow activity. Network edges and workloads call for security strategies that cross locations, platforms, and partners. 

In the healthcare industry, which has traditionally operated with less defined cybersecurity controls, many individual medical practices are looking to standardize and secure processes in their facilities as well as experiment with new edge use cases in areas such as remote hospitals and telemedicine."

++

Damian Chung, Business Information Security Officer, Netskope

  • COVID "Year Three" Brings a Perfect Storm to Healthcare Security: "As we begin year three of the pandemic, COVID continues to take up the majority of resources within our healthcare system. One of the sustained economic consequences for hospitals has been a majority of elective surgeries being put on hold to treat COVID patients. Elective procedures are where most medical institutions make their margins-which ultimately is impacting budgets for IT and security advancements. At the same time, ransomware attacks against health care systems have spiked during the pandemic, threatening patient care.
Despite increasing cyber risks, many clinicians also continue to resist strict network controls that could inhibit access to information and communications to treat patients and save lives. Healthcare security leaders are facing a perfect storm of fewer budgetary resources and a "damned if you do, damned if don't" choice between ransomware and quality of care. To cope with this difficult situation, organizations need security that supports contextual controls and better visibility across healthcare networks."

++
 
Enit Nichani, Vice President of Marketing, Global Alliances and Events, IGEL - booth #5443

  • The importance of user experience in driving patient outcomes. “In healthcare, better user productivity, experience and data access translates into improved patient outcomes. At HIMSS 22, IGEL and our ecosystem of IGEL Ready partners for the healthcare industry are pleased to showcase how together, we make it easier for healthcare leaders to deliver a familiar, secure, and trouble-free environment. As a result, clinicians and healthcare staff have the elevated end user computing experience that benefits both the organization and most importantly, patients.”

“In the IGEL Partner Pavilion, IGEL and nine IGEL Ready partners including ControlUp, Dynabook, eG Innovations, EPOS, Lenovo, LG Business Solutions, Liquidware, Login VSI, and Tricerat, will showcase how they integrate to empower healthcare organizations with combined technologies that secure and optimize endpoints for higher performing healthcare environments that help yield better patient outcomes.”

++

Jason E. Smith, VP Product Marketing and Alliances, Liquidware - in IGEL booth #5443

  • Securing the Digital Workspace: "In today’s increasingly mobile, hybrid world, it’s paramount for clinician’s to have a ‘follow-me’ persona that automatically detects the location and context at login and to utilize a single sign-on mechanism. This enables their user profile, policies, access to data and location-aware printing are instantly configured. This process should also allow workspace features to be locked down to ensure a secure environment and ongoing regulatory compliance. Vulnerable applications and operating systems are the target of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker. Regular use of technology to diagnose and monitor the workspace environment will also help administrators spot abnormal processes or non-standard applications. By conducting an inventory of the environment including all users, machines (devices) and applications, Healthcare IT can identify categories of users who can be designated as  “standard” users versus providing administrative access on workspaces, thus reducing the range of access points for hackers to enter systems. In addition, any applications or devices that are unapproved or outdated that can provide additional openings for breaches can be instantly spotted and addressed."

++

Dave Russell, VP of Enterprise Strategy, Veeam - booth #4965

  • Investments being made in innovation and data protection. "Veeam expects HIMSS2022 to strongly feature security trends & topics, such as Cybersecurity/ransomware, privacy, patient and medical professional records and research access, safe data exchange, and ways to share masked data for broader analytics.  Unfortunately in the last two years we have seen healthcare disproportionately targeted by bad actors as compared to general IT.  This has accelerated many healthcare organizations to explore as-a-Service deployments, centralize IT operations when possible, and to retire aged applications and infrastructure; whereas previously segments of healthcare were known to be on older operating systems, aged infrastructure, and to use niche applications and databases, such as MUMPS (Massachusetts General Hospital Utility Multi-Programming System).

Veeam recently completed the industry’s largest ever backup/recovery survey of almost 3,400 enterprises across 28 countries in the 2022 Veeam Data Protection Trends Report (http://vee.am/DPR22).  On average, healthcare respondents expected their organization’s budget for data protection, including both backup and BC/DR, to increase by 4.9% globally in 2022. The unique circumstances of healthcare IT over the last two pandemic years were unprecedented. With the new dynamics that come with telehealth adoption, staffing shortfalls, supply chain disruptions and especially increasing cybersecurity threats, it’s understandable that 2022 could see a myriad of investments in innovation and data protection as organizations strive to improve the security, quality, and their capacity, for, patient care."

++

Gary Ogasawara, Chief Technology Officer, Cloudian - booth #2527

  • The ransomware threat means organizations must move beyond traditional defenses: "Healthcare organizations are a key target for ransomware given the sensitivity of data they manage and the fact that disrupted operations can endanger patient lives. Unfortunately, traditional defenses such as anti-malware software and anti-phishing training have proven ineffective against increasingly sophisticated ransomware attacks. To truly protect themselves, organizations should keep an immutable (unchangeable) backup copy of data. Immutability prevents cybercriminals from encrypting or deleting data, enabling victims to quickly restore the uninfected backup and resume operations without paying ransom. In addition, organizations should encrypt their sensitive data both in flight and at rest. Encryption prevents hackers from reading the data or making it public in any intelligible way, eliminating the other form of ransomware extortion. By employing data immutability and encryption, organizations can not only minimize the financial costs and operational disruption caused by ransomware but also help break the cycle of ransom payments funding further attacks."
++
 
Matt Crawford, Director, Solutions Marketing, Citrix - booth #5049
  • Digital transformation driving the future of healthcare: "As we enter the third year of the pandemic, many healthcare organizations are reeling from burnout, revenue disruption, and shifting care-delivery models — not to mention the constant threat of cyberattack. But for all the challenges you’ve endured, the outlook is far from bleak. In fact, a new wave of digital transformation offers exciting opportunities to support growth, strengthen security, and provide better ways for clinicians and staff to work. Join Citrix at HIMSS22 on the exhibit floor at booth #5049 to explore the latest Citrix solutions and how they can help you drive digital transformation across your operations. And discover what the future of healthcare can look like for your organization." 
++
 
Giorgio Bonuccelli, Growth Marketing, Parallels
  • Mobility and security for healthcare workers: "Two of the healthcare sector's most significant challenges today are mobility and security. Health workers need to access the vital applications they need, no matter their device or location—be it the hospital, clinic, home, or office. It is essential that applications and desktops are secure, whether on-premises, using the public cloud, or a hybrid of both. Not only do healthcare workers need a solution that improves data security and provides access to critical software and data, but one that enhances flexibility, scalability, and mobility with single sign-on (SSO) across multiple devices."

++

Josh Gluck, VP Global Healthcare Technology Strategy, Pure Storage - booth #2421

  • Backup and recovery will be top of mind for healthcare organizations in 2022 and beyond. "The need for healthcare companies to rapidly scale their digital infrastructure and protect their data has never been greater, and I expect this to be a core theme at this year's HIMSS conference. According to the US Cybersecurity and Infrastructure Security Agency (CISA), healthcare is one of the 16 critical infrastructure sectors 'whose assets, systems and networks whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.' As a result, malicious actors are always looking to exploit healthcare organizations under immense strain. But while having the proper precautions in place to prevent a cybersecurity attack is absolutely essential, it’s equally as critical that organizations plan for recovery. At next week's HIMSS conference, the idea of implementing meaningful business continuity planning, security and data privacy programs will be top of mind - particularly those that take into account the necessary recovery through which data can be rapidly restored, at scale, in order to avoid major business disruptions, patient care, and ultimately negative financial impact."

++

Scott Raymond, Chief Information Officer, Global Healthcare at NetApp – booth #2073

  • Protecting and recovering from ransomware. "Ransomware is the leading attack vector on healthcare institutions and during the pandemic, ransomware activity across the healthcare sector has increased dramatically. Considering this, healthcare organizations should focus on a few key capabilities to protect themselves, and more importantly recover when, not if, they experience a ransomware attack. First, have an immutable and indelible backup of all the critical data and systems that are necessary to run the business. Second, deploy MFA for access to all systems and applications, including end-users. And lastly, the data should be encrypted and have a key management system deployed that allows insights to the data – where it is, who has access to it, and that recognizes if the data gets exposed to non-authorized users. Healthcare organizations worldwide should employ these tactics to practice good data governance and data stewardship."

##

Published Thursday, March 10, 2022 7:30 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<March 2022>
SuMoTuWeThFrSa
272812345
6789101112
13141516171819
20212223242526
272829303112
3456789