Securing an IT environment within a healthcare organization poses unique challenges. It’s a 24/7 operation and the data output is emotional and personal. Healthcare continues to be a target of hackers who recognize the value of the wealth of information contained in patient records. Threats are rising as cybercriminals are now marketing ransomware as a commoditized service.
Most organizations have some type of security monitoring solution in place, but the time to respond to incidents is often much too slow – up to four months in some cases. Obviously, this is not sufficient to protect the organization. The information is technically correct, but it is not usable to offer true security. To change that, we need to improve the efficacy of the solutions that are being deployed in healthcare settings.
Make IT security a priority
With shrinking revenue and margins, and a focus on new value-based reimbursement models, healthcare organizations have much on their plate. Budgets are being focused on reducing costs and improving care – all valid priorities. That is forcing IT security further down the list of focus areas. According to a report from IDC, security is not even listed in the top five of issues of concern. Security of healthcare data is subject to regulatory compliance and that enforces discipline. Unfortunately, complying with those regulations alone does not necessarily influence behavior. To improve security, you need to make data protection a more urgent priority.
Strengthen access protocols
Many healthcare organizations are operating with multiple systems that don’t necessarily work together. Clinicians and other personnel must continually access these various systems which increases the possibility of unauthorized access if credentials are stolen or applications are left open. Security protocols often focus on patient records and data, but it’s also important to put in safeguards that address individual user identity and systems access. Controlling access points and standardizing connection processes is an important step to enhancing security.
Consider the NIST Cyber Security Framework
In 2013, former President Obama directed the National Institute of Standards and Technology (NIST) to develop a voluntary framework for cybersecurity. The framework focuses on looking at controls across many different areas of the organization. It has broad application to both large and small businesses across a wide variety of industries. It helps communicate risks in ways everyone in the organization can understand.
The framework has moved from public policy into adoption by companies as a business strategy. It outlines how organizations can assess their risks and apply it to their specific environment. It builds a way for security teams to understand and evaluate which controls are needed. This can be especially helpful in securing a healthcare environment.
DynTek took the NIST framework and built a model that maps to a security controls matrix from an IT operations centric perspective. We can work with you to build a strategy around dozens of controls to understand what is in place today and what you can implement to secure your systems even further.
DynTek is McAfee’s Partner of the Year for the Americas and has been their Partner of the Year in the healthcare space for five straight years. DynTek provides a series of services including the entire McAfee product line.
McAfee offers a comprehensive program to secure healthcare data. With 66 data centers, McAfee has a cloud-based, global footprint. Their solution is not API based but is a publish/subscribe protocol that provides near real time education. When a problem or incident is reported, everyone connected gets the same information at the same time. That allows rapid intervention to get to the root of the issue to resolve it quickly.
To learn more about how DynTek and McAfee can help enhance your healthcare IT security, click here.