MedCity Influencers

What is and what isn’t working when it comes to cybersecurity

Healthcare is behind the curve when it comes to cybersecurity and so it would be wise to learn what is working and what isn’t in overall cybersecurity trends.

cybersecurity, lock, digital, cyberattack

Given technology’s fast-paced, innovative nature, it’s no surprise that many terms associated with the industry experience a brief shelf life. Although many of these buzzwords are fleeting, certain terms like “cybersecurity” have transformed from popular jargon into one of the most important topics in Internet technology today.

With the average cost of a security breach reaching $4 million in 2016, according to the Ponemon Institute, the concern for strong cybersecurity is pushing all industries to be mindful as they innovate. In fact, fears over network security have already begun to shift the outlook of industries that remain particularly vulnerable, primarily healthcare.

Cybersecurity Trends: What Isn’t Working?
Traditionally, internet security has largely been placed on connection networks such as Internet routing and overlay networks. Although these network options have seen large security improvements within the last decade, they are still far from providing a truly secure network. Internet routing, for example, relies heavily on unprotected Border Gateway Protocol (BGP) security protocols, which primarily work on networks that operate independently. Furthering this gap in operation is the lack of an overarching authority to direct BGP security upgrades, putting network data at risk.

Similarly, encapsulation or overlay networks such as MPLS, IPSec and VxLAN have experienced multiple challenges with network security. Network overlays sit on top of IP networks, leading to issues of interoperability with existing firewalls and other configuration and scaling issues. Reliance on overlay networks also often leads to network traffic congestion, which greatly limits the security of the network.

Cybersecurity Trends: What is Working?
With a growing number of cyberattacks reported daily, strong cybersecurity is now vital to protect sensitive data at all levels, and innovative options like session-oriented networks are the solution. Utilizing a unique two-way exchange of information between endpoints that flow in both directions, session-oriented networks are secure, deterministic and context-aware and can stretch across network boundaries. As a result, the network design is simple, secure and has zero reliance on overlay routing technology.

Cybersecurity is also contributing to a large shift in the way that industries are conducting business, as well as how products are designed. Recent concerns about network security and stability have encouraged industries to create security-first designs to keep security at the forefront of all new network architecture. This security-first design approach is ideal for secure interoperability and large scalability, creating a safe and more reliable network and design for all users. What was once considered a simple “risk management initiative,” is now the key factor contributing to what we now call an “industry-driving approach.”

Cybersecurity in Healthcare
The healthcare industry is one of the most threatened industries facing frequent cyberattacks. On top of that, it must deal with a permeation of other cybersecurity concerns, particularly the lack of skilled IT workers. According to the Center for Cyber Safety and Education 2017 Global Information Security Workforce Study, by 2022, there will be a shortage of 1.8 million information security workers. Combining this shortage with the rapid increase of connected medical devices and telehealth services is a major concern for healthcare organizations.

The deficit of skilled IT workers also creates larger compounded issues for the healthcare industry. A lack of education surrounding the importance of cybersecurity at all levels is just one example. With an unclear understanding of network security practices, many healthcare organizations don’t hold the required skills to make informed decisions when it comes to choosing between an in-house or a third-party vendor to handle their network security and communications. And with Gartner reporting that 50 percent of network attacks in 2017 are hiding in encrypted traffic, partnering with a trusted vendor is more important than ever.

Moving Ahead in Healthcare Security
In a 2017 Global State of Information Security Survey, 55 percent of those surveyed by PwC reported that they collaborate with external partners to improve security and reduce risks. Although these numbers have increased by 12 percent since 2013, many organizations are still struggling to collaborate with a third-party vendor. As healthcare organizations continue to expand the use of telehealth services, it is becoming even more vital for the healthcare industry to collaborate with external partners, and more importantly, to choose the right ones.

With so many vendors claiming compliance and encryption, healthcare organizations must be mindful of third-party risk management to keep protected health information (PHI) secure from cyberattacks. Simply put, external partners collaborating with healthcare faculties must hold the same security standard as the healthcare industry, including regulations such as HIPAA-compliance.

Another cybersecurity threat putting all healthcare organizations at risk is the recent permeation of Internet of Things (IoT) devices (especially those that are filled with PHI). By 2020, the National Center for Biotechnology Information predicts that 40 percent of IoT technology will be health-related and make up the largest portion of a $117 billion market. With this dramatic increase in IoT devices and telehealth services, many healthcare networks will struggle to support the sheer number of access points required for such an increase without the proper support of a secure network.

Cybersecurity has rapidly become a driving force in all industries. As the healthcare industry continues implementing innovative services, namely telehealth, the state of cybersecurity will significantly impact the future of the industry.

Photo: mattjeacock, Getty Images

This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.