Cloud Visibility
Application Performance
Network Performance Optimization
Industries
Platform
About Us
Learn
Blogs
Improved delivery, better visibility: How Accedian and VMware are working together to help CSPs navigate the 5G world
Adding a new dimension of visibility to the Cisco Full-Stack Observability portfolio with Accedian Skylight
Tools & Support
Security breaches have immediate implications for any organization. Healthcare providers may have even more on the line.
The healthcare industry has faced historic challenges during the COVID-19 pandemic. And not just those related to the virus itself. The pandemic has magnified existing flaws in information technology throughout the industry while cybersecurity threats and attacks have been amplified as cybercriminals take advantage of the chaos.
Before the pandemic began, the healthcare industry was riddled with vulnerable devices and workstations, and the problem has only gotten worse. As a result, there has been a shift to remoting working, creating more cybersecurity risk. Healthcare cyber-attacks have increased 150 percent during this time, while the FBI reports a 400 percent increase in overall cyber-attack complaints.
Organizations throughout the industry must develop strong, comprehensive cyber resiliency plans to get a handle on this situation.
A cyber resiliency strategy is essentially a next-generation approach to cyber security. Traditional security measures for combatting cyber threats mainly have been reactive, with IT teams scrambling to stay on top of the latest malware and attacks while also fighting active breaches and issues. Cyber resiliency comprises a well-planned, holistic, proactive approach to security that includes departments and personnel throughout a business combined with long-term company goals that play a critical role in security strategy.
What are the security challenges unique to healthcare?
In addition to the unprecedented challenges posed by COVID-19, the healthcare industry has been in a state of flux over the past decade. Many hospital systems and care practices are being acquired or integrated into larger healthcare provider systems, creating network complexities along with giant amounts of data. At the same time, many healthcare practices have limited budgets and resources for technology, and cyber resiliency often takes a back seat to other priorities—at great risk and cost to healthcare providers.
Changes in the industry necessitate healthcare providers rethinking their cybersecurity strategies to accommodate new devices, platforms and network connections. Maintaining full, granular visibility into all aspects of the network is critical for security. An automated, intelligent approach that includes collaboration and information sharing throughout an organization will be the most effective strategy for security.
Yet in healthcare, along with other industries, implementing such a strategy is no easy feat. Most large organizations use an average of 130 cybersecurity solutions, and many of them don’t communicate well or work together in a meaningful manner.
Another complication is that despite the security challenges of the coronavirus pandemic, there are relatively few regulations and standard practices for cybersecurity compliance within the healthcare industry. In the pharmaceutical and medical device manufacturing sectors, making cybersecurity upgrades necessitates stopping production, at least temporarily. This is not a particularly appealing option for most companies.
Developing a cyber resiliency plan amidst a global pandemic
A unified, platform-based approach to cyber resiliency is the best way for healthcare organizations to meet the widespread security challenges inherent in the industry as well as the complexities of the global pandemic.
The Essentials of Cybersecurity in Healthcare Organizations (ECHO) framework was developed by a team of cybersecurity, IT, and health informatics professionals in conjunction with researchers from Imperial College London and the Leading Health Systems Network (LHSN). The framework includes six main considerations for ramping up cyber resiliency within a healthcare organization.
1. Context
The first step is to focus on the social and cultural aspects of adopting cyber resilience throughout an organization. It takes into account financial and IT resources as well as workers’ willingness to adopt specific security measures. Context ensures all stakeholders throughout the organization are active participants in the cyber resiliency process.
2. Governance
The governance phase lays out the policies and protocols necessary to reduce the threat of cyberattacks. It may require engagement from a variety of participants, both internally and outside an organization. Governance will often include an incident communication plan, health, and clinical information standards, and protocols for communicating threats to stakeholders. It may also include clinical safety assessment processes, national and local legislative requirements, and policies governing working from home and bringing your own device (BYOD) to work.
A technical governance approach will also include medical device standards as well as system and organization controls (SOC) and test criteria for firewall protocols.
3. Organizational strategy
The organizational strategy step includes the policies, plans, and allocation of resources, and responsibility for all IT and cybersecurity. It will take into account an organization’s business continuity plan and layout the organizational cybersecurity strategy. Elements of that strategy may include budgets, communications, and regularly scheduled reviews at the board level.
4. Risk management
The risk management phase encompasses the identification, assessment, and mitigation of threats to IT and cybersecurity systems. It is the broadest part of the framework and critically important. Effective risk management will require holistic monitoring and visibility, identification and management of all assets, and comprehensive network monitoring, logging, and alerting.
A single intelligent, automated network application and performance monitoring (NAPM) solution such as Accedian’s Skylight platform can be an invaluable asset to healthcare organizations attempting to manage risk as part of a broader cyber resiliency framework.
5. Awareness, education and training
In this step, a healthcare organization will make sure all stakeholders within the organization have a basic knowledge of cyber resilience plans. They will also learn the role of IT and cybersecurity in patient safety, while those with specific responsibilities will be trained.
6. Technical capabilities
The final phase of the framework includes the range of technical requirements necessary for cyber resiliency. This will encompass access control, data encryption, network segmentation, anti-malware/anti-virus solutions, firewalls, and data anonymization. It will also cover cloud capabilities and security.
The path to cyber resiliency is not an easy one for healthcare organizations, particularly while the coronavirus remains a threat. Developing a comprehensive framework for cyber resiliency that includes holistic visibility and monitoring of all network and application assets is an important and proactive step toward security.
For more on how Accedian Skylight can help healthcare providers improve their cyber security and implement a cyber resiliency plan quickly and efficiently, schedule a demo or learn more.