The healthcare industry is one of the most susceptible to data breaches, primarily due to the sheer size of the industry and the value of the data maintained by these companies. Take the most recent breach of Anthem Healthcare – as many as 80 million personal health records were compromised from current and former customers and employees. In addition to exposing the weaknesses in Anthem’s security infrastructure, the breach also highlighted the harsh reality currently facing the industry: with limited resources and intense regulatory environments, installing robust security measures is not an easy task for any organization, the healthcare industry included.
Strict Compliance Standards
Efficient vulnerability risk management is one of the most important aspects of any security effort. That’s true for almost every organization, but takes greater precedence for those in the healthcare industry. Security managers within healthcare organizations are not only responsible for securing the network, but they must operate in compliance with the Health Information Portability and Accountability Act (HIPAA). HIPAA includes security and privacy rules that require administrative, technical and physical security procedures be in place to ensure the confidentiality, integrity and availability of health information.
They are also faced with meeting the requirements of the new rules and regulations associated with the recent Health Information Technology for Economic and Clinical Health (HITECH) Act. On top this, lays the intricate maze of state and federal laws and regulations, making the job of a healthcare security manager no small feat.
Maintaining a Secure and Compliant IT Infrastructure
To put these challenges into perspective, I recently spoke with the security manager of healthcare provider Catholic Health, who relies heavily on technology to effectively deliver its services. The company’s infrastructure consists of more than 6,000 desktops and physical and virtual servers spread across its four hospital campuses and 30 ancillary organizations. Additionally, it’s challenged with working with tight resources.
To ensure it’s able to maintain a secure and compliant IT environment, the company has taken a strategic, automated approach to vulnerability, risk management and compliance reporting – a model I’d recommend to all organizations within the healthcare industry. For instance, using the below three methods, Catholic Health has been able to easily identify vulnerabilities and prevent future breaches.
- Implement an efficient vulnerability management solution. Effective vulnerability management is crucial to maintaining a healthy security posture – especially today. New software and operating system flaws are discovered every day, and new devices and applications being added to more networks each week. These changes create new risk, and companies must continually assess their systems for new vulnerabilities if they are to stay ahead of the risk.
- Consider a cloud-oriented architecture. By conducting security in the cloud, vulnerability assessments are delivered faster and more efficiently.Optimized to scan publicly facing devices, deliver highly accurate and scalable security tests, and the fact that there’s no software or hardware to install and maintain, vulnerability data and system updates are made in real time and are available to all customers concurrently.
- Reporting is key. Insightful, easy-to-grasp reports for both the organization and its technical managers means the entire organization knows the security and compliance status at any given time. Reporting capabilities provide a straightforward substantiation of security and compliance levels to internal auditing teams and external regulators.
When accessing sensitive healthcare-related data, keeping that data secure is critical. That means not only controlling the access to the data but also ensuring that all of the associated systems are secured and maintained in a state free of critical security vulnerabilities. With the new requirements outlined by HIPAA, and the increase in cyber threats facing healthcare organizations, a vulnerability management solution that works quickly, accurately and cost effectively is necessary.