Aug 23 2019

When you look at all the vulnerabilities emerging in Healthcare IT, you could be forgiven for feeling under siege. Despite years of efforts focused on closing security loopholes, the vulnerabilities keep expanding beyond day-to-day IT efforts to plug the gaps, requiring new approaches to keep patient data and networks secure. Let’s look at a few of the latest security challenges, and how we can respond.

One of the most important general trends to emerge recently in IT security is a migration of hacking away from increasing hardened corporate targets to softer targets that are easier to breach. Healthcare and Education have emerged as two of the most valuable soft targets, due to the private data and operational sensitivity to ransomware outages. If your hospital EHR system is knocked offline by a ransomware attack, it can rapidly become a matter of life and death.

So just as a general industry trend, Healthcare IT networks can expect to see more cyberattacks and vulnerability probes in the coming weeks and months. But there are many specific vulnerabilities emerging that point to specific issues healthcare administrators desperately need to address.

Key Areas of Healthcare Vulnerability

Among all the security vulnerabilities in healthcare, the following issues are some of the most pressing for healthcare organizations:

  • Healthcare workers who are connecting every day to EHR systems to manage patient data are woefully under-trained for cybersecurity practices. A brand new Kaspersky survey shows that 40% of healthcare workers are completely unaware of their workplace security policies, and 30% said they’d received no security training at all.
  • Expanding endpoints used by healthcare worker to access patient data are providing rich opportunities for hackers increasingly focused on pillaging troves of private patient data they can sell for financial gain. Hackers are following the money.
  • Windows 7 end of life, coming in January 2020, will leave many healthcare networks exposed—not only to targeted attacks against out-of-date machines but also to HIPAA compliance violations.

If you look at the lowest common denominator across these cybersecurity threats, they all revolve around the endpoints healthcare workers use to access IT networks and EHR systems. Simply put, endpoint security threats are outpacing already overburdened healthcare IT staff, and the stakes are enormously high. Hospitals have paid millions in ransom to hackers, while others have seen their networks shut down.

Addressing Security by Streamlining Device Procurement and Management

When you consider the range of threats and vulnerabilities affecting endpoints, the point solutions required to address each individually becomes overwhelming. Most healthcare IT operations are indeed overwhelmed and wind up taking shortcuts while deploying all the new space-age technology patients and administrators demand.

One of the fastest ways to address many of these endpoint issues at once is to change the way endpoints are procured and managed, to ensure that all machines are always up to date with the latest security programs and patches, and continuously monitored. Device as a Service (Daas), is one way healthcare networks are accomplishing this shift. Let’s understand why.

For most healthcare networks—and most businesses—endpoints like laptops, PCs and workstations are purchased as standalone devices, each with their own operating system and applications, and each with their own lifecycle from purchase to retirement. Each endpoint must therefore be treated individually, with IT support for keeping applications running, updating security patches, and managing end-of-life and replacement with a new machine. Not only do you have the cost for each device, but the overhead of constant IT support and management.

How DaaS Changes the Healthcare Computing Equation

DaaS changes the computing equation by providing a network of devices on a lease basis, with bundled IT support to ensure every device is running properly with up-to-date applications and security. One of the primary attractions of DaaS in healthcare is the ability to restructure the cost of computing. Instead of a capital expense where you pay up front for the entire cost of the device and manage it yourself, DaaS offers a fixed monthly fee where you pay as you go for the devices you need and offload support, security and lifecycle management to an accountable provider.

But the impact of DaaS goes far beyond improving the cost structure of computing. With DaaS, any time a machine goes out of date or needs replacement, that device is immediately removed from the network and replaced with an updated device. With tracking and management software to monitor device compliance, this is rarely a surprise, and we can plan replacements to avoid any workplace disruptions.

While that may not sound like a significant security measure, it’s quite substantial. The vast majority of security vulnerabilities come down to insecure endpoints and out-of-date software, which most IT organizations are too overwhelmed to manage. Simply ensuring that all endpoints are updated and secure will vastly improve the security posture for most healthcare networks, protecting against the types of vulnerabilities that are most pressing today.

DaaS from Red8

Red8 is dedicated to advancing health IT computing from the data center to the end-user, particularly to improve security, interoperability and usability. Whether we’re deploying a network of endpoints for nursing stations and exam rooms, or telemedicine endpoints for physicians to connect with patients,  Red8 now offers DaaS to more effectively manage and support endpoints with advanced enterprise security and monitoring.

Red8 is proud to partner with HP to incorporate purpose-built healthcare devices into our lineup of endpoints for clinical environments. If you’d like to learn how we can help you achieve your own health IT business and security objectives, connect with us on LinkedIn, or reach out directly to our team for a consultation at [email protected].