By Perry Price, CEO/president, Revation Systems
With digital transformation sweeping across all industries, new technologies are streamlining and enhancing lives everywhere. While this digital era symbolizes great progress for society, industries like healthcare would be wise to tread lightly amid such change. Although newfound technology often equates to higher efficiency, it is important to remember that new security concerns may also arise. With 233 healthcare-related breaches already reported in 2017 by the U.S. Department of Health and Human Services, network security is the most crucial component for healthcare organizations to consider as the transformation of the industry continues to ramp up.
Why Legacy-Oriented Architectures No Longer Fit The Build For Healthcare Networks
Today, many medical providers have networks built on legacy-oriented architectures that run a broad range of enterprise applications. While legacy EMR systems have performed positively in protecting patient records, legacy networks have not historically protected patient information flowing through networks across a variety of applications used by staff and providers.
Legacy networks, which primarily offer only border protection, do not adequately protect the enterprise applications and data existing outside of a medical records system. This type of environment is vulnerable to cyber hacks. Think back to the numerous cyberattacks on credit card information in the last few years or, more recently, Equifax’s data loss. As internal applications are not protected to the same extent as EMRs, networks built on legacy technologies are not designed to defend against users on cloud applications or internal vendors, patients, customers/business partners that may occasionally gain network access.
The Call For Zero-Trust, Session-Based Networking
In today’s digital landscape, modern healthcare networks must utilize zero-trust models to truly secure sensitive data. Session-based networking models are designed to use an exclusive two-way exchange of information between two specific endpoints. This type of network model is context-aware and scalable across network boundaries, making the design more secure than overlay networks of the past. Zero-trust networks are rooted in the principle of “never trust, always verify,” and work to treat internal access the same as external access. These networks are designed to address lateral threat movement within the network by managing access enforcement based on user, data and location. But even as modern healthcare networks adopt these network models for enhanced security, challenges still remain.
Challenge #1: Packet-Level Authentication
A common challenge for legacy-oriented architectures is ensuring that all data within the network is automatically encrypted. Zero-trust models, on the other hand, require authentication for every packet in a provider’s network. These models have a unique ability to thwart malicious intents directly from the network layer. This next-generation feature secures networking while simultaneously increasing performance by using standard compute utility infrastructure (no different than servers) to replace proprietary and legacy networking devices.
Challenge #2: Maintenance And Updates
Updating modern networks requires continuous work, and the healthcare industry is struggling to maintain network access rights. As IoT-connected devices continue to permeate the industry, it is becoming necessary to secure these new access points on a daily basis. In fact, by 2020, 40 percent of IoT technology will be health-related, making up a $117 billion market. As waiting rooms today are flooded with patients killing time on their mobile devices instead of flipping through magazines, secure information is further at risk of being accessed on these networks.
Challenge #3: Shifting The Cultural Mindset Within Organizations
The implementation of a modern network model impacts the entire healthcare organization. Since deploying network security can involve team members from all levels within the organization, it is crucial that all members are educated and aware of security and policy advancements. Unfortunately, according to an AT&T Cyber Security Insights report, roughly 78 percent of all employees fail to comply with their organization’s security policies and procedures. Creating a sense of personal responsibility and motivation to adhere to security policies within an organization can make all the difference in the fight to protect sensitive data. Additionally, zero-trust networks require cloud-based infrastructures, often leading to other challenges, such as selecting the right partnership with a secure vendor.
Although the healthcare industry has traditionally been slow to adopt change, cutting-edge technology is creating unique challenges for network security that healthcare organizations must work to surpass in the coming years.
About The Author
Perry Price is CEO/president of Revation Systems. In this role, Price builds and grows the customer base, recruits qualified talent, and streamlines internal operations. Price utilizes his deep domain expertise in IP networking and communication applications, including telephony, unified communications, call-center technologies, and messaging.