Digital transformation in the healthcare sector has been underway for a few years now and the COVID-19 pandemic has only accelerated the rate of adoption. For instance, we’ve seen a massive uptick in telemedicine. The entry of several digital native players in the healthcare ecosystem has resulted in greater digitalization of the engagement value streams and business processes. Now, there’s greater adoption of cloud-based systems and digital tools in healthcare, facilitating an ecosystem approach to delivering healthcare services.
Along with the massive benefits of going digital, the healthcare industry has also become increasingly vulnerable to cyberattacks. The U.S. Department of Health and Human Services has reported a 50 percent year-over-year increase in breaches at hospitals and healthcare provider networks.
Because healthcare operations are so critical, they make an attractive target, both from commercial and political standpoints. Ransomware attacks can bring down mission-critical systems leading to considerable chaos and even loss of life. As healthcare organizations roll out telemedicine, there’s greater access to remote data because of an increase in online consultations. Sensitive data such as PHI can fetch criminals large sums of money on the dark web. R&D efforts such as COVID-19 vaccine development are easy and valuable targets.
Complex and connected health partner ecosystems consist of varied participants, including patients, physicians, payers, and pharma companies, making them particularly vulnerable. Healthcare apps, connected devices, and medical devices too increase exposure and vulnerability. Given the increased threat landscape, ensuring cybersecurity has become a critical success factor for any digital transformation effort in healthcare. The following are six best practices for healthcare organizations to improve security posture to support their digital transformation goals:
Organizations must insist on strict adherence to prescribed gold standards for operating systems. This means ensuring up-to-date operating systems and patches with transparent processes for patching and security updates, replacing outdated medical devices, and implementing IoT security measures for remotely connected devices. Also, security teams must harden guidelines considerably, especially for internet-facing and high-risk systems. Older systems with vulnerabilities must get patched. In effect, the team has to have a zero-tolerance approach when it comes to IT hygiene.
Now that the perimeter has shifted towards home offices, organizations need resilient new models that work in the new environment. Apply greater network segmentation to ensure that mission-critical systems such as life support and drug R&D systems are kept separate. Adopt a principle of least privilege so people only get the access they require to get the job done.
