[BreachExchange] The Changing Role of Healthcare IT and Why It Requires Automation

Audrey McNeil audrey at riskbasedsecurity.com
Tue Mar 13 18:57:03 EDT 2018


https://www.hitechanswers.net/changing-role-healthcare-requires-automation/

For healthcare providers, patient experience and satisfaction are becoming
increasingly important as consumers shift their approach to seeking medical
care. The recent adoption of value-based care models has led consumers to
shop around in order to select those healthcare providers that offer the
best experience and overall highest level of satisfaction. This change in
consumer behavior has the potential to greatly impact the bottom lines of
providers.

For example, if consumers leave their current care provider to seek
treatment at practices with higher satisfaction ratings, those providers
are not just losing revenue. With the lifetime earnings from a single
household estimated at $405,000, they are losing a long-term, recurring
revenue stream.

This new consumer-based approach to care plays a large role in why
healthcare IT teams have now become integral to ensuring the success of
modern healthcare providers. IT teams play a necessary, though
behind-the-scenes, role in providing medical professionals with the
accessibility and data they need to create and alter highly personalized
treatment plans, while also ensuring efficient operations. This includes
access to big data analytics to determine the best course of treatment
based on past results, as well as technology that can streamline or
automate workflows.

The Role of IT in Today’s Healthcare Ecosystem
As healthcare providers adjust to value-based care, consumers will continue
to play a more active role in their healthcare and treatments, demanding
increased access to physicians and their own medical data. To make this
happen, IT teams are being tasked with an increasing number of
responsibilities.

- Innovation
Digital transformation is a top priority among healthcare providers, as 85
percent of consumers say they look for providers that use the latest
technology. As a result, healthcare IT teams must ensure infrastructure is
being updated to accommodate the latest innovations and patient-centric
applications and services. Today, this largely means cloud adoption and IoT
integration. Consumers want to be able to monitor their health and share
this data with their physicians in real time. Connected IoT devices,
especially wearables, serve to significantly expand this capability.
Additionally, care providers are using connected devices and applications
to streamline hospital operations. IT teams, therefore, must ensure the
network infrastructure can accommodate the growing numbers of devices being
connected to it, as well as the burgeoning amount of data it must manage.
This includes cloud adoption to improve the accessibility and mobility of
healthcare data, as experts predict that 80 percent of health data will
pass through the cloud by 2020.
- Compliance
Healthcare is highly regulated in order to protect the privacy and personal
information of patients. Healthcare providers have to ensure they are
meeting compliance requirements such as HIPAA (US), PIPEDA (Canada), DDP
(EU) or DPA (UK) in all their operations. And soon, those working with
European patients will also have to comply with GDPR. These regulations
have strict requirements surrounding how data is stored and who may access
it. As IT teams move forward with digital transformation, they have to
ensure that any new technology deployments meet these standards.
- Security
Finally, IT teams have to make sure that as all of this new technology is
adopted, the network remains secure from cyberattacks. Cybercriminals have
increased their focus on the healthcare industry, with 89 percent of
examined providers having experienced a breach in the last two years. Due
to the life-saving functions performed by healthcare technology, this
uptime is critical. IT security also helps to ensure constant uptime, as
DDoS and ransomware attacks threaten to knock networks offline.

Challenges Facing Healthcare IT Teams
Unlike larger enterprises, many healthcare IT teams often have limited
resources and manpower. This is especially true for cybersecurity. The
cybersecurity skills gaps remains a major problem for all organizations,
with 70 percent of employers stating they wish to increase security staff
by 15 percent, and by 20 percent in healthcare. As understaffed IT teams
are being overwhelmed by having to navigate digital transformation,
compliance and security, cybercriminals are at the same time launching
increasingly frequent and sophisticated attacks.

The increased use of new technologies such as the cloud and IoT broadens
the attack surface, making it easier for criminals to find a vulnerability
to exploit. And with security systems increasingly distributed and
isolated, detecting such exploits is increasingly difficult. Compounding
the problem further, cybercriminals have also begun to harness automation
and machine learning to make their attacks faster and more effective,
thereby decreasing the response time available to IT teams once a breach is
detected.

2018 is likely to see new attacks that target IoT devices, turning them
into swarmbots and hivenets that use shared intelligence to communicate and
compromise more devices. Furthermore, AI is being used to establish
next-generation polymorphic malware that can spontaneously create
customized attacks that target specific systems and use machine learning to
evade detection. IT teams will also have to contend with new offerings of
cybercrime-as-a-service that enable even run-of-the-mill criminals to
launch sophisticated cyber attacks.

Why Healthcare IT Needs Automation
Healthcare IT teams have become integral to the overall success of
providers adopting a value-based care model, providing the technology
consumers demand. However, as shorthanded teams are increasingly relied
upon to provide ever more innovation, compliance and security, something is
likely to slip through the cracks. Deploying automation within
cybersecurity controls helps to mitigate this risk.

Historically, organizations have relied on separate point solutions that
are not integrated and do not communicate with one another to secure a
static and predictable network perimeter. This model does not work for
today’s dynamic and distributed network environments. Which means that as
security events occur and threat intelligence is gathered, this information
is not shared across the network in a timely way.

And now, as cybercriminals bolster their use of automation, the attack
response time is diminished even further. Security solutions that leverage
automation through machine learning, however, are able to instantly respond
to security incidents, without teams having to manually sort through
massive amounts of threat intelligence or alerts beforehand. Integrated
security systems can use automation to distribute real-time threat
intelligence across the network, ensuring that malicious or anomalous
behavior is consistently registered with each security device.

Incorporating automated expert security systems adds to the level of
security of the network without draining IT resources. They do this by
automating response and threat intelligence, as well as by making basic
security hygiene a part of the protocol – such as ensuring patching happens
automatically or that vulnerable systems are identified and tagged for
replacement or specialized protections. This ensures that IT systems are
able to keep pace with the digital speed of attacks, while IT staff can
focus on more critical issues.

Final Thoughts
IT teams are responsible for the roll out of new technologies, the
assurance that those technologies are compliant, and that patient data
remains secure. The most effective way to ensure that each of these tasks
is carried out is through security automation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180313/b3cfc4ae/attachment.html>


More information about the BreachExchange mailing list