In the past five years alone, healthcare breaches have grown in both frequency and size, with the largest impacting as many as 80 million people.
Here are the facts:
- The 2017 WannaCry attack on the NHS contributed to 1,300 hours’ of downtime over the last three years
- In the US, 45% of ransomware attacks in 2017 targeted healthcare organizations with over 175 million records being exposed or stolen since 2009
The digitalization of many organizations means that healthcare organizations need to make sure they are securing patient data and protecting their networks. But how?
Healthcare data is on the move
The reality is that all organizations will experience a data breach at some point; what makes it more inevitable is the fact that healthcare data is no longer in one place and no longer accessed within the confines of a facility.
Whilst patient data used to reside in hospitals and doctors’ offices, today’s distributed healthcare system spans the nation and sometimes even across the globe, across facilities, public clouds and private clouds. This critical data is not just distributed to healthcare staff, but to third parties whose devices and policies cannot be easily controlled.
The attack surface is expanding considerably and connected mobile devices and Internet of Things devices have become commonplace in healthcare settings. Just the sheer number of medical, clinical, IT and admin staff needing access to patient data, at all times and in various settings, makes the legacy security measures that were once put in place now unable to cope with today’s complex and diverse network.
It’s time to make the network irrelevant
Hospitals and healthcare organizations must look beyond the network infrastructure and instead start with a security overlay that will cover the networks, independent of the infrastructure, rather than building the strategy around the infrastructure. From a data security perspective, the network must become irrelevant, and with this flows a natural simplicity in approach.
Healthcare organizations need to consider innovative approaches such as Layer 4 encryption which renders the data itself undecipherable while in transit, and therefore worthless to hackers, without impacting the operational visibility of the enterprise network and data flows.
- No compromise on network performance
- Rapid deployment
- Ease of management
- Troubleshooting can be undertaken while encryption is turned on because key network information – such as protocol or source and destination ports – is still visible
- Data in motion is secure without compromising operational performance
