From 2019 to 2021, the shift to cloud and remote work drove a nearly 19 percent increase in the average number of security tools organizations must manage — from 64 to 76, according to the “Panaseer 2022 Security Leaders Peer Report.” While healthcare organizations are unlikely to have that number of security tools, the number is still growing in the industry, and managing an increasing number of security tools can increase reporting requirements and generate gaps in visibility and security controls that are difficult to close.
The report notes that only 36 percent of respondents said they feel very confident in their ability to prove controls are working as intended. In comparison, the vast majority (81 percent) of healthcare respondents reported having been surprised by a security event, incident or breach that evaded controls thought to be in place.
Among healthcare organizations surveyed, enterprise security teams spent an average of 56 percent of their overall time on manually producing, formatting and presenting data.
It’s important for healthcare security leaders to understand how they can reduce the number of security tools managed and more effectively manage the security tools they have, while still protecting patient data.
Click the banner below for access to exclusive HealthTech content and a customized experience.
The Importance of Effective Security Solutions in Healthcare
The number of security tools healthcare systems rely on is growing. One reason is that many technology tools primarily used for operational purposes now also contain telemetry elements geared toward security outcomes. This is in addition to security tools sold as single products that may also address multiple security needs within a healthcare organization’s operating environment.
Healthcare systems can have thousands of different Internet of Medical Things devices that may be used beyond their designed end of life. In that case, security for these devices may become outdated, and other security tools may be used to protect these legacy devices. Different components may require different security-hardening methodologies to protect a legacy device’s weak operating system.
In addition to protecting legacy technology, healthcare organizations also must consider new technologies to protect their disappearing network perimeters amid increasingly sophisticated cyberthreats. This may involve cloud or hybrid cloud strategies or a zero-trust architecture.
Click the banner below to discover healthcare-related security tips.
Considerations for Strengthening Cybersecurity in Healthcare
Healthcare organizations can rely on a handful of essential security solutions to protect their IT infrastructure and patient data, including:
Anti-virus and anti-malware software at the endpoints
Firewalls with different security features, such as data inspection and segmenting functions to provide a VPN or tunnel for remote use
A secure remote architecture
Automation of security orchestration tools
RELATED: Learn more about the utility of partner-delivered IT services.
Some of the benefits of having a variety of security tools are better visibility for healthcare organizations into their environments and layered protection to limit who has access to patient data.
Healthcare organizations should consider efficiency when choosing and implementing security solutions, as a large security toolset can be ineffective, counterproductive and costly. Licensing, discovery, installation and maintenance all require financial investment and operational competency, which means paying for the cost of training or outsourcing to security partners. Healthcare organizations with too many security tools can be plagued by business disruptions and increased downtime.
Healthcare organizations also need to keep interoperability in mind when investing in new security tools. Security tools require compatibility with the IT environment as well as with the organization’s existing tools. A tool’s level of interoperability can determine a security team’s effectiveness and productivity.
READ MORE: Why partnerships are important to healthcare security and incident response.
When introducing a new tool, healthcare IT teams often focus on discovering a particular vulnerability or solving a particular security need, but there may be unintended impacts to the IT infrastructure. Implementing a new security tool has the potential to negatively affect the healthcare IT environment, such as rendering a biomedical device useless.
IT teams also should consider how the implementation might affect end users. Communication and proper training can help ensure technology acceptance.
Understanding the objectives an organization wants to achieve with a new security tool and measuring the technology’s effectiveness in achieving that goal through regular reporting and auditing can help CIOs know whether a security tool is being used to its fullest extent. In the event that IT teams are overburdened and experiencing burnout, a third party can examine an organization’s security controls to determine whether they are configured correctly and offer advice to internal staff on how each tool should behave to ensure maximum efficiency.
This article is part of HealthTech’s MonITor blog series. Please join the discussion on Twitter by using #WellnessIT.