Cybersecurity for Healthcare


Layered defense is key to a successful Cybersecurity Strategy in Healthcare which starts with endpoint management. The number of internet connected (IoT) devices is exploding. In a healthcare setting, these “endpoint” devices not only provide significant new opportunities for improving patient care, but also present serious risks for increased attack surfaces for hackers. In the same way that a patient’s injured skin surface can be a pathway into the body for a serious infection, an unprotected endpoint device presents a highly potential point of entry for a cyberattack.

In the same way that a patient might be protected by multiple layers of preventive care (good hygiene, antiseptics, sterile bandages, and immune system support), any device connected to a healthcare network should be protected by multiple layers of IT security (good process design, access control/logging, antivirus, application whitelisting, version control, and intelligent threat analysis).

Endpoint Management is therefore a key component of a successful cybersecurity strategy in healthcare. The same practices and technologies that apply to the health care system’s core networks must also be applied to endpoints. These include application whitelisting, user access control, patch management, virus protection, encryption, digital signatures, firewalling, etc. All are critical in protecting your networks from being compromised by attackers.

The challenge with so many endpoints and countless types of devices is keeping track of everything going on in your network. The human layer also adds complexity. Users may require different access data controls to do their job. If the security systems prevent efficient working, users may be tempted to disengage security systems to get the job done. Intelligent security system design allows for efficient working without compromising security at any layer. Endpoint devices can include medical devices, multiple types of operating systems, mobile devices, and devices that can be off-network. An endpoint security suite must be able to protect all device types, operating systems and applications.

Failures in patch management and version control can be the Achilles’ heel of any IT system. This is particularly important in healthcare systems that are mission critical and require 24/365 high availability. Most vulnerabilities out there today that cause ransomware attacks are directly related to a system not being up to date on patches, and hackers are looking for those visible vulnerabilities to strike and penetrate the entire network. Patch management is a key component of a solid cybersecurity strategy.

Another area of concern for endpoint management is keeping a good inventory of devices on your network and understanding each device’s access controls and life cycle. You cannot protect what you don’t know, this includes hardware and software. Endpoints are proliferating in healthcare, with many employees having many different types of devices. In security, we must ensure that all these endpoints follow the rules and policies that the Information Security Department has designed. If your network has unprotected endpoints, your network is already at risk – It only takes one compromised endpoint to ruin your defenses.

So, after you protect your endpoints, patch them, and understand the life cycle of each device, the question becomes how to manage all these components of your cyber defenses with limited resources. This is where a strategic and trusted partner is critical in providing all the above techniques with an easy to use technology and management interface. If your current endpoint management system requires many security engineers to manage computing resources, how much effort and financial impact will that have to the bottom line. Most healthcare systems have limited resources of cybersecurity skills, and the endpoint management system must help in relieving security experts to allow them to become more proactive and less reactive to new threats.

Author: Salwa Rafee

Author Img

Salwa is an innovative and transformational healthcare leader, with over 20 years of progressive leadership roles in strategy planning, eHealth innovation, consulting services and complex program management with a firm commitment to delivery excellence. She helps her clients achieve the highest ROI in technology and clinical value, with a great focus on cybersecurity for healthcare - leveraging growth areas such as cognitive computing, big data, clinical workflow, cloud adoption, mobile health, clinical genomics and digital business to bring the best industry cross-brand solutions to market. She works with providers, payers, life sciences organizations, academia and research centers to deliver customized solutions in different economies and supports patient safety, privacy, clinical guidelines, compliance and standardization. Salwa is the security business leader for healthcare with IBM, managing its global business with the public sector team.

Company: IBM

IBM works with healthcare facilities around the world to leverage information technology to provide enhanced operational effectiveness, deliver collaborative care for prevention and wellness, and achieve better quality of care and improved outcomes. IBM provides process, technology, architecture, integration and program management services to new digital hospitals or hospitals looking to digitally transform their infrastructure.

Send Enquiry for this story

By submitting this form you are giving a consent to to store your submitted information.
See our Privacy Policy to learn more about how we use data.