Technological decisions within the Healthcare sector have long been guided by risk aversion principles. Digital transformation was perceived as an unnecessary risk to established methods of care provision. But now, as legacy systems slow down organisations and pose increasing risks to cyber security, hospitals can no longer be complacent. In the pursuit of improved patient outcomes and mitigation of an increased volume and sophistication of cyber-attacks, leaders are confronting the technological debt and are moving away from the infrastructure dependencies weighing down the sector.
Hospitals are now making bold strides towards interoperability, turning to cloud technology to create hybrid-environments that enhance business performance as well as the patient journey. But as the operating and technological environment shifts, so too does the attack surface. Given both the value and sensitivity of the patient information that hospitals hold, as well as the essential nature of the services they render daily, security risks must be met proactively.
To help address this issue, Akamai hosted healthcare executives from across the public private divide for a candid, virtual conversation on the practical steps hospitals can take to advance their security posture. Their conversation unearthed several shared challenges, as well as aligned opportunities. This is what they had to say.
Cloud technology is providing hospitals with greater flexibility, scalability, and efficiency than existing on-premise infrastructure. Legacy IT systems were implemented at a time when hospitals were only required to support patients whilst they were physically within the hospital. These days, patient data is no longer stored in a file on the premises but held across multiple practitioners’ systems, across multiple organisations and even by the patient themselves with the rise of wearable devices such as smart watches that collect a patient’s health data.
Patients also expect far greater service both prior to an admission and for after-care, so the patient journey is no longer confined to within the walls of the hospital itself. To meet this challenge, hybrid environments are emerging as the preferred model that deliver both a superior experience and better controls to secure patient data.
The move from legacy infrastructure to hybrid-cloud environments exposes hospitals to an array of cyber-security risks. As hospital environments evolve and establish new connections, the attack surface available to attackers shifts. To enable interoperability, devices and systems that sit outside of the existing network perimeter defenses must be able to talk securely with the cloud. Each device, every link, represents a potential vulnerability that must be protected from an array of threats, from DDoS attacks and credential abuse to emerging, more sophisticated, attack vectors formulated by state actors.
The volume, sophistication, and successs of attacks directed at healthcare organisations is climbing steadily. The value of patient data, combined with the relative unpreparedness of the sector to protect data assets, largely accounts for this increased severity of attacks. The rapid rise of electronic medical systems and interoperability requirements has rendered previous methods of storing data behind firewalls and allowing minimal traffic from the internet to get into the network ineffective.
As a result, hospitals must now address two opposing challenges; improving their security in the face of more frequent, and sophisticated attacks, whilst simultaneously creating portals for patients and healthcare providers outside the network to securely access that same data. To overcome cultural resistance and build change momentum, security leaders must effectively articulate the specific ways that digital transformation will not only improve the delivery of patient outcomes and secure data but shift budgets from CAPEX to OPEX.
One path for extending the patient journey is telehealth, which has the potential to fundamentally transform the healthcare landscape. Naturally, the unique characteristics of the nation’s geography hinders the provision of care in remote communities. The technological capability to bypass these limiting environmental characteristics is a crucial step towards revolutionising the way patients interact with the sector. But the potential of telemedicine services to improve patient outcomes extends beyond applications in rural locations.
Patients in all locations and at all stages on the continuum of care will benefit from the sector raising its telepresence. Historically, the unwillingness of both private health insurers and Medicare to extend coverage for telehealth has limited the market and by extension the efficacy of telemedicine services. However, the ongoing pandemic has served as a catalyst for accelerating investment in telehealth, prompting healthcare providers and insurers alike to begin disassembling physical barriers to care delivery. It would be surprising if the sector constricted rather than accelerated its telepresence as our operating environment begins to correct.
A significant amount of technical debt has accrued in hospitals due to the healthcare industry’s historical reticence to embrace digital transformation. Hospitals are now accelerating projects to regain control over their networks and data. By curating hybrid environments with cloud delivered security controls, hospitals are improving patient outcomes while providing greater protections over health information.
By keeping bad actors at the edge, they can never reach and overburden the hospital’s data centre. Healthcare leaders must remain proactive and diligent as digitisation extends the patient journey beyond the physical hospital site. The security landscape will continue to evolve – new threats will emerge, and old threats will resurface – but with the help of trusted security partners and technologies, hospitals have the potential to radically improve their cyber security postures and the patient experience.