By Derek Manky, Global Security Strategist, Fortinet
Twitter:Â @Fortinet
For healthcare providers, patient experience and satisfaction are becoming increasingly important as consumers shift their approach to seeking medical care. The recent adoption of value-based care models has led consumers to shop around in order to select those healthcare providers that offer the best experience and overall highest level of satisfaction. This change in consumer behavior has the potential to greatly impact the bottom lines of providers.
For example, if consumers leave their current care provider to seek treatment at practices with higher satisfaction ratings, those providers are not just losing revenue. With the lifetime earnings from a single household estimated at $405,000, they are losing a long-term, recurring revenue stream.
This new consumer-based approach to care plays a large role in why healthcare IT teams have now become integral to ensuring the success of modern healthcare providers. IT teams play a necessary, though behind-the-scenes, role in providing medical professionals with the accessibility and data they need to create and alter highly personalized treatment plans, while also ensuring efficient operations. This includes access to big data analytics to determine the best course of treatment based on past results, as well as technology that can streamline or automate workflows.
The Role of IT in Today’s Healthcare Ecosystem
As healthcare providers adjust to value-based care, consumers will continue to play a more active role in their healthcare and treatments, demanding increased access to physicians and their own medical data. To make this happen, IT teams are being tasked with an increasing number of responsibilities.
- Innovation
Digital transformation is a top priority among healthcare providers, as 85 percent of consumers say they look for providers that use the latest technology. As a result, healthcare IT teams must ensure infrastructure is being updated to accommodate the latest innovations and patient-centric applications and services. Today, this largely means cloud adoption and IoT integration. Consumers want to be able to monitor their health and share this data with their physicians in real time. Connected IoT devices, especially wearables, serve to significantly expand this capability. Additionally, care providers are using connected devices and applications to streamline hospital operations. IT teams, therefore, must ensure the network infrastructure can accommodate the growing numbers of devices being connected to it, as well as the burgeoning amount of data it must manage. This includes cloud adoption to improve the accessibility and mobility of healthcare data, as experts predict that 80 percent of health data will pass through the cloud by 2020. - Compliance
Healthcare is highly regulated in order to protect the privacy and personal information of patients. Healthcare providers have to ensure they are meeting compliance requirements such as HIPAA (US), PIPEDA (Canada), DDP (EU) or DPA (UK) in all their operations. And soon, those working with European patients will also have to comply with GDPR. These regulations have strict requirements surrounding how data is stored and who may access it. As IT teams move forward with digital transformation, they have to ensure that any new technology deployments meet these standards. - Security
Finally, IT teams have to make sure that as all of this new technology is adopted, the network remains secure from cyberattacks. Cybercriminals have increased their focus on the healthcare industry, with 89 percent of examined providers having experienced a breach in the last two years. Due to the life-saving functions performed by healthcare technology, this uptime is critical. IT security also helps to ensure constant uptime, as DDoS and ransomware attacks threaten to knock networks offline.
Challenges Facing Healthcare IT Teams
Unlike larger enterprises, many healthcare IT teams often have limited resources and manpower. This is especially true for cybersecurity. The cybersecurity skills gaps remains a major problem for all organizations, with 70 percent of employers stating they wish to increase security staff by 15 percent, and by 20 percent in healthcare. As understaffed IT teams are being overwhelmed by having to navigate digital transformation, compliance and security, cybercriminals are at the same time launching increasingly frequent and sophisticated attacks.
The increased use of new technologies such as the cloud and IoT broadens the attack surface, making it easier for criminals to find a vulnerability to exploit. And with security systems increasingly distributed and isolated, detecting such exploits is increasingly difficult. Compounding the problem further, cybercriminals have also begun to harness automation and machine learning to make their attacks faster and more effective, thereby decreasing the response time available to IT teams once a breach is detected.
2018 is likely to see new attacks that target IoT devices, turning them into swarmbots and hivenets that use shared intelligence to communicate and compromise more devices. Furthermore, AI is being used to establish next-generation polymorphic malware that can spontaneously create customized attacks that target specific systems and use machine learning to evade detection. IT teams will also have to contend with new offerings of cybercrime-as-a-service that enable even run-of-the-mill criminals to launch sophisticated cyber attacks.
Why Healthcare IT Needs Automation
Healthcare IT teams have become integral to the overall success of providers adopting a value-based care model, providing the technology consumers demand. However, as shorthanded teams are increasingly relied upon to provide ever more innovation, compliance and security, something is likely to slip through the cracks. Deploying automation within cybersecurity controls helps to mitigate this risk.
Historically, organizations have relied on separate point solutions that are not integrated and do not communicate with one another to secure a static and predictable network perimeter. This model does not work for today’s dynamic and distributed network environments. Which means that as security events occur and threat intelligence is gathered, this information is not shared across the network in a timely way.
And now, as cybercriminals bolster their use of automation, the attack response time is diminished even further. Security solutions that leverage automation through machine learning, however, are able to instantly respond to security incidents, without teams having to manually sort through massive amounts of threat intelligence or alerts beforehand. Integrated security systems can use automation to distribute real-time threat intelligence across the network, ensuring that malicious or anomalous behavior is consistently registered with each security device.
Incorporating automated expert security systems adds to the level of security of the network without draining IT resources. They do this by automating response and threat intelligence, as well as by making basic security hygiene a part of the protocol – such as ensuring patching happens automatically or that vulnerable systems are identified and tagged for replacement or specialized protections. This ensures that IT systems are able to keep pace with the digital speed of attacks, while IT staff can focus on more critical issues.
Final Thoughts
IT teams are responsible for the roll out of new technologies, the assurance that those technologies are compliant, and that patient data remains secure. The most effective way to ensure that each of these tasks is carried out is through security automation.