What’s Next in Securing Healthcare
By
Tapan
Mehta,
Global
Healthcare
Solutions
Executive
at
Palo
Alto
Networks
Over
the
last
decade,
healthcare
has
offered
new
lines
of
services
such
as
telehealth
and
remote
patient
monitoring,
expanded
accessibility
and
ease
for
both
patients
and
heal
By
Tapan
Mehta,
Global
Healthcare
Solutions
Executive
at
Palo
Alto
Networks
Over
the
last
decade,
healthcare
has
offered
new
lines
of
services
such
as
telehealth
and
remote
patient
monitoring,
expanded
accessibility
and
ease
for
both
patients
and
healthcare
professionals,
and
supported
innovations
that
measurably
improve
patient
outcomes.
It’s
a
profound
digital
transformation.
Today’s
digital
healthcare
organizations
rely
on
data
and
IT
in
ways
they
never
have
before.
Healthcare
delivery
has
expanded
beyond
the
four
walls
of
a
traditional
acute
care
setting
to
ambulatory
to
the
nascent
hospital-at-home
settings.
IT
continues
to
play
a
pivotal
role
in
this
ever-expanding
healthcare
delivery
model
and
is
tasked
to
not
only
drive
successful
business
outcomes
but
also
do
so
in
a
secure
manner
whereby
patient
privacy
and
data
security
are
not
compromised.
The
pandemic
further
reinforced
and
accelerated
the
digitization
of
healthcare
services.
When
COVID
hit,
within
a
matter
of
days,
healthcare
organizations
had
to
pivot
and
create
an
environment
whereby
not
only
their
employees
could
work
remotely
but
also
find
ways
to
still
deliver
healthcare
services
in
a
virtual
setting.
They
created
new
environments
for
operation
and
care
—
but
also
significantly
expanded
the
surface
that
needed
to
be
secured
The
top
challenges
of
securing
healthcare
now
Healthcare’s
digital
transformation
has
created
so
many
new
opportunities
—
not
only
for
patients
and
care
providers
but
also
for
bad
actors.
Today,
healthcare
leaders
need
to
think
about
three
things:
1.
Ransomware:
As
healthcare
operations
have
become
digitized,
attackers
have
taken
notice.
The
healthcare
industry
is
now
a
top
target
for
ransomware
attacks.
When
successful,
those
attacks
can
impact
operations
in
ways
that
are
life-threatening,
beyond
simply
harming
the
business.
In
2021,
hackers
published
extensive
patient
information
from
US
hospital
chains
in
Florida
and
Texas.
Confidential
patient
data
was
posted
to
the
dark
web,
including
files
with
personally
identifiable
information
as
well
as
tens
of
thousands
of
scanned
diagnostic
results
and
letters
to
insurers.
2.
IoT/IoMT:
Another
challenge
the
industry
faces
is
the
abundance
of
devices
within
healthcare
settings
that
are
connected
to
the
organization’s
network.
The
majority
of
these
connected
medical
devices,
such
as
patient
monitors
and
infusion
pumps,
have
been
around
for
a
long
time.
In
fact,
there
can
be
multiple
generations
of
devices
present
across
healthcare
environments
including
hospitals,
acute
care,
and
outpatient
facilities.
This
abundance
of
older
devices
creates
visibility
challenges
as
organizations
attempt
to
identify
all
their
connected
devices.
Security
challenges
are
then
multiplied
by
the
need
to
update
devices
for
potential
security
vulnerabilities,
even
when
many
devices
have
minimal
security
capabilities.
These
vulnerabilities
make
medical
IoT
devices
perfect
entry
points
for
malware
or
ransomware
attacks.
The
real
risk
is
that
when
an
attacker
breaks
into
one
of
these
devices,
they
can
move
laterally
within
a
healthcare
organization’s
network,
which
can
have
catastrophic
impacts.
The
FBI
issued
its
own
alert
that
unpatched
medical
devices
were
a
growing
target
for
cyberattacks,
adversely
impacting
healthcare
operational
functions,
patient
safety,
data
confidentiality,
and
data
integrity.
3.
Hybrid
environments:
With
many
healthcare
staff
now
having
the
ability
to
work
both
on-site
as
well
as
remotely,
there
are
new
security
challenges
that
need
to
be
solved.
Whether
working
from
home
or
anywhere
else,
healthcare
employees
need
to
have
the
same
level
of
security
as
they
do
within
the
four
walls
of
a
medical
facility.
They
also
need
the
same
level
of
bandwidth
and
low
latency
for
accessing
patient
records
in
order
to
provide
an
appropriate
level
of
care.
The
new
fundamentals
for
securing
healthcare
With
all
the
security
challenges
that
healthcare
organizations
face,
what
has
become
abundantly
clear
is
that
they
must
adopt
a
proactive
programmatic
approach
to
delivering
comprehensive
security
throughout
the
continuum
of
care.
What
that
really
means
is
making
sure
that
organizations
have
the
right
infrastructure
and
that
the
applications
that
are
running
in
healthcare
environments
have
the
necessary
security
capabilities.
It’s
also
about
making
sure
that
the
users
who
are
accessing
information
while
providing
care
are
protected
and
secured.
-
See
and
secure
IoMT:
Healthcare
organizations
need
to
proactively
manage
their
devices.
Your
biomedical
and
clinical
engineering
teams
know
and
feel
the
pain
of
managing
these
devices.
You
want
to
empower
them
to
make
smarter
capital
planning
decisions
while
ensuring
that
the
operational
burden
of
maintenance
and
repair
is
reduced. -
Enable
secure
hybrid
work:
Enabling
healthcare
professionals
with
connectivity
to
securely
provide
services
from
anywhere
is
a
top
priority. -
Protect
your
cloud
environments:
The
use
of
the
cloud
is
growing
across
healthcare.
As
organizations
move
to
the
cloud,
having
the
right
security
controls
and
visibility
in
place
to
enable
workloads
is
a
must. -
Ensure
compliance:
Regulatory
compliance
will
never
go
away.
It
is
incumbent
on
healthcare
organizations
to
have
the
right
investments
to
enable
ongoing
compliance
with
regulations
such
as
HIPAA. -
Leverage
cyber
automation:
Healthcare
is
under
tremendous
staffing
and
resource
constraints.
Organizations
can
optimize
healthcare
resources
by
integrating
automation
to
help
secure
operations,
endpoint
devices,
cloud
or
hybrid
workplaces,
and
security
operations
centers.
Security
should
never
be
an
afterthought.
As
we
continue
to
come
out
of
the
pandemic,
moving
toward
some
new
norm,
security
should
not
be
viewed
as
a
cost
center
but
more
of
a
critical
business
partner
within
the
healthcare
organization.
To
learn
more
about
Palo
Alto
Networks
healthcare
solutions,
please
visit
our
site.
About
the
author:
Tapan
Mehta
is
the
Global
Healthcare
Solutions
Executive
at
Palo
Alto
Networks.
In
his
role,
Tapan
is
accountable
for
the
overall
global
strategy,
solution
development,
thought
leadership,
business
development
efforts,
and
go-to-market
execution.
He’s
a
graduate
of
the
University
of
Michigan
where
he
studied
electrical
engineering
with
a
minor
in
business
administration.
He
has
spoken
at
several
healthcare
conferences
and
is
an
active
member
in
the
global
healthcare
community.
Tapan
has
authored
multiple
articles/papers/blogs
in
industry-leading
publications.
More
information
can
be
found
on
LinkedIn.