Cybersecurity is a top concern among healthcare professionals, notably CFOs, many of whom have experienced the disruptive and costly effects of a breach. A Guidehouse survey conducted by the Healthcare Financial Management Association (HFMA) found that 55% of providers listed cybersecurity as their top investment priority for 2024. Vulnerability management, data security, and threat detection were cited as areas of prime interest. These three areas tie back to the proliferation of endpoint devices physicians, staff and support personnel are now using daily. While firewalls, network monitoring and other security practices are imperative, it pays to give more thought to how to better secure endpoint computing. How healthcare professionals use their devices, and whether they adhere to best security practices, directly impacts a provider’s level of security.
Prevention at the endpoint
As cyber threats escalate, a preventative approach to better security at the endpoint can reap positive results in not only operational outcomes but better adherence to data privacy and compliance regulations. Tougher HIPAA monetary penalties, enforcement and audits are on the horizon in 2024, according to updates planned by the Department of Health and Human Services.
Using Informed Awareness to Transform Care Coordination and Improve the Clinical and Patient Experience
This eBook, in collaboration with Care Logistics, details how hospitals and health systems can facilitate more effective decision-making by operationalizing elevated awareness.
HIPAA also has planned new, more stringent mandates in risk assessments, data encryption and incident response plans. Health care providers can take these objectives and start analyzing whether security at the endpoint is in line with supporting HIPAA’s overall vision of a stronger threat defense.
The best risk mitigation, or prevention, at the endpoint requires lessening device risk factors, using the cloud for secure storage, employing a secure OS, efficient, centralized endpoint management, and communication with end users – all elements which impact your overall security posture.
Cloud storage and access can reduce risk
Healthcare staff and physicians can work at varied hospital locations or clinics on any given day. They can use mobile devices that may not meet best security practices. Additionally, staff may access a number of applications and desktops. Moving applications to the cloud is a solution to further minimize the risk of a staff person introducing malware or ransomware into the healthcare system’s network as they travel among devices and locations. The staff can retrieve applications and virtual desktops as authorized. It also allows for centralized management, patching and recovery, and cloud-based updates.
When Investment Rhymes with Canada
Canada has a proud history of achievement in the areas of science and technology, and the field of biomanufacturing and life sciences is no exception.
When accessing workloads via the cloud, healthcare professionals can use a single sign-on (SSO) identity provider (IDP). Single sign-on improves productivity by enabling people to easily access their desktops and applications regardless of hardware like mobile carts or nursing floor workstations. It is gaining popularity among healthcare users who have patient workloads that require the most efficient use of time and do not want the inconvenience of entering passwords as they work throughout the day.
A secure OS is imperative
Moving to more secure endpoint computing requires an operating system that supports Zero Trust methodologies and integrations, eliminates local data storage, is read only, and encrypted. Zero Trust, as described by the National Institute of Standard and Technology, “is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.” NIST explains that “Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned).”
Security practices like single sign-on and multi-factor authentication (MFA) are needed to support Zero Trust principals. Zero Trust is in part a response to the BYOD era, as NIST says, and is gaining prominence as more organizations, including healthcare systems, are looking for more ways to support productivity while lessening the risk of cyberthreats gaining successful access to the network or data. The number of workflows in healthcare will remain complex and varied. Protection measures like Zero Trust at the endpoint provide a framework to tighten security.
In addition to fully embracing Zero Trust, healthcare systems need an endpoint OS that can support various VDI, DaaS, and SaaS environments. In larger healthcare systems, locations may work with different networking infrastructures. Using an OS with this varied capability is an economical choice.
Centralized management saves IT time and resource
“A single pane of glass” is a commonly heard phrase in the tech IT world. For healthcare systems, it is relevant in that it refers to the need to centralize management of your endpoint OS and cloud computing storage and workloads to achieve efficiency and cost controls. Centralized management can support multiple hosted services and applications, relieving the burden of IT staff and requiring fewer resources to manage the endpoint infrastructure.
Communicating with end users
We know that phishing, social engineering and other cyberattacks are successful because the individual user opened a virus-laden link or clicked on a dangerous website. Internal communications to educate healthcare staff on the constant dangers of cyberthreats must be part of an overall security improvement and threat prevention strategy.
Increasing communication with staff is an essential element in abiding by HIPAA privacy regulations, a continuing main focus of HIPAA in 2024. Avoiding penalties, data breaches, and lack of patient trust – all lead back to the individual at the endpoint.
Prevention Is doable
Besides adhering to more stringent HIPAA cybersecurity and privacy regulations, preventing ransomware and data breaches is central to a well-managed healthcare system. By using the cloud for storage and access, providers can eliminate some of the risks that can occur at the endpoint. A unified central management will enable more efficient updates in the cloud- another source of risk if security patches are not implemented on a timely basis. Additionally, tools like single sign-on and MFA, to support Zero Trust, are essential to controlling access to data and applications. Lastly, mindful of HIPAA, security is now everyone’s responsibility. Keeping staff engaged in the best security practices helps to ensure healthcare can focus on patient outcomes and avoid disruption in providing services.
Photo: anyaberkut, Getty Images
Jason Mafera is field CTO, North America for IGEL. He comes to IGEL with more than 20 years of experience in the delivery of cybersecurity-focused enterprise and SaaS solution offerings and has worked for a broad range of companies from start-ups and pre-IPO organizations to public and privately backed firms. Prior to joining IGEL in October 2022, Mafera served as Head of Product and then Vice President of Sales Engineering and Customer Success for Tausight, an early-stage startup and provider of healthcare software focused on delivering real-time intelligence for securing and reducing compromise of electronic Personal Health Information (ePHI) at the edge. Before that, he held a succession of leadership roles with digital identity provider Imprivata. Mafera spent 12 years at Imprivata, first defining and driving to market the OneSign Authentication Management and VDA solutions, then leading the Office of the CTO. Early on in his career, he was systems engineer and later product manager at RSA, The Security Division of EMC.
This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.
