Story image

Does your healthcare organisation need a security health check?

01 Jun 17

Healthcare providers store some of the most critical data in the world, making them attractive targets for cyber criminals - especially when cloud computing is starting to transform the sector. Cloud security strategies have never been more important to prevent damaging and embarrassing data loss, according to Palo Alto Networks.

“Healthcare providers want to focus on treating patients. A cloud computing approach means they don’t have to worry about data centre which is much more cost effective. But as cloud computing takes off in healthcare, a carefully-architected data security strategy is imperative to ensure data stays safe," comments Ian Raper, Palo Alto Networks' regional ANZ VP.

The company says there are three reasons why healthcare providers need to prioritise cloud security:

1. Cyber adversaries are still after healthcare data

Profit-motivated cyber adversaries target healthcare data by using malware to steal data and then sell it to someone who will use it to commit identity theft and insurance fraud; or by using ransomware to encrypt healthcare data and unlock it only after a ransom is paid.

Cyber adversaries are well aware that healthcare data is moving to the cloud, and will continue to target that data in a cloud environment.

2. Security is better in the cloud if providers take the time to plan it out

In the rush to move healthcare records to the cloud, there’s often an assumption that security comes automatically. Security can be more straightforward to implement in the cloud but it is still only as good as you make it.

“Cloud hosting providers make it easier to manage virtual servers and network infrastructure at the platform level, but healthcare providers shouldn’t make the mistake of developing a false sense of cloud security. They still need to deploy and manage advanced anti-malware to their endpoints," Raper comments.

3. A unique opportunity to remedy lingering security issues

Healthcare providers often use legacy applications, which can create significant vulnerabilities. Cloud hosting providers offer capabilities that can make it easier to manage the security of the underlying data within high-risk applications.  

“As healthcare providers migrate their applications to the cloud, they can, at a moment’s notice, spin up the required virtual servers, and be protected behind a new instantiation of a virtual next-generation firewall," Raper adds.  

Migrating applications to the cloud can often present a unique opportunity to evaluate and improve each application’s overall security. For example, healthcare providers could:

  • upgrade the application to the latest release
  • deploy the application in a tightly-controlled virtual network segment
  • introduce network-level threat prevention
  • enforce stronger controls on underlying databases
  • eliminate all existing server-level vulnerabilities prior to cutover

One of the most powerful features of the cloud is that it makes bleeding-edge security infrastructure available to healthcare organisations of all sizes. 

“Even smaller clinical networks can stand up and deploy enterprise-class, application environments with a small IT team. However, they mustn’t fall into the trap of thinking that all they need to do is move an application to the cloud and security will come automatically. With careful planning, they can take advantage of the cost-savings and extensibility that the cloud offers, but they also need to ensure that the right security architecture is in place to keep their patient data safe," Raper concludes.

Cofense launches MSSP program to provide phishing defence for SMBs
SMBs are highly susceptible to phishing attacks, and often lack the resources necessary to stop advanced threats
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.