Health Organizations Spending Big on Cybersecurity

A full 81% of US healthcare organizations and 76% of global healthcare organizations will increase information security spending in 2017-- reflective of a rapid transition to electronic health records and increasingly digitized personal health data.

The spending comes with the recognition that digitization is a double-edged sword. According to the 2017 Thales Data Threat Report, Healthcare Edition, issued in conjunction with analyst firm 451 Research, government regulations such as the HITECH Act’s Electronic Patient Care Reporting (ePCR) requirements in the US are driving healthcare organizations to digitize their data in a bid for greater efficiency.

However, modernization comes at a hefty price: Individual healthcare data is exposed to more people, in more places and on more devices, including smartphones, laptops and increasingly, internet of things (IoT) devices. And in fact, the report found that 60% of US healthcare respondents reported their organization were deploying to cloud, big data and IoT or container environments without adequate data security controls. 

Despite the risks that come from increased access points, 60% of US healthcare respondents reported their organization were deploying to cloud, big data, and IoT or container environments without adequate data security controls. The healthcare industry is also adopting some of these technologies for sensitive data use wholesale, with 69% of US respondents leveraging SaaS, 59% big data, 46% mobile and 35% IoT environments.

The numbers may explain why 90% of US healthcare respondents feel vulnerable to data threats and why cybersecurity spending increases by U.S. healthcare companies leads that of all other vertical markets surveyed, including the government and financial sectors.

Across the board, encryption is the technology of choice when it comes to protecting sensitive data residing within cloud, IoT and container environments. A full 65% of US healthcare respondents and 58% of global healthcare respondents opt to encrypt data in the public cloud, with the survey yielding similar numbers for IoT data (59% US; 58% global) and container data (58% US; 60% global).

Yet despite the healthcare industry’s growing interest in encryption, many organizations remain stubbornly focused on network and endpoint security. Network security is still the top choice for US healthcare spending by a wide margin (69%), compared to 53% of global respondents. Endpoint security, at 61%, isn’t far behind.

“While network and endpoint technologies are a required element of an organization’s IT security stance, they are increasingly less effective at keep external attacks at bay, and in securing cloud, big data, IoT and container deployments—which result in data being distributed, processed and stored outside corporate network boundaries,” the report noted.

“Globally and in the US, healthcare companies are under pressure,” said Peter Galvin, VP of strategy, Thales e-Security. “In the US, digital innovation is transforming the way patient information is created, shared or stored. For healthcare data to remain safe from cyber exploitation, encryption strategies need to move beyond laptops and desktops to reflect a world of internet-connected heart-rate monitors, implantable defibrillators and insulin pumps. Adhering to the security status quo will create vulnerabilities that lead to breaches, and further erode customer trust.”

Healthcare organizations interested in improving their overall security postures should strongly consider: Deploying security tool sets that offer services-based deployments, platforms and automation; discovering and classifying the location of sensitive data, particularly within IoT and container environments; and leveraging encryption and bring-your-own-key (BYOK) technologies for the cloud and other advanced environments.

What’s Hot on Infosecurity Magazine?