2. Consolidation Allows for Innovation in Healthcare
Another important approach is to focus on consolidating many point-based solutions into one cohesive, consolidated network security platform. From a cost perspective, this lets organizations invest more deeply in security because it frees up budget to purchase more technologies for automation and orchestration. Ament calls this a key factor to any successful security strategy because malicious actors are using these very same tools to try to break through defenses.
“There are going to be more adversaries, more threats and an increased number of attacks, so if you're an organization that's become very operationally efficient, you've got a very efficient security plan — or security fabric, which is what we call it here at Fortinet,” Ament says.
EXPLORE: Why healthcare organizations should begin their zero-trust implementations with identity.
This fabric allows for more investment in automation, which can in turn resolve more security issues, incidents or potential breaches before they happen — with fewer resources internally, at a lower cost.
"If you can embed security from the beginning so that you're not having to go back and bolt on security or reassess your entire technology strategy, you're going to be able to continue to move up that maturity scale much faster," Ament says.
3. Scrutinize Data Management and Shed Duplicate Systems
From a patient data perspective, Ament says lack of governance over data sprawl is often an issue for healthcare providers who have moved from one electronic medical record to another.
“They've got the same data stored in many different ancillary, legacy systems,” he says. "One area of governance that's really important is, as you're adopting a new EMR, ensuring you're archiving the old data and getting it out of the environment."
Organizations that store sensitive data in 10 different places have increased their attack surface, he says.
READ MORE: What is master data management, and why is it important for healthcare?
"You've given adversaries more areas to attack, as well as more areas you need to defend," Ament says. "Just think about the vulnerability management and all the security layers that go into protecting those systems."
Healthcare organizations need to take a closer look at tech consolidation to ensure they're not wasting resources guarding underused or duplicate systems. "I think it's more important than ever for healthcare organizations to deploy an effective cybersecurity strategy because we’ve seen in the past 18 months — week after week, really — one health system after another fall victim to ransomware attacks that are affecting patient care and causing harm," he says.
In addition to the impact this has on information security and patient care, there is also a significant financial cost that must be considered, Ament adds.
"When we look at the average impact of a cyberattack on health systems, it used to be these would affect organizations for maybe 12 to 24 hours. But what we're seeing on average is health systems with one to four weeks of downtime," he says. "That's significant to the bottom line and affects revenue for these health systems, with delayed or canceled elective surgeries."
Brought to you by: