Security

How Does Application Modernization Strengthen Healthcare Cybersecurity?

As hackers increasingly target healthcare systems, modernization strategies can help IT teams eliminate vulnerabilities and guard against breaches.

Erin Laviola

Twitter

Erin Laviola is a freelance writer who specializes in the healthcare industry.

Innovative technologies, including advancements in artificial intelligence (AI), are helping the healthcare industry improve patient care and create more efficient work environments. Application modernization is a crucial process for healthcare organizations that want to keep up and stay competitive.

However, organizations must make security a core part of their strategies. Doing so can reduce vulnerabilities and make healthcare ecosystems more secure amid a rise in cyberattacks.

The American Hospital Association called 2023 the “worst year ever” for breaches in healthcare, but stated that hacks in 2024 were even more “profound” because of their scale — for example, the ransomware attack on Change Healthcare that shut down billing systems and exposed the private health information of more than 100 million people.

“When we talk about leveraging AI and all these amazing tools, the cybercriminals are doing the same thing,” says Melissa Rappl, CISO at Children’s Nebraska. “It’s an arms race, and we need to stay a step ahead.”

Click the banner below to create modern and seamless healthcare workflows.

x-appmodernization-animated-2024-clickhere-desktop1

x-appmodernization-animated-2024-clickhere-mobile1

Why App Modernization Enhances Healthcare Security

Health systems rely on countless applications to keep administrative and clinical operations running, but many of them may be outdated or not secured. An estimated 73% of healthcare organizations still use legacy systems, according to a 2021 Healthcare Information and Management Systems Society survey.

“As these systems get older, cybercriminals poke holes in them and find vulnerabilities they can exploit,” says Andy Stone, CTO for the Americas at Pure Storage. He explains that application modernization gives IT teams the opportunity to eliminate those vulnerabilities.

He compares it to renovating an old house. “Maybe you have to replace the roof because it leaks. When you do, everything becomes waterproof again. Application modernization works the same way,” Stone says. “You’ve taken a holistic look and resealed your systems with the latest and greatest materials.”

How Health IT Teams Can Factor in Security

Strategies for enhancing cybersecurity via application modernization include:

Build Security Measures from the Start

Atif Chaughtai, head of emerging industries at Red Hat, says healthcare IT teams must build cybersecurity measures directly into applications from the beginning. Teams should also run security tests throughout development.

“It’s a cultural shift,” he says. “In the past, software engineers focused on functionality, and security was an afterthought. Now, there’s an understanding that security needs to be baked in.” This approach can also make it easier to maintain the organization’s security posture.

Factor in Flexibility

Flexibility is another important factor to consider. Healthcare organizations use hundreds or thousands of third-party vendors, including multiple public cloud vendors. Chaughtai recommends building applications that can function on multiple platforms and easily be updated.

“If you build an application to be very specific to a particular cloud model, and then the vendor updates their security posture, now you have another technical debt,” he explains. “Instead, create a modular approach, where you can plug in or replace security controls whenever you need to.”

It’s a cultural shift. In the past, software engineers focused on functionality, and security was an afterthought. Now, there’s an understanding that security needs to be baked in.”

Atif Chaughtai Head of Emerging Industries, Red Hat

Vendor Management

Third-party vendor management should also be part of a healthcare organization’s overall cybersecurity strategy, Rappl adds. Leveraging services from vendors is necessary for growth, she notes, but those partnerships carry their own risks.

“You’re expanding your risk footprint because you’re relying on third-party services to protect your data,” she says. “That’s why we have independent, third-party audits. We need to understand what their application development process looks like, where they’re storing the data and how they’re protecting it.”

Desired Application Modernization Outcomes for Healthcare

Health IT teams must keep usability in mind when upgrading their systems. “You can create the most secure application, but if it’s highly unusable, then people will find ways to circumvent the controls,” Stone says.

For example, he says, complicated password requirements can boost security, but only if used properly. “How many users will be able to adapt to that, especially in healthcare, where people are very busy and need to move quickly?”

Organizations should also consider visibility. Chaughtai recalls working with a healthcare organization that adopted a more modern platform after realizing that its outdated legacy system was unintentionally exposing data in certain areas. The old system had a rigid infrastructure that made updating it a slow and difficult process.

DISCOVER: An application modernization strategy creates a roadmap to better healthcare outcomes.

Through application modernization, the organization switched to a “plug and play” model, Chaughtai says. “Now they can change the security controls as needed, but the biggest benefit is greater visibility and compliance.” In the event of a data leak, IT teams can track when and where the data has been accessed.

In addition, Stone says, it’s important to build resilient architecture so that an organization can recover quickly in the case of a breach. He notes that Pure Storage’s SafeMode Snapshots creates copies of valuable data sets that cannot be deleted by bad actors.

As cybercriminals continue to use more sophisticated tools to target healthcare systems, Chaughtai says, using application modernization in tandem with cybersecurity will have long-term benefits. “We need to consider the cost of data breaches holistically,” he says. “There are financial aspects and a loss of productivity, but also a loss of confidence from the patient perspective. That damage can last a long time.”

AndreyPopov/Getty Images