Security

How Secure Are Modern Collaboration Platforms for Healthcare?

Organizations should prioritize protecting meetings and shared data with end-to-end encryption and two-factor authentication to safeguard sensitive patient information.

Nathan Eddy

Nathan Eddy works as an independent filmmaker and journalist based in Berlin, specializing in architecture, business technology and healthcare IT. He is a graduate of Northwestern University’s Medill School of Journalism.

For healthcare organizations, collaboration platforms have become essential to productivity and care delivery. But they also introduce new security challenges.

As the use of file sharing, messaging and collaboration tools becomes more widespread, so do concerns around data access and content retention.

Organizations now need solutions that can detect sensitive data, protect it through tokens or masking, and provide real-time visibility into how it’s shared to ensure they are maintaining HIPAA compliance. To make this possible, healthcare IT leaders are turning to multifactor authentication (MFA), role-based access control, and integration with data loss prevention and insider risk management tools.

“Collaboration is all about the security of your content and access privileges,” says Jennifer Glenn, research director for IDC’s security and trust group.

She advises organizations to seek out risk dashboards offering broad visibility, along with simplified, automated tools for rule creation, monitoring and alerts.

She also says health systems should consider tools that evaluate whether shared content is still necessary and identify high-severity risks that need urgent attention.

These capabilities can help healthcare organizations stay secure without becoming overwhelmed.

Click the banner below to read the recent CDW Cybersecurity Research Report.

x_security_q325_animated_click_desktop_03

x_security_q325_animated_click_mobile_03

Password Protection and End-to-End Encryption

Roopam Jain, vice president of the information and communications technologies practice at Frost & Sullivan, says that organizations should be concerned about unauthorized access and the privacy of data shared in meetings.

“Today’s meeting platforms have come a long way in offering advanced features that assure users and IT managers that their meetings are fully secure and compliant,” she explains.

Features including end-to-end encryption, waiting rooms to control who joins the meeting, password protection and two-factor authentication all add an extra layer of security.

“These capabilities ensure that collaboration platforms provide a secure environment for meetings, protect sensitive information and maintain privacy,” Jain says.

Implementing the Right Security Features for Healthcare

Heidi Shey, a principal analyst at Forrester, says while popular tools including Microsoft Teams, Webex and Zoom are “secure for general-purpose use,” the level of required security depends heavily on how the platform is being used.

Healthcare organizations are using them for internal collaboration as well as patient communication, in some cases, which means protected health information could be at risk.

“A lot of it comes down to what that use case is and what information is being conveyed and stored within these platforms,” she adds.

Shey says that ensuring the correct configuration of features, including MFA or encryption of data at rest, is critical.

“That’s the other side of the responsibility of making the best use of what you are purchasing,” she says.

Managing Healthcare Security Risks

Collaboration platforms carry a range of security risks that healthcare organizations can’t afford to overlook. As data volume grows exponentially, so does the attack surface.

“Too much data makes it harder to detect violations,” Glenn says.

Another layer of complexity comes from regulatory requirements. All healthcare organizations, regardless of size, must comply with HIPAA regulations.

“This adds serious complexity to how data must be handled and secured,” she explains, noting that noncompliance can quickly become a legal and reputational risk.

Insider risks — both accidental and malicious — remain a growing issue, compounded by the potential for compromised accounts and external threats such as ransomware.

“Collaboration platforms need to adapt to organizational fluidity,” Glenn says. “Otherwise, sensitive data can end up in front of the wrong eyes.”

If access controls are weak or misconfigured, she warns, collaboration platforms can become gateways for data loss.

The Healthcare Threat Landscape Is Growing More Complex

The collaboration threat landscape is also growing more complex, and healthcare organizations must be aware of the evolving risks that come with it.

“Enterprises of all sizes are generating so much data, and attackers are using this to their advantage,” Glenn explains.

Complicating matters is what she calls “tool overload.”

While having the right tools is essential, she says, many organizations are struggling under the weight of too many disparate solutions.

“This can lead to incorrect configuration, inconsistent policies and just general confusion,” she says. “This opens the door to preventable vulnerabilities.”

Enterprises of all sizes are generating so much data, and attackers are using this to their advantage.”

Jennifer Glenn Research Director, IDC’s Security and Trust Group

Emerging technologies also bring new risks. One is the “harvest now, decrypt later” strategy, in which attackers exfiltrate encrypted data today with the intention of using future quantum computing technology to break that encryption.

Generative artificial intelligence (AI) is also reshaping the threat landscape: While it promises efficiencies, it ushers in real security challenges.

“Malicious prompts designed to exfiltrate or access confidential or regulated data will go up,” Glenn cautions.

Ultimately, AI will improve the quality of phishing and social engineering attacks, increasing the risk of account compromise. However, in some cases, data may not be encrypted appropriately as it moves through the AI pipeline, creating new points of exposure.

Best Practices for Bolstering Healthcare Security

To boost collaboration platform security, healthcare organizations should focus on access controls and data management, Shey says, emphasizing that MFA remains one of the most effective defenses against unauthorized access.

Equally important is information lifecycle management, establishing clear guidelines for what should and shouldn’t be recorded or stored during meetings.

“That’s an easy way to generate lots of sensitive information that’s not being managed appropriately,” Shey says.

Putting these policies in place early can simplify compliance and reduce long-term risk. This means actively reviewing shared content to determine what needs to be available and what can be retired.

Foundational data hygiene practices are also critical, including discovery, classification, posture and mapping. Glenn touts the importance of tagging data with the appropriate classification so privacy and security tools can function effectively.

“Make sure the organization understands exactly who has access to what,” she says. “This helps limit insider risks.”

She adds that healthcare IT leaders must understand where their organizations stand on the spectrum of security and operational efficiency. That clarity, she argues, is key to knowing where to prioritize security investments.

SeventyFour/Getty Images