Shrestha continued, “We also partner with a third-party information security provider that moves 1 billion log files through its systems each day to identify anomalies and potential threats in real time. Our security operations center team investigates all high-risk anomalies that are identified through this process.”
What’s more, providers are becoming increasingly dependent on Internet-based resources to facilitate patient care, Shrestha said, noting that UPMC has 105,000 connected devices to manage and support. These connected devices, which are connected to networks and the cloud, have the potential to act as a gateway to break into a hospital’s main networks, he said.
Drilling down specifically into the vulnerabilities and security risks of IoMT devices, Beth Musumeci, vice president, cybersecurity at GE Healthcare, said the threat is significant, as connected health devices, by definition, “increase the attack surface.”
By 2020, 78.5 million number of people worldwide will be using home health technologies by 2020. By 2019, 87 percent of healthcare facilities will implement IoMT, up 60 percent from this year. The rise in breaches coupled with the rate that we’re implementing IoMT, it’s easy for us to see the challenge we have before us from cybersecurity perspective,” Musumeci said.
She outlined a number of key steps that IT security leaders at patient care organizations should take to strengthen their organization’s security posture to be able to withstand, detect and respond to constantly emerging threats. First, she said, it’s important for IT leaders to recognize that compliance does not equal protection, she said, and, further to that point, IT security leaders need to know what vulnerabilities exist in their environment and then manage those vulnerabilities regularly and diligently.
“Understand that criminals will take the trouble to know your network, anything you accidentally connect to can accidentally get you attacked. You must know your network. A common oversight is a short-sighted definition of your network; you need to expand beyond you enterprise employees and include third-parties, suppliers, vendors and accountants connecting to your environment. Make sure they are following your security policy, and that includes their suppliers too,” she said.
It’s also critical to have an emergency response plan and policy, and then, practice recovery. “Having an effective and tested recovery plan can prove to be a vital defense, and plan for events like ransomware,” she said.
Applying Advanced Capabilities to Cybersecurity
Rob Marson, head of strategy and business development, Nokia, who also participated in the webinar, outlined cutting-edge techniques that healthcare organizations are deploying to protect against evolving threats. “To stay ahead of some of these threats, we’re starting to see organizations trying to strike the right balance between reactive and proactive security best practices. Security teams are working hard to identify and limit threat vectors, detect faster and respond faster. When I use the words ‘active security’ that means the right blend and balance between proactive and reactive.”
Active security involves constantly measuring the organization’s security posture and risk level, Marson noted. “As Beth [Musumeci] said, it’s more than just auditing for compliance, it’s an ongoing, near-time assessment of network security posture. To do this effectively, you need to rely on security software solutions that can help you automate and measure holistically your security risk and security posture.”
Rapid response is the key to minimize the impact of cyber attacks, Marson said. “Expect to be attacked, so the art is how quickly can you detect and respond appropriately. What needs to happen is we need to eliminate the time between detection and mitigation.”
Marson continued, “By now, it’s well acknowledged that as an industry, there is simply a cyber skillset shortage, and the traditional incident response strategies, which rely on manual processes, now need to turn to automation. Software plays a key role helping you automate your response strategy so you can respond faster and deal with more of those threats.”
Active security is about transforming security operations to become more predictive and more automated, he noted, “so we’re seeing techniques leveraging analytics, machine learning, leveraging threat intelligence to drive rapid and automated responses.”
Shrestha with UPMC noted that predictive analytics applied to data could enable IT security leaders to anticipate vulnerabilities before they occur and remediate faster, and then asked the panelists, “How distant are these capabilities?”
“From a network perspective, I don’t think they are as far off,” Marson said. “Already we’re seeing the application of data science to solve different problems and the application of data science and the evolution of machine learning and big data analytics in the realm of cybersecurity is upon us.”
KLAS’s Hall concluded that technology is critical, yet “training and culture is really the key. He added, “Making sure employees understand the policies, making sure everybody is on the same page about what is appropriate within the security program. We build the right culture to make it a more secure place for healthcare providers.”
Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.