Establishing Trust in your Healthcare Systems

by Eli B. Perlman, VP Alliances

In the continuum of health sciences, changes in business practices resulting from dynamic regulatory pressures, combined with major technological advances in medical devices, health monitors, and internet-enabled devices and tighter network integration are challenging current security and privacy approaches. This new environment offers the promise of providing better healthcare outcomes at lower prices, however this doesn’t come without a new form of cyber security challenges. The increasing number of bad actors, the lack of defined best security practices, and the absence of proven and formalized governance models are key contributors to why we have been seeing ever-increasing reports about cyber-attacks on health systems, often with devastating impact. Trust in the current state of security measures is rapidly deteriorating.

Integrated healthcare systems and networks are designed to provide great benefit, allowing organizations to automatically share electronic health information between disparate systems across the entire healthcare continuum. This, alone, can greatly improve the efficiency and delivery of care. Unfortunately, the current approach to connecting and securing integrated health systems leaves far too many vulnerabilities, exposing organizations to IT system outages, loss of and inappropriate changes to confidential patient health data, and the inability to deliver critical care when needed.

There are many examples where these key vulnerabilities directly impact the delivery of care. Patients with IoT implantable cardioverter defibrillators (ICD) depend on the secure operation of these, which can be greatly impacted if a cyberworm infected the host network and worked its way into the actual device. Or, if the MRI/CT scan results of a patient scheduled for immediate emergency surgery went missing due to the work of a bad actor, this can impact the ability to deliver critically needed care.

Other recent examples have seen electronic medical records being attacked and compromised, ransomware working its way into a hospital information system and effectively shutting down parts of the hospital, and laboratory logistics systems being attacked and irretrievable tissue samples sent for cancer screening went missing. There have already been reports of pharmacies, hospitals, and doctors not getting valid eligibility confirmation for life sustaining drugs or procedures because the insurer’s system was taken down or compromised.

Regardless of the current cybersecurity investment and focus within healthcare, particularly around secure data transmission, system integration, and regulatory compliance, it is undeniable that cyberattacks are increasing.  Common security practices, including data encryption, virtual private networks, firewalls, data forensics, and best practices governance programs have proven to be no match for today’s cyberhackers.

To better address these challenges, a new and more explicit layer of trust is required in how health networks and patient data are connected and secured. This layer of trust must alleviate the shortcomings allowed by the open standard Internet protocols that are in use everywhere. Simply stated, if a healthcare system or device can be found and scanned on a network, it can be hacked. In the delivery of healthcare, stopping the bad guys from continually scanning our systems and exploiting vulnerabilities is the new strategic imperative of our time.

BlackRidge Technology is leading the way in solving this critical problem within the continuum of healthcare. The BlackRidge solution authenticates user or device identity and applies security policies across networks and cloud services before application sessions can be established. This revolutionary capability fills a critical security flaw in how healthcare systems and medical devices are connected and secured. There is currently no other mechanism for blocking adversary scanning and reconnaissance without also blocking legitimate users.

BlackRidge solutions have been deployed across enterprise networks, data centers, and by cloud service providers to effectively:

  1. Isolate and protect on and off premise servers and cloud services from unidentified and unauthorized users.
  2. Stop cyber-attacks by blocking network scanning and reconnaissance activities (you can’t attack what you can’t see).
  3. Segment networks and isolate systems to reduce risk and meet compliance requirements.

As technical advancements continue to drive the healthcare industry forward, cyber security must be an integral part of every healthcare organization’s operational and customer strategy. We have proven that our solutions can deliver a critical component to helping establish a deeper layer of trust across comprehensive healthcare systems to ensure that only those who should see and access networks and critical applications are the only ones that can.

For more information on these solutions, please visit https://www.blackridge.us/solutions/healthcare.