February 27, 2017

Toby Gouker • VP and CISO

Personal Healthcare Information Becomes Most Vulnerable Moving Throughout the Ecosystem

Healthcare system networks consist of multiple sources of data from multiple enterprise-level systems communicating in real time. This presents the healthcare cybersecurity professional with varying protection requirements. As these multiple types of data come together and transfer over to other systems, the data is accessed by many different users with varying analytics needs. Due to the urgent nature of information transfer in a healthcare environment, much of the data is transferred in clear text. Health care organizations face even greater risks if any part of a system is deployed in a cloud environment. When viewed from a patient perspective, speed of information flow is paramount. When viewed from an enterprise perspective, the importance of security becomes paramount. Organizations must protect sensitive customer, partner, and internal information and adhere to an ever-increasing set of compliance requirements.

cybercircle700There are a number of traditional IT security controls that should be put in place as the basis for securing PHI, such as standard perimeter protection of the computing environment and monitoring user and network activity with log management. But even in the most tightly controlled computing environments, infrastructure protection by itself cannot protect an organization from cyberattacks and data breaches. PHI in motion is too open to be able to fully protect. Further exacerbating the risk is that the aggregation of PHI as it makes it an even more alluring target for hackers and data thieves.

First is able to offer the right consultant with the perfect crossover of healthcare IT and cybersecurity to address the ever increasing threat surface facing providers today.