issuhub.com

Healthcare Radius – December 2018

(ff) #1

+($/7+&$5(5$',86_'(&(0%(5 37


IT



  1. Today’s cyber
    threats are growing
    faster than ever,
    while becoming
    increasingly stealthy
    and resilient.


without discovery. These trends are likely
to continue into 2019 and we have not yet
seen the full results of how malicious actors
are using this information.


Impact of consumerisation on healthcare IT
Shadow IT has grown exponentially, par-
ticularly in a healthcare provider environ-
ment where you have un-vetted IT solu-
tions that are adopted directly into clinical
spaces. Many of these solutions do improve
patient care and clinical workflow, but have
not gone through the same security con-


trols and review from an IT standpoint that

your typical enterprise, IT-sanctioned solu-

tion or medical device would be subject to.

CIOs and CISOs at healthcare organisa-

tions that provide patient care are strug-

gling with visibility into all of these dif-

ferent shadow IT solutions, unapproved

vendors, and devices that are being tested

and adopted in the clinical and research

setting. It is also important to note that

readily adopted consumer IT used in the

healthcare setting currently has no govern-

ing organisation to enforce validity of the

applications, or ensure data integrity – for

the most part these are free-market apps

that can have poor development and cod-

ing vulnerabilities.

Clinical risk management teams are also

very concerned about shadow IT as the use

of these ‘unsanctioned’ tools are not docu-

mented as part of the formal medical re-

cord. This can lead to problems when trying

to audit information about what systems

and processes supported patient care.

From a privacy standpoint, there is loss

of visibility of access and potential diluting

of security of patient data shared with third

parties as part of a software as a service

(SaaS) or outsourced platform. This sharing

of data, although it may be ‘contractually

authorises’ is often not readily understood

by the common layperson or patient; much

like the public confusion that ensued with

the discovery of broad – based social media

information sharing.

Attack vectors challenging healthcare

providers

When you have upwards of 200 applica-

tions in your portfolio that you are trying to

manage in a health system, it’s very hard to

keep up with regular patching and consis-

tent communication with your vendors

regarding security concerns. The large num-

ber of solutions also makes it hard to bud-

get for deep-dive analyses of code for all

of those applications, so many healthcare

providers are heavily reliant on vendors to
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.