Five cyber security issues facing the healthcare industry
Healthcare organisations hold some of the most sensitive personal data, including vast amounts of Personally Identifiable Information (PII), which means that hackers can paint a vivid profile of their targets.
Names, addresses, health insurance details, and often financial information, can enable attackers to commit identity fraud and other financial cyber-crimes. The highly valuable nature of this data makes healthcare a prime target for hackers.
To combat the rising cyber threat, the NHS is expected to spend £1bn on cyber-security and data consent. However, the recent deal between Google’s DeepMind and the NHS has called data privacy and security into question. Whilst doctors may benefit from the introduction of modern-day technology, patient data, which in some cases are not anonymised, could be at risk.
Healthcare suffered more breaches than any other sector in the UK in the final quarter of 2015, with half of all data breaches reported to the Information Commissioner’s Office (ICO) coming from private or public health organisations, so concerns are valid. Healthcare organisations need to ensure watertight policies and procedures are implemented, although there is no solution available that can guarantee security. As cyber-attacks become more complex, healthcare IT professionals need to stay on top of their security strategies in order to deal with threats. Here are five issues facing the industry today:
1 – The Black Market
Healthcare data is highly valuable to hackers because they can sell it for a high price on the black market. Patient information is in especially high demand right now as it can be sold for upwards of $50 (£38) per record. When compared to stolen credit card numbers, which only sell for about $1 (£0.75) each, the urgency to protect this data is obvious. Hackers stand to make a lot of money off of major breaches that expose millions of people’s data and the headlines indicate that the industry is currently fighting a losing battle.
2 – Scams Aplenty
Health data isn’t just for selling. Cyber-criminals can also use patient information for fraudulent activities such as billing private insurers. Unfortunately, it gets worse. The consequences of a data breach are disproportionately high for the healthcare industry. According to the Ponemon Institute, the average cost of a data breach per person is $201 (£150). However, within the healthcare industry, the per person cost is $359 (£270).
The Data Protection Act (DPA) is supposed to safeguard patient data and organisations within the NHS. According to the recent Shadow Data Report from Blue Coat, patient information (PI) dominates the healthcare and pharmaceutical industries at 52 percent of all sensitive documents. Unencrypted cloud data that is exposed to a breach can be extremely expensive and put the organisation at risk of reputational damage.
3 – Send It to The Cloud or Keep It On Premises
Compliance is a major concern for any healthcare organisation. This makes many providers hesitant to update or switch to new security systems. This is a major issue for the healthcare industry. Threats are becoming more advanced every day and healthcare security systems need to evolve.
For example, cloud data protection (CDP) gateways provide flexible control that protects sensitive information before it leaves a corporate network. The gateway intercepts PI while it’s still on premises and replaces it with a tokenized or encrypted value, which is then sent to the cloud. This way, the data is meaningless to anyone outside the network who may intercept it on its way to the cloud or access it while it is in the cloud. These platforms also ensure end-users keep their required cloud SaaS application functionality, even on data that has been strongly encrypted or tokenized. There are also technologies that can be used to continually monitor and scan files for PI and take actions such as blocking them from being sent to cloud environments or simply alerting IT that the information has been sent to the cloud.
4 – Encryption Is Your Friend
Encryption encodes data so that only authorised parties can decrypt the information and read it. So it doesn’t necessarily prevent someone from intercepting the data, but the encryption prevents someone from viewing it. It’s essential that encryption keys be physically held and managed by the end-user organisation’s IT team and not by the cloud provider’s. Losing ownership of encryption keys opens the organisation up to additional risks such as data leakage.
5 – The Fear Factor
As mentioned, healthcare leaders are sceptical about trying new security and storage options. Many IT leaders fear losing control of such regulated and sensitive data. This is understandable, but solutions such as CDPs and encryption address these concerns. New data control and protection solutions are emerging to help healthcare organisations address these threats. It’s time to embrace these solutions and put them to work to combat the new and very real threats facing the industry.
By Robert Arandjelovic, Director of Security Strategy, Blue Coat (now part of Symantec)
GfK and VMware: Innovating together on hybrid cloud
GfK has been the global leader in data and analytics for more than 85 years, supplying its clients with optimised decision inputs.
In its capacity as a strategic and technical partner, VMware has been walking GfK along its digital transformation path for over a decade.
“We are a demanding and singularly dynamic customer, which is why a close partnership with VMware is integral to the success of everyone involved,” said Joerg Hesselink, Global Head of Infrastructure, GfK IT Services.
Four years ago, the Nuremberg-based researcher expanded its on-premises infrastructure by introducing VMware vRealize Automation. In doing so, it laid a solid foundation, resulting in a self-service hybrid-cloud environment.
By expanding on the basis of VMware Cloud on AWS and VMware Cloud Foundation with vRealize Cloud Management, GfK has given itself a secure infrastructure and reliable operations by efficiently operating processes, policies, people and tools in both private and public cloud environments.
One important step for GfK involved migrating from multiple cloud providers to just a single one. The team chose VMware.
“VMware is the market leader for on-premises virtualisation and hybrid-cloud solutions, so it was only logical to tackle the next project for the future together,” says Hesselink.
Migration to the VMware-based environment was integrated into existing hardware simply and smoothly in April 2020. Going forward, GfK’s new hybrid cloud model will establish a harmonised core system complete with VMware Cloud on AWS, VMware Cloud Foundation with vRealize Cloud Management and a volume rising from an initial 500 VMs to a total of 4,000 VMs.
“We are modernising, protecting and scaling our applications with the world’s leading hybrid cloud solution: VMware Cloud on AWS, following VMware on Google Cloud Platform,” adds Hesselink.
The hybrid cloud-based infrastructure also empowers GfK to respond to new and future projects with astonishing agility: Resources can now be shifted quickly and easily from the private to the public cloud – without modifying the nature of interaction with the environment.
The gfknewron project is a good example – the company’s latest AI-powered product is based exclusively on public cloud technology. The consistency guaranteed by VMware Cloud on AWS eases the burden on both regular staff and the IT team. Better still, since the teams are already familiar with the VMware environment, the learning curve for upskilling is short.
One very important factor for the GfK was that VMware Cloud on AWS constituted an investment in future-proof technology that will stay relevant.
“The new cloud-based infrastructure comprising VMware Cloud on AWS and VMware Cloud Foundation forges a successful link between on-premises and cloud-based solutions,” says Hesselink. “That in turn enables GfK to efficiently develop its own modern applications and solutions.
“In market research, everything is data-driven. So, we need the best technological basis to efficiently process large volumes of data and consistently distill them into logical insights that genuinely benefit the client.
“We transform data and information into actionable knowledge that serves as a sustainable driver of business growth. VMware Cloud on AWS is an investment in a platform that helps us be well prepared for whatever the future may hold.”