Healthcare Technology and the Growing Demand for Cybersecurity
The patient and financial data that healthcare organizations store and have access to has become a valuable and attractive treasure trove for cyberattackers. According to FortiGuard Labs, cyberattacks against healthcare organizations occur at nearly double the rate seen in other industries.1 Making matters worse, attacks against healthcare organizations not only impact sensitive data but can also be life-threatening, as in a 2016 attack on MedStar Health in Maryland.2 Cyberprotection is often seen as the organization’s primary priority after providing patient care.
As in other industries, many of the most recent attacks against healthcare organizations started with a compromised PC or other device used by staff. Email is a common attack vector, and given the frequent use of images by medical personnel, corrupted JPEG files are commonly used. Making cybersecurity even more of a daunting task, many healthcare organizations allow access to key data by non-employees such as consulting doctors and healthcare cooperatives.
Certainly, healthcare providers must recognize that today’s skilled and clever attackers can easily negotiate older cyberdefenses. Improving defensive posture requires new technology, processes and tools.
Enhanced Cybersecurity for Healthcare Organizations
The first line of defense in protecting healthcare organizations will continue to be endpoints, the individual devices used by doctors, nurses, specialists and employees. To protect those endpoints, leading healthcare organizations are focusing on best-in-class hardware and software vendors that provide built-in, integrated security functionality. Having built-in security is more effective and comprehensive than trying to “self-integrate” many disparate security tools, and it can be managed with automation. In addition, providing higher levels of data protection at the hardware and software levels is essential in next-generation devices.
Augmenting protection with more effective and secure user authentication is incredibly important. Compromised user credentials have been the starting point for many major data breaches. New devices and software support multifactor authentication (MFA), which is much more secure. Rather than just a username and password, MFA uses fingerprints, facial recognition, and other physical attributes to prevent stolen passwords from being used.
Given the value of the personal and financial information contained in many medical records, there is also a need for vastly improved data protection. This includes protecting the data stored on the devices, in addition to information being communicated to them. Beyond this, ensuring that data is protected when systems are serviced or disposed of is an important requirement for securing devices used by a clinic or hospital.
And in healthcare, there is always the issue of compliance. Older devices and software can’t meet or support many aspects of HIPAA compliance. The first is improved user authentication, including MFA. Second is the need for encrypting data that is being stored on digital systems. Third, and perhaps most difficult for healthcare IT teams, is documentation that effective device security is in place at all times. As fines for noncompliance increase, ignoring cybersecurity is no longer an option.
Lenovo and Microsoft Answer the Call for More Secure Devices for Healthcare Professionals
Lenovo and Microsoft are delivering next-generation cybersecurity capabilities on a far better platform for protecting healthcare organizations’ data and users. Lenovo’s ThinkShield offering, combined with the advanced security features of Windows 10, delivers an integrated and comprehensive solution for user and device security. And it helps meet many of the demands of HIPAA. Proof of this commitment can be seen in the recent launch of the T490 Healthcare Edition device, which includes an RFID reader that can leverage existing badge solutions to provide easy, secure access.
Lenovo’s ThinkShield provides stronger authentication tools. Partnering with Intel® Authenticate technology, it supports MFA using protected fingerprint and facial recognition and protected PIN authentication. To support secure file sharing for patient files such as X-rays, Lenovo has the industry’s first Fast Identity Online (FIDO) certified authenticators for using sites such as Dropbox®, Google™, and PayPal®.
Lenovo partners with Microsoft and Windows 10 to deliver secure devices for healthcare organizations. Windows 10 provides intelligent security that protects user identities, devices and information. With Windows 10, intelligent endpoint security is built in, not bolted on. Windows Defender Advanced Threat Protection is a key component of a greatly improved security posture, with protection against advanced persistent threats. It also monitors user behavior to add more protection against compromised devices or identities. In addition, the security solution uses artificial intelligence to automatically investigate and even remediate complex threats in minutes. And Windows 10 provides intelligent evaluations of the current state of security at healthcare organizations, making recommendations to improve their security posture.
Lenovo’s ThinkShield offering, in combination with Windows 10, provides healthcare organizations with greater cyberprotection, using an integrated and comprehensive cybersecurity platform. For more information, please go to: https://solutions.lenovo.com/pc-solutions/thinkshield/
1 “The Healthcare Industry Is in a World of Cybersecurity Hurt,” TechCrunch, Aug. 9, 2018
2 “MedStar Health Turns Away Patients After Likely Ransomware Cyberattack,” The Washington Post, March 29, 2016