sb-as logo
Story image

Does your healthcare organisation need a security health check?

01 Jun 2017

Healthcare providers store some of the most critical data in the world, making them attractive targets for cyber criminals - especially when cloud computing is starting to transform the sector. Cloud security strategies have never been more important to prevent damaging and embarrassing data loss, according to Palo Alto Networks.

“Healthcare providers want to focus on treating patients. A cloud computing approach means they don’t have to worry about data centre which is much more cost effective. But as cloud computing takes off in healthcare, a carefully-architected data security strategy is imperative to ensure data stays safe," comments Ian Raper, Palo Alto Networks' regional ANZ VP.

The company says there are three reasons why healthcare providers need to prioritise cloud security:

1. Cyber adversaries are still after healthcare data

Profit-motivated cyber adversaries target healthcare data by using malware to steal data and then sell it to someone who will use it to commit identity theft and insurance fraud; or by using ransomware to encrypt healthcare data and unlock it only after a ransom is paid.

Cyber adversaries are well aware that healthcare data is moving to the cloud, and will continue to target that data in a cloud environment. 2. Security is better in the cloud if providers take the time to plan it out In the rush to move healthcare records to the cloud, there’s often an assumption that security comes automatically. Security can be more straightforward to implement in the cloud but it is still only as good as you make it.

“Cloud hosting providers make it easier to manage virtual servers and network infrastructure at the platform level, but healthcare providers shouldn’t make the mistake of developing a false sense of cloud security. They still need to deploy and manage advanced anti-malware to their endpoints," Raper comments. 3. A unique opportunity to remedy lingering security issues

Healthcare providers often use legacy applications, which can create significant vulnerabilities. Cloud hosting providers offer capabilities that can make it easier to manage the security of the underlying data within high-risk applications.  

“As healthcare providers migrate their applications to the cloud, they can, at a moment’s notice, spin up the required virtual servers, and be protected behind a new instantiation of a virtual next-generation firewall," Raper adds.  

Migrating applications to the cloud can often present a unique opportunity to evaluate and improve each application’s overall security. For example, healthcare providers could:

  • upgrade the application to the latest release
  • deploy the application in a tightly-controlled virtual network segment
  • introduce network-level threat prevention
  • enforce stronger controls on underlying databases
  • eliminate all existing server-level vulnerabilities prior to cutover

One of the most powerful features of the cloud is that it makes bleeding-edge security infrastructure available to healthcare organisations of all sizes. 

“Even smaller clinical networks can stand up and deploy enterprise-class, application environments with a small IT team. However, they mustn’t fall into the trap of thinking that all they need to do is move an application to the cloud and security will come automatically. With careful planning, they can take advantage of the cost-savings and extensibility that the cloud offers, but they also need to ensure that the right security architecture is in place to keep their patient data safe," Raper concludes.

Story image
Financial malware activity dropped in 2020 as creators honed their wares
Cybercriminals used the time to plan more malicious propagation techniques, both new and evolved from previous methods.More
Story image
FortiGuard appoints former cyber warfare officer
Former RAAF cyber warfare officer Mark Robson has been appointed as senior tactical threat analyst in FortiGuard’s managed detection and response team, FortiResponder.More
Story image
IT leaders prioritising automation, Zero Trust and API-based security investments
"The study shows that a cocktail of multiplying threats, the proliferation of hybrid and cloud architectures, blended with a pandemic-fuelled explosion in distributed and remote work has created a perfect storm for network security teams."More
Story image
Video: 10 Minute IT Jams - SonicWall VP on the cybersecurity lessons learned from the last 12 months
This is our seventh IT Jam with SonicWall, the cybersecurity company specialising in firewall, network security, cloud security and more.More
Story image
Hackers offering forged “official” COVID vaccination certificates and negative test results on dark net 
There has been a 350% increase in the number of advertisements selling alleged COVID vaccines within the last three months.More
Story image
Cybersecurity budgets still not keeping up with threats — report
Executive teams are failing to recognise the level of damage cyber-threats pose to organisations, according to Sophos — many of them taking a ‘conservative approach’ to cybersecurity expenditure.More