Issue link: https://beckershealthcare.uberflip.com/i/949902
61 Executive Briefing CDW Healthcare is a leading provider of technology solutions focused exclusively on serving the healthcare marketplace. Working closely with healthcare organizations nationwide, its customers range from small rural providers to large integrated delivery networks. The dedicated healthcare team leverages the expertise of CDW technology specialists and engineers to deliver best-in-class solutions from data center infrastructure through the point of patient care. For more information, visit CDW.com/healthcare. into account legal fees, loss of patients, damage to hospital brand, loss of staff, lost revenues due to operational down time and clinical impact, total financial loss can be millions." 4 steps to improve data security in the hospital setting Collecting and securing large amounts of health information for population health management programs is a crucial yet difficult undertaking. CIOs and CISOs can lay the groundwork for future population health success by taking the following four steps to protect patient data. 1. Train staff. The first step to creating a secure data environment is raising awareness around common cyberattacks among all levels of the organization — from front-line staff to C-suite leadership. "The biggest challenge with many healthcare providers is a lack of understanding of the risk they are faced with," Mr. Cotham says. Leaders can arm their teams with security knowledge in several ways. For one, share information about emerging technical threats with IT and security teams. Second, provide routine security awareness training to physicians and administrative staff. This training should cover best practices to avoid phishing attempts and unauthorized access. Combined, these efforts empower the entire hospital team to do everything possible to protect patient data. Leaders must also make data security a boardroom conversation if data security practices are ever going to improve in a meaningful, sustainable way, according to Mr. Cotham. "Having wide involvement across the company will ensure that the approach to security can become a business enabler, rather than an inhibitor," he says. "With board-level awareness of the risks that the organization faces, it becomes easier to secure the necessary support and budget to build a holistic security program, which will in turn lead to a better chance of success." 2. Deploy technology. Staff training is an important foundational step, but forward-thinking hospital teams also look to accomplished technology manufacturers to support risk mitigation efforts. "Hospitals will never be able to train their way out of the cybersecurity crosshairs, so there also must be a significant focus on technology expenditure, but the spending must shift to where the attack surface is most active — email systems. Currently, the vast majority of attacks come via email, yet the vast majority of info-security investment is not focused on protecting email systems," Mr. Witt says. Proofpoint, an enterprise security company, provides cloud-based solutions to help hospitals detect and block targeted attacks from cybercriminals, such as those deployed through email. IT solutions and services companies like HPE are also able to help hospitals prevent, detect and recover from threats to sensitive patient data. HPE Pointnext, the company's IT services organization, works with hospitals to modernize their risk mitigation efforts and meet healthcare compliance mandates, for example. The company's portfolio of storage and network solutions also has "built-in" security functions, such as its scalable data storage solution 3PAR StoreServ, which includes encryption for data at-rest, or its Aruba 360 Secure Fabric enterprise security framework, which offers hospital security teams visibility into wired and wireless networks. 3. Understand devices. Traditional firewalls — security systems that monitor incoming and outgoing network traffic — no longer sufficiently protect patient data, as more and more devices like printers and MRIs wirelessly connect to the hospital. A talented cybercriminal can use these access points to penetrate a hospital's network. "Cybercriminals today continue to adapt, finding new ways to connect into hospital systems," Mr. Cotham says, noting the importance of security controls like anomaly detection, data encryption and network access control. "Another component to this is understanding the behavior of the device accessing the network." Each device on a hospital's network must have a predefined role, which the security team continuously monitors and manages. "For example, a printer on the network accessing your internal financial systems is probably not normal behavior, and may indicate an escalating attack from within the network," Mr. Cotham explains. 4. Test systems. Once a hospital has successfully deployed appropriate security systems, IT teams can gain support from working with outside consulting firms to regularly run penetration tests and security assessments to identify potential vulnerabilities. "Engage an industry leader and move forward with a security assessment," Mr. Cotham says. "The security assessment will help the healthcare provider understand both the strengths and challenges of their current approach to healthcare security, and provide a good basis to build a mature security framework upon." A security assessment enables hospital leadership to evaluate the organization's cybersecurity readiness by ensuring devices are protected, network access is appropriately managed and IT systems are patched in a timely manner. The outside consulting firm can also educate staff and document security policies. For Mr. Witt, a key metric when evaluating cybersecurity technologies is to test before you buy. "Vendor or analyst claims are fine, but it doesn't mean that the solution in question is the best fit for a given hospital's environment. Require vendors to provide a [proof of concept], and make sure the solution works as claimed on your systems, with your applications, using your workflow and solving for your use cases." he says. Conclusion Training staff at all levels of the organization, deploying high- quality security technology, monitoring wired and wireless devices, and regularly testing IT systems comprise four key steps to improve data security in the hospital setting. As hospitals continue to gather valuable patient data to drive population health efforts, mastering these components will be increasingly important for hospitals to ensure patient safety and strong financial outcomes. n Healthy data. Orchestrated by CDW. second, more patient data is created. Your ability to store, share and protect it absolutely critical. At CDW, we understand the threats you face and can help patient information right where it belongs. With Hewlett Packard Enterprise and DL380 servers, protection is built right into your infrastructure. So providers can securely access the data they need, when and where they need it. at's IT Orchestration by CDW. ™ CDW.com/hpe