A CISOs role is impacted by infrastructure modernization, evolving threat landscapes, and mission delivery. With the push to move to the cloud, many CISOs are facing challenges securing valuable data that is traveling between vendors and systems. To secure this valuable patient data and defend against bad actors, CISOs must look to technology that provides security, flexibility, and scalability.
At the recent HIMSS Healthcare Security Forum, a panel discussion, “Security in the Cloud Era,” brought together healthcare experts to discuss barriers to innovation and solutions for the healthcare sector. Panelists explored how the cloud and security are no longer separate entities but must be considered mutually exclusive to maintain data security. John Houston, CISO at UPMC, the University of Pittsburgh Medical Center, shared that he manages “hundreds” of cloud vendors and estimates that 70 percent of compute workload is now hosted remotely.
“The rate at which new threats emerge is outpacing response. And traditionally, the time that the industry took to respond with the creation, testing, and deployment of new features has been too long,” said Michelle Salvado, Vice President of Engineering and Endpoint GM at FireEye, in a recent interview.
According to HIMSS research, providers have doubled the share of workloads deployed to the public cloud in the past twelve months. This move to the cloud, especially the public cloud, poses security risks for healthcare organizations that will work with multiple vendors and multiple platforms. “We all need to be concerned about that reality: We’re moving very quickly to the cloud,” said Houston. “Risk follows information. And we’d better figure out a way to get our arms around it.”
The solution? Partnering with a trusted vendor with a proven track record. The Security Effectiveness Report by FireEye found that the median global dwell time for external attacks was 141 days. The damage done in hours, let alone months, can be a critical blow to healthcare organizations that are required to safeguard patient data. Loss of income and loss of patient trust are just the beginning.
It’s paramount that healthcare organizations demand the highest security from their vendors. “As an industry, we all must stick to our guns,” Houston said in a recent podcast. “Otherwise, the third parties can dictate the level of information security that they provide. Unfortunately, there is significant variation and maturity between our third parties’ information security programs.”
For organizations like UPMC, finding vendors that offer the security, flexibility, and scalability needed to protect networks, systems, and data, can be a challenge. Healthcare organizations should look to partners that have a history of cyber readiness and responsiveness within the healthcare community with proactive cyber tools. “Now we can create and deploy these custom protection, investigation and response modules in just days – versus several months – in response to changes in the threat landscape,” said Salvado.
Watch this video to discover your security effectiveness.