Blog · 18 May 2020

First, do no harm: how to keep the healthcare sector secure

Find out how technology is both the cause and the cure for vulnerabilities in the healthcare and life sciences sector.

Bryan K. Fite
Global Account Chief Information Security Officer

As we work towards a life-saving vaccine or treatment to combat the Coronavirus pandemic, the value of the healthcare and life sciences (HLS) sector has never been clearer.

But the pressure to rapidly develop medical treatments isn’t the only challenge our customers in this sector are facing. To achieve their overall aims of improving the health of the general population, making treatment better for patients and reducing the cost of care, they’re turning to digital transformation for effective solutions. It’s a change that’s vital, but not without risk.

How digital transformation is changing healthcare

The sky’s the limit when it comes to innovation in this space. From robotics used in complex surgeries, to online portals that complement the treatment available for patients remotely. IoT-enabled devices can allow intensive care instruments, like ventilators, to monitor and analyse patient status and share that data in real time. What’s more, many of the organisations I talk to are incorporating AI, ML and big data analytics into their R&D practices and are therefore looking at cloud options for more cost-effective scaling.

This shift to digital working will improve outcomes in the long-run, but it also puts the sector at risk. As I see so often, digital transformation at this scale and pace exposes processes, systems and partnerships to new cyber security threats. Security that isn’t designed to keep up with these rapid developments will either hold the sector’s transformation back or, worse, expand the organisation’s attack surface, leading to data breaches or non-compliant outcomes in this heavily regulated sector.

Intellectual property theft is a real threat

There are a lot of threats targeting the industry, but IP theft can be one of the most devastating. IP is key to the success for an HLS organisation, this is demonstrated by the huge R&D investments made to develop medicines, vaccines and treatments. This also includes the development of innovative medical equipment. Theft of IP data at any stage of the development life-cycle could completely derail key projects, initiatives and breakthroughs. Not to mention the reputational damage associated with reported breaches or the potential for further thefts once weaknesses in the R&D process are exposed.

In today’s world, there is nothing more valuable or worth stealing than any kind of biomedical research that is going to help with a coronavirus vaccine.”

Bill Evanina
Senior US intelligence official

Personal data make the sector a lucrative target

Along with valuable IP, our clients also handle a significant amount of highly sensitive personal data. The information passing through HLS organisations is more lucrative to cybercriminals than credit card data and includes patient records used in clinical trials and individual patient data collected by IoT-enabled medical devices. This data doesn’t just draw the eye of cybercriminals, either. The sector is heavily regulated, governed by the FDA, GDPR, SOX and PCI — to name just a few. And the rules governing drug safety, supply chain security, patient privacy, and other sensitive information are complicated, so it’s important security systems are carefully created. What’s more, as many HLS organisations operate internationally, multiple regional regulations can apply at different points in the supply chain. A regulatory breach can be just as damaging to an organisation as a cyberattack, so compliance needs to be a high priority for the sector.

Collaboration: a vital Achilles heel

As the current pandemic highlights, the HLS sector can be more effective when it works collaboratively. Sharing sensitive data helps accelerate the research pipeline getting treatments to market as quickly as possible. But research and supply chains span millions of employees, across hundreds of organisations. So, there are multiple potential points of exposure as drugs, vaccines and equipment are developed, designed, created, trialled and shared with the market. Any weak link in the chain could see it broken irreparably, but security that’s too stringent can restrict data sharing to a point where collaboration becomes meaningless and ineffective.

Security starts with networks

These vulnerabilities mean it’s imperative digital transformation takes place hand-in-hand with robust security. Security that’s frictionless and handled in accordance with regulation but also available to everyone who needs legitimate access is the objective. Unfortunately, the current hospital and medical ecosystem is not fit for purpose, posing very little challenge for cybercriminals. I believe that a policy of zero trust is the appropriate approach, so that every device, end point or access point into the network is regarded as a possible threat vector that needs to be protected. IoT-enabled medical devices, tools and systems all need to be linked to secure, high performance and high availability networks that bring together all sources of data transparently with global fine grained control. And finally, I think that it’s crucial that people in the sector are regularly upskilled so as new devices, systems and process are introduced, they can continue to prioritise security and keep data secure and stakeholders safe.

To find out more about protecting IP, data and collaboration, just get in touch or take a look at some of the security solutions we’ve already created for the HLS sector.