Feb 1, 2021

Palo Alto Networks launches IoT security solution

IoT
cybersercurity
IoMT
medical devices
Leila Hawkins
2 min
Palo Alto Networks launches IoT security solution
Palo Alto’s new IoT solution aims to make it easier to keep medical devices secure...

Cybersecurity firm Palo Alto Networks has launched a new Internet of Things (IoT) security solution specifically for the healthcare sector. IoT Security intends to simplify the challenge of securing the Internet of Medical Things (IoMT) through machine learning, prevention and enforcement, while also offering insights on healthcare-specific devices and vulnerabilities. 

IoT presents cybersecurity risks in healthcare. According to a recent report from Unit 42, 83% of medical imaging devices are running on unsupported operating systems, which makes them vulnerable to attacks. Attacks like these can disrupt patient care, and allow attackers to steal patient data. 

IoT Security uses machine learning and telemetry to profile all the devices on a network. It also offers recommendations to reduce manual effort; intrusion prevention to block exploits; sandboxing to detect and prevent IoT malware; and URL and DNS security to stop IoT attacks via the web. Other features include: 

  • MDS2 Document Ingestion: The Manufacturer Disclosure Statement for Medical Device Security documents allow medical device manufacturers to disclose the security-related features of their devices, allowing for deeper vulnerability analysis, tuned anomaly detection and specific recommended policies.
  • Operational Insights: These give biomedical and clinical engineering teams visibility into how, when and where medical devices on their network are being used
  • Expanded IoMT Discovery: This enables expanded discovery and security for unique IoMT devices and healthcare applications.

“The Internet of Medical Things has the potential to improve healthcare, save lives, and bring massive savings” said Anand Oswal, senior vice president and general manager, Firewall as a Platform, Palo Alto Networks. “But if not properly secured, these same devices can pose huge risks. 

“Our vision is to give healthcare organizations complete visibility, in-depth risk analysis, and built-in prevention so they can get the maximum benefits from this transformative technology while reducing risks to patients and their data.”

Share article

Jul 25, 2021

Getting ready for cloud data-driven healthcare

Data
healthcare
CloudComputing
Technology
 Joe Gaska
4 min
Getting ready for cloud data-driven healthcare
 Joe Gaska, CEO of GRAX, tells us how healthcare providers can become cloud-based and data-driven organisations

As healthcare continues to recognise the value of data and digital transformation, many organisations are relying on the cloud to make their future-forward and data-centric thinking a reality. In fact, the global healthcare cloud computing market was valued at approximately $18 billion and is expected to generate around $61 billion USD by 2025. 

At the forefront of these changes is the rapid adoption of cloud-based, or software-as-a-service (SaaS), applications. These apps can be used to handle patient interactions, track prescriptions, care, billing and more, and the insights derived from this important data can vastly improve operations, procurement and courses of treatment. However, before healthcare organisations can begin to dream about a true data-driven future, they have to deal with a data-driven dilemma: compliance. 

Meeting regulation requirements

It’s no secret that healthcare is a highly regulated industry when it comes to data and privacy – and rightfully so. Patient records contain extremely sensitive data that, if changed or erased, could cost someone their life. This is why healthcare systems rely on legacy technologies, like Cerner and Epic EHRs, to manage patient information – the industry knows the vendors put an emphasis on making them as secure as possible.

Yet when SaaS applications are introduced and data starts being moved into them, compliance gets complicated. For example, every time a new application is introduced into an organisation, that organisation must have the vendor complete a BAA (Business Associate Agreement). This agreement essentially puts the responsibility for the safety of patients’ information — maintaining appropriate safeguards and complying with regulations — on the vendor.

However, even with these agreements in place, healthcare systems still are at risk of failing to meet compliance requirements. To comply with HIPAA, U.S. Food and Drug Administration 21 CFR Part 11 and other regulations that stipulate the need to exercise best practices to keep electronic patient data safe, healthcare organisations must maintain comprehensive audit trails – something that gets increasingly difficult when data sits in an application that resides in the vendor’s infrastructure.

Additionally, data often does not stay in the applications – instead healthcare users download, save and copy it into other business intelligence tools, creating data sprawl across the organisation and exposing patient privacy to greater risk. 

With so many of these tools that are meant to spur growth and more effective care creating compliance challenges, it begs the question: how can healthcare organisations take advantage of the data they have without risking non-compliance?

Data ownership

Yes, healthcare organisations can adhere to regulations while also getting valuable insights from the wealth of data they have available. However, to help do this, organisations must own their data. This means data must be backed up and stored in an environment that they have control over, rather than in the SaaS vendors’ applications.

Backing up historical SaaS application data directly from an app into an organisation’s own secure cloud infrastructure, such as AWS or Microsoft Azure, makes it easier, and less costly, to maintain a digital chain of custody – or a trail of the different touchpoints of data. This not only increases the visibility and auditability of that data, but organisations can then set appropriate controls around who can access the data.

Likewise, having data from these apps located in one central, easily accessible location can decrease the number of copies floating around an organisation, reducing the surface area of exposure while also making it easier for organisations to securely pull data into business intelligence tools. 

When healthcare providers have unfettered access to all their historical data, the possibilities for growth and insights are endless. For example, having ownership and ready access to authorised data can help organisations further implement and support outcome-based care. Insights enabled by this data will help inform diagnoses, prescriptions, treatment plans and more, which benefits not only the patient, but the healthcare ecosystem as a whole. 

To keep optimising and improving care, healthcare systems must take advantage of new tools like SaaS applications. By backing up and owning their historical SaaS application data, they can do so while minimising the risk to patient privacy or compliance requirements. Having this ownership and access can propel healthcare organisations to be more data-driven – creating better outcomes for everyone. 

Share article