Privileged access management: the cyber priority for the healthcare sector
The news has recently been full of stories documenting the rise of technology in the NHS: from the role of artificial intelligence in treating Parkinson’s disease, to Matt Hancock’s call for a greater deployment and use of apps in our health service – there are seemingly never-ending opportunities for new technologies to revolutionise healthcare.
While this race to reap health benefits from technology is exciting, security must not be forgotten. Healthcare organisations now gather huge amounts of valuable data for hackers and the worst attacks are yet to come.
We often hear about the NHS in negative terms on the news, as the service can fall victim to hacks due to outdated and unsupported software. On the other hand, the growing cyber security skills gap makes it incredibly challenging to effectively protect against ransomware and internal threats to information such as electronic personal health information (ePHI). That’s without mentioning regulations around this information, such as HIPAA, HITECH and GDPR, which will increasingly tighten while also bringing in tougher penalties to those organisations that fail to comply.
The CyberArk annual Global Advanced Threat Landscape report revealed that 42% of security professionals around the world admitted that the biggest cyber threat faced was unsecured privileged accounts. When privileged access is concerned, all points of access on any machine or device must be secured. This includes the applications and medical devices that interact with critical systems and enable critical processes such as integrating patient diagnostics data from third-party services.
The key to containing a threat actor, be it internal or external, malicious or not, is to adequately manage privileged accounts, credentials and confidential information. The healthcare sector faces high stakes as it deals with huge amounts of sensitive patient data, so managing and securing privileged access must be a priority.
What does the current healthcare threat landscape look like?
Technology can indeed help modernise our healthcare system by allowing patients to immediately speak to GPs via video, or order repeat prescriptions through an app. But security must be embedded at the heart of these new innovations. A more connected health service will inevitably mean an expanded attack surface for hackers.
In this scenario, security can’t be an afterthought or a ‘bolt on’ consideration. With the spread of ePHI across networks, web portals and mobile endpoints, the risk to healthcare providers is only set to increase. The only way to reduce the risk of a data breach or cyber-attack is to implement a holistic security strategy for healthcare environments – including streamlined privileged access control.
- Healthcare providers: The route to digital transformation success
- The future for digitised healthcare
- Top 10 healthcare innovations for 2019
Our Global Advanced Threat landscape report also found that 52% of healthcare IT decision-makers don’t think they can prevent hackers from infiltrating their networks, putting customers’ PII at risk for 59% of them. The old approach of building ‘high walls’ to keep hackers away no longer works. Hackers will always find a way in – so healthcare organisations have to implement security tools that will assume attackers are already in to prevent them from gaining access to critical systems.
Tighter regulations, harsher penalties
Today’s regulatory environment is getting stricter while ransomware and other cyber attacks are gaining in momentum, making it difficult for IT teams to dodge hefty fines and ensure compliance.
But penalties are not the only threat for organisations. Operational costs for recovery can quickly add up after a breach – according to a Ponemon study, a healthcare data breach costs on average USD$380 per record – more than 2.5 times the global average across industries.
To show compliance with HIPAA HITECH, GDPR and other industry regulations now in place, healthcare companies must have access to documented, auditable proof of their efforts to protect privileged access at all costs. Audit trails demand a solution that enables comprehensive monitoring, recording and isolation of all privileged user sessions, detailed activity reports on critical ePHI databases and applications, fully searchable audit logs, and complete, multi-layered audit trail data protection.
How to deliver a modern, secure healthcare service
Privileged access management is crucial for healthcare companies to proactively protect against, detect and respond to attacks in progress before attackers wreak havoc. But managing privileges does not mean denying them – rather, it means controlling who has access to what and why. Managing privileged access is one component of a basic cyber security hygiene that can have a positive impact on an organisation’s overall security posture and compliance efforts.
Privileged access security can complement and work in tandem with existing security tools, allowing organisations to get more positive outcomes. It can provide automated, proactive, end-to-end detection and protection for all privileged access to systems containing ePHI. Privileged threat detection and analytics provides the ability to respond and remediate anomalous or high-risk activities. Monitoring the behaviour of privileged activity to ensure users are not disabling, circumventing or altering implemented security safeguards and controls is not only a best practice but often required by this new regulatory environment.
We are in an exciting age of innovative technologies. Apps, digitised systems and AI have the power to transform our healthcare system and improve patient care. But security has to come on this journey – from start to finish. Privileged access management is a much-needed step to secure healthcare organisations in the age of the ‘mass data breach’. With the right privileged access security steps set in place, a hacker’s capacity to escalate privileges and, in turn, access confidential information such as patient records will be mitigated. Too much is at stake if proper cyber hygiene is not woven into a healthcare organisation’s digital transformation.
Skin Analytics wins NHSX award for AI skin cancer tool
An artificial intelligence-driven tool that identifies skin cancers has received an award from NHSX, the NHS England and Department of Health and Social Care's initiative to bring technology into the UK's national health system.
NHSX has granted the Artificial Intelligence in Health and Care Award to DERM, an AI solution that can identify 11 types of skin lesion.
Developed by Skin Analytics, DERM analyses images of skin lesions using algorithms. Within primary care, Skin Analytics will be used as an additional tool to help doctors with their decision making.
In secondary care, it enables AI telehealth hubs to support dermatologists with triage, directing patients to the right next step. This will help speed up diagnosis, and patients with benign skin lesions can be identified earlier, redirecting them away from dermatology departments that are at full capacity due to the COVID-19 backlog.
Cancer Research has called the impact of the pandemic on cancer services "devastating", with a 42% drop in the number of people starting cancer treatment after screening.
DERM is already in use at University Hospitals Birmingham and Mid and South Essex Health & Care Partnership, where it has led to a significant reduction in unnecessary referrals to hospital.
Now NHSX have granted it the Phase 4 AI in Health and Care Award, making DERM available to clinicians across the country. Overall this award makes £140 million available over four years to accelerate the use of artificial intelligence technologies which meet the aims of the NHS Long Term Plan.
Dr Lucy Thomas, Consultant Dermatologist at Chelsea & Westminster Hospital, said: “Skin Analytics’ receipt of this award is great news for the NHS and dermatology departments. It will allow us to gather real-world data to demonstrate the benefits of AI on patient pathways and workforce challenges.
"Like many services, dermatology has severe backlogs due to the COVID-19 pandemic. This award couldn't have come at a better time to aid recovery and give us more time with the patients most in need of our help.”