What worked then won’t work now – the on-going evolution of IT security

With the continued emergence of the Internet of Things (IoT), the landscape by which we access and consume information continues to be transformed. For those of you unfamiliar with this team, Internet of Things describes the network of physical objects (i.e., “things”) that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet. This refers to everything from refrigerators with built-in internet connectivity to medical devices that transmit data to the digital picture frame sitting on your desk.  While a lot of these emerging technologies are new and exciting, with them comes a much greater security risk.  Unfortunately for most, few have maintained an even pace with their security posture to match the increase in device connectivity and access to critical systems.

Current projections cite that over the next 3 years, we will nearly double the amount of total connected devices in use. So, what does that mean from an IT security standpoint? In its simplest terms, it means more opportunities for bad actors to gain access to your network.  We must adjust how we think of our IT security and understand how critical it has become to not only our systems, but also patient care. Given the value patient data poses on the black market, Healthcare organizations need to be even more diligent in their evaluation of processes, systems, and organizational behaviors to identify any gaps.           

Protecting patient data is patient safety and must be approached with the same level of care and attention to detail.  While most organizations focus has been on the COVID-19, hackers have used the pandemic as an opportunity to increase attacks and become more creative in their pursuit of access to sensitive data.  Rather than just assuming your IT department (or outsourced IT partner) is properly protecting you from these attacks, here is a list of 10 questions you should be asking IT leadership:

  1. Can we confirm all devices in our network have the proper security software installed and are receiving updates?
  2. Are we using multi-factor authentication to ensure login requests are valid?
  3. Are we using a mobile device management software that allows us to remotely lock, wipe and secure mobile devices?
  4. What is our backup/disaster recovery plan and is it tested?
  5. Are all devices on an operating system that is currently supported?
  6. Is our critical information encrypted?
  7. Who has administrative access in our environment?
  8. What is our password policy?
  9. How are we training our employees to recognize security threats?
  10. How often are we evaluating our security posture?

As the way we access and consume information continues to change, healthcare organizations will only see the target on their back get larger and larger.  To reduce exposure, organizations must seek out subject matter experts, coordinate recurring meetings with your IT leadership, , understand IoT and how it will affect your network security, and adjust as needed.  Whatever you do, do not remain complacent.