Digital health services such as telehealth and patient portals have been gaining momentum in recent years, but it’s only in the last year that virtual care became a must-have. Hospitals are rushing to adopt new digital technologies, but are they ready to support these new ways of working with the right security frameworks? Do they have the tools to mitigate the risks that come with a remote workforce and greater reliance on cloud-based apps?
The State of Hospital Security
Unfortunately for the hospital CISOs charged with figuring this out, cybersecurity is a fast-changing landscape. Hospitals must keep pace if they’re to keep the growing volume of patient data safe and secure. Cybersecurity can’t be an afterthought when going toe-to-toe with today’s adversaries.
To dig into current attitudes toward cybersecurity risk management and identify opportunities for hospitals looking to step up their cybersecurity game in 2021, Forcepoint commissioned a survey of over 200 hospital CISOs, cybersecurity directors and security engineers. Here are the headline findings:
Virtual care will drive changes in cybersecurity over the next decade
Patient portals, telemedicine and AI will vastly improve the patient experience. But as these data-driven, distributed operations shatter traditional security perimeters, respondents worry about their ability to manage cyber risk at scale. With more data being generated and shared across numerous apps, devices and locations, more than half say cloud-based data collection, storage and sharing will be the leading factors transforming hospitals over the next ten years.
Only a small percentage of hospitals are currently using cloud-native cybersecurity
With more data accessed through cloud-based applications, it makes sense for security to be cloud-native too. While only 8% of respondents say their cybersecurity is cloud-native, 67% plan to implement it in the next 1-5 years. Smart choice, given that 52% of organizations with cloud-based security say it has boosted their cyber resilience, according to the Ponemon Institute. Forcepoint developed Dynamic Edge Protection for this exact purpose, using a cloud-based SASE approach to secure web, network and app access, no matter where staff are working.
Human behavior is seen as a major, yet neglected, cybersecurity risk
Respondents recognize that protecting data starts from within. Classifying human behavior as a low risk was considered the greatest threat to hospital cybersecurity. Security teams must understand how human behavior – what we refer to as Indicators of Behavior (IOB) – creates opportunities for data loss and security hacks, and seals them up quickly. Currently, the majority of respondents have not implemented behavioral analytics. Those that have are using it to catch internal breaches before they occur.
One way to spot IOBs that could lead to data breaches is with a tool such as Dynamic User Protection, which helps organizations take proactive steps to weed out risky behaviors.
Zero Trust isn’t as well understood as it should be
Balancing new ways of working and data security calls for a sprinkle of skepticism: how do you know the person logging on is who they say they are? More CISOs are weaving Zero Trust into their cybersecurity strategies, in order to verify the identities of anyone attempting to access and use enterprise data.
Interestingly, while a third of respondents say their organizations currently use a “never trust, always verify” approach to mitigating risk, fewer seemed to know the term Zero Trust itself.
Hospitals plan to spend more on cybersecurity in 2021, but worry about unwieldy toolsets
More than half of respondents say their organization plans to increase investment in cybersecurity over the next year. They’ll prioritize data protection, integrated risk management, web security, and cloud security.
While many believe that adding security tools can enhance protection, many hospitals struggle with decentralized, inefficient toolsets. Many are concerned about how many security point products they use. Shifting to converged security strategy based on distributed data and people will be more agile and scalable than a collection of isolated tools. Endpoint security and SASE will be key safeguarding staff, patients, data and resources as digital health services continue to evolve.
Read the full report here.