Security in Healthcare: Strengthening Your Defense Team With Analytics

January 15th, 2016

Today’s digital environment provides the opportunity to harbour, share and utilize endless streams of information, including healthcare.

Healthcare organizations store incredibly private, and potentially valuable data that may reveal unique insights into both medical conditions and effective patient care. For instance, treatments are becoming more personalized than ever before, patients are monitored much more efficiently and workflow for doctors and nurses are constantly improving with new technology.

But, the complexity of our digitally-driven world also pose increasingly challenging security risks and the potential for failures in diligent privacy protection.

According to the 2015 Ponemon Institute’s Global Cost of Data Breach study, the average cost of data breach per capita in healthcare reaches as high as $363 – that’s more than double the average total cost of a data breach in other sectors.

One of the major challenges, is managing the security of infrastructure throughout the organization – especially as personal and medical devices are widely integrated. The risk, here, is that the increasing plethora of devices and systems, many designed with security as a secondary consideration, provide new entry ways for malicious hackers. These include electronic medical records, external websites, managed service providers, patient kiosks and public health systems.

That’s why healthcare organizations need to prioritize and identify data that needs protection, and then implement the proper security measures to ensure they’re safe. These protections might take the form of security analytic tools, better identity management, appropriate access restrictions and network segregation, among many more.

Ultimately, the goal needs to be two-fold: maintain access required to conduct business smoothly, and prevent suspicious or unauthorized access from occurring.

But despite initial barriers within the infrastructure, managers need to hold an attitude that some intrusion attempts will make their way past the first line of defense. And that’s where security analytics tools come in.

In the same way while there has been some focus on log analysis and threat detection at the security infrastructure, little attention has been paid to applying the same techniques to health applications in order to detect abuse and misuse of personal health data from a privacy perspective.

Big data analytics of large health data sets can be done in a responsible manner, good security and privacy practices are an enabler for these activities not a barrier.

You’ll hear more from my discussion at the 17th Annual Privacy and Security Conference on Feb. 4 – but what it comes down to is the current need for healthcare organizations to take proactive security and privacy measures before a breach occurs, and harms both the network and its patients.

Big data can only go so far – implementing security and privacy analytics allows both factors to work together to record patterns and indicate if an intruder is attempting to hack the system or a user is misbehaving. This action will prompt precautionary alerts to managers so that they can then determine whether further investigation is warranted.

At IBM, we say that security is not the same as compliance – and I believe this to be true. There is a need for healthcare organizations to become more aware of harmful security threats against their network and their patients. In fact, a report from IBM’s X-Force Research team marked 2015 as the year of the healthcare breach with nearly 100 million records compromised, that we know about.

Healthcare is a vulnerable industry due to its ample sensitive data, so it’s imperative for organizations to go beyond just safeguarding barriers, by implementing additional proactive analytics tools. Managers need to ensure that data is being used in an effective way, while at the same time remaining secure and private.

Paul Lewis - Executive Consultant Security Services, IBM Canada

Paul has more than 25 years international experience in Information Technology, Privacy, Security, and Risk Management and an acknowledged expert in North American, Canadian, and European security and privacy practices. He is Executive Consultant for IBM Canada’s Security Services Practice and IBM North America Healthcare Security Leader. Paul has completed projects in many sectors with […]