The security risks facing the healthcare sector have never before been so broad or so complex, reports Fortinet. “Thanks to digitisation across the sector, the advent of Internet of Things (IoT) and wearables, and the increasing sophistication of cyber criminals, the healthcare sector’s exposure to risk has increased exponentially,” says Paul Williams, country manager – Southern Africa at Fortinet.
Where South African healthcare service providers once lagged their international counterparts in mitigating information security risk, they are now moving to implement more comprehensive security measures, says Fortinet.
He points out that while the next generation healthcare enterprise stands to gain significant benefits from digitised and interconnected operations, they also face an intensified threat landscape.
In the digital realm, the risks in the healthcare sector include medical identity theft, unauthorised access of personal information, ransomware, denial of service attacks, malware and fraud. “Hackers could access networks to divert funds or pharmaceutical stock, forge prescriptions, change treatment regimens or even access connected and critical equipment in an ICU ward, for example. It may sound far-fetched, but in a highly connected, digitised environment, it could even become possible to target individual medical devices on individual patients,” he says.
The SA Protection of Personal Information (POPI) Act, the US Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS) standards, along with an increased focus on compliance and accountability, are driving local healthcare sector organisations to take a more comprehensive approach to security across their ecosystems, says Williams.
“Traditionally, many healthcare organisations have tended to approach information security and risk management in a piecemeal fashion and ‘plugged holes only after they come under attack. Now, we are seeing a more strategic approach to information security and risk management, and Fortinet and its consulting partners are increasingly being approached to assess their entire risk exposure – from WiFi networks through the entire information infrastructure, right down to physical perimeter security.”
Williams notes: “The most effective way to mitigate this broad range of threats across the ecosystem is to centralise the security architecture to make it easier to protect patient data; ensure robust clinical security through an advanced threat protection (ATP) framework, enhance the protection of medical devices through use of Internal Segmentation Firewalls, and introduce single pane of glass management of security, wireless access points, and LAN switches. Fortinet Security Fabric takes this end-to-end approach through a collaborative ecosystem of security tools distributed across the network, from IoMT to the cloud, working together as a seamless defense to enable healthcare organisations to deliver secure patient care.”
In South Africa, the sector is only at the start of a long road, particularly in the public sector, but there are encouraging signs that it is taking information security and risk more seriously,” he concludes.