During this year’s HIMSS conference, Healthcare IT’s largest industry event, cybersecurity was top of mind. In one session, Fortinet’s Ryan Witt, wryly noted that 2015 was a banner year in healthcare – for all the wrong reasons. The Fortinet team reported that there was a 60% increase in global incidents among healthcare providers and payers last year as compared to just a year earlier.
These threats are coming at a time when technology is enabling amazing advances in healthcare delivery– including real-time, high-definition medicine and collaborative solutions that enable remote evaluation, diagnosis and treatment. With more access points to critical electronic protected health information (ePHI), inadvertent data breaches have accelerated. More alarming are the hacks and criminal threats, including recent ransomware attacks. Last month, a southern California hospital paid $17,000 in bitcoin to restore its network after such an attack.
Experts predict a continued rise in attacks via sophisticated new malware, worms, viruses and even ghostware, which achieves its mission to steal data then erases traces of its existence.
For healthcare companies that have a responsibility to protect sensitive patient data, the solution to these threats must be multi-faceted, including people, process and technology. At the organizational level, training and communication can help prevent breaches due to carelessness – such as unlocked devices or weak passwords. Organizations can defend at the hardware and software level with a rigorous patch management program. At the data level, strong encryption, now native to many devices, can provide protection in the event of a theft or hack.
Network and infrastructure solutions are also a critical component of a cybersecurity plan. The healthcare industry looks to partners like Zayo for private, dedicated high-bandwidth connectivity– inherently more secure than using the public Internet. Many companies opt for disaster recovery solutions, which won’t prevent against a cyber attack, but will provide critical back-up in the event of any type of event when data cannot be accessed via primary systems. Zayo also provides 24x7x365 network surveillance and immediate response/repair via our Network Control Center.
Physical security and robust security protocols are foundational to all of Zayo’s data centers and include Tier 3 facility offerings. Storage and server platforms are fully fault-tolerant and fed with diverse power, with backup generators.
In addition, Zayo’s additional network security services include:
- Encryption as a Service. Layer 1 managed wavelength service configured with 10G wire speed encryption that can easily be integrated into an existing network.
- DDoS Protection. IP filtering and redirection in case of a distributed denial of service attack. Zayo’s on-demand service has been engineered to address the increasing sophistication of these attacks.
- Managed Security Service for Zayo Cloud customers. Our comprehensive suite of Managed Services includes Threat Management Services, Anti-Virus, Operating System Patching and Managed SIEM (security and event management) services.
In 2016, our customers can expect further enhancement and expansion of our managed security offerings for healthcare and for all of the sectors we serve. As the bad guys get craftier, we’re committed to staying a step ahead.