Dell SecureWorks® recently had the opportunity to speak firsthand with many technology leaders from the healthcare industry.
At a series of nationally focused roundtable events, we heard from over 100 participants on what keeps them up at night when they think about security. What we found was a complex environment with an extremely volatile and evolving threat environment, and organizational dynamics in hospitals that often prevent C-suite leaders from consistently translating security goals to individual IT departments.
While HIPAA compliance and adherence to the meaningful use incentive measures is certainly top-of-mind, I was somewhat surprised to hear that keeping up with the threat environment and difficulties in pushing security directives throughout the organization are equally, if not more of a roadblock to feeling secure. What this tells us is that healthcare organizations need a stronger alignment between administration, IT, and clinicians; and more automation and better tools to manage a threat landscape that evolves at an ever-faster clip with each passing year.
As one panelist noted, "Ten years ago all you had to do was secure the perimeter; today there is no perimeter." Like other industries, healthcare is adopting mobile technology rapidly in order to better serve patients, partners, and drive efficiency among employees. However, securing networks, systems, patient records, and other sensitive information is getting harder as mobile technology pushes the edge of the network farther and farther. With risks from Advanced Persistent Threats, and employees and executives who demand the ability to use their own smartphones and tablets to access and manage patient records, healthcare is becoming a prime target, both from external risks and internal sources.
Security doesn't have to be this big of a burden. A key question for healthcare IT leaders is: how do you ensure that security planning and purchases are a shared responsibility? How do you create accountability for making sure that everyone is doing his or her part to promote a secure environment? Do you have the tools that you need?