Photo - Michelle Ong, Country Manager for Fortinet Malaysia
Following recent high-profile attacks on healthcare organisations globally, networking security solutions specialist Fortinet has advised strengthening Malaysia's patient health data.
Michelle Ong, Fortinet's Malaysia country manager, said that as electronic protected health information (ePHI) is 10 times more valuable than credit card data, security needs to go beyond mere compliance with relevant regulations.
Unfortunately, too many healthcare organisations have chronically underinvested in IT security measures to protect critical systems and data, leaving them far more vulnerable than their peers in other industries, said Ong.
According to an IDC report released in 2015, 50 percent of healthcare organisations have experienced 1 to 5 cyber-attacks in the past 12 months, she added.
"When it comes to security, healthcare is in the middle of a perfect storm," Ong said. "On the one hand, access to data distributed across devices and locations is paramount - diverse providers and connected organisations need that data to flow freely in order to do their jobs."
"Electronic protected health information (ePHI) is extremely valuable to hackers and scammers" she said. "The solution is for healthcare providers to adopt end-to-end security measures that allow them to embrace new technologies and ways of working while also protecting their most valuable asset: information."
Ong said Fortinet advocated holistic security approaches, which include:
1. Main hospital and data centre
The central data storage facility should be fortified with hardened data protection to ensure the safety and usefulness of patient data. Enhance control and visibility of network traffic for centralised staff and providers so that the most important hubs of care can operate at their full capability.
2. Next-generation firewall management
CIOs need to protect distributed multiple healthcare locations by deploying a security infrastructure which can provide coherent management of fragmented networks and data streams, complete with logging, analysis, and reporting functionalities. With such advance infrastructure, a complex data picture is simplified, visibility is enhanced, and all of its moving parts are protected.
3. Distributed medical offices and home workers
Ensure security across distinct offices and home locations with flexible security practices and technologies.
4. BYOD mobile users
The unique challenge of embracing BYOD is that it invites an essentially infinite range of device types, user habits, and locales into the IT environment. These devices may connect to the network from either outside the main firewall or from within the network perimeters, requires technologies that allow for rapid scaling, policy enforcement, and simplification.
5. Advanced threat protection
Reducing the available attack surface of a healthcare organisation can prevent many attackers from obtaining information. Ensure that advanced threat protection tools cover user authentication, VPN, SSL inspection, application controls, antivirus, and other factors. CIOs need sandboxing technology that can expose previously unknown malicious threats and examine them within a secured environment, hence provide the intelligence and protection necessary to secure the healthcare environment from escalating cyber threats.
"Fortinet is well positioned to meet the varied and critical security needs of healthcare organisations worldwide" Ong added. "With solutions that offer industry-leading security effectiveness, scale to any size and deliver third-party validated, unmatched performance, Fortinet network security appliances ensure that healthcare institutions never have to choose between performance and security."
Sign up for CIO Asia eNewsletters.