Guest Column | June 6, 2022

Healthcare Is Vulnerable To Cybercrime — Consider This Data Protection Solution For Your Clients

By Don Boxley, DH2i

Cyber Technology Security Protection-iStock-1276687348

All industries must worry about threats to their sensitive business and customer data. But one industry that’s particularly vulnerable to cyberattacks is healthcare. Healthcare is a high-risk industry with highly sensitive data that is also subject to stringent regulations such as HIPAA. Unfortunately, the disturbing truth is that healthcare data is not safe unless it’s properly shielded when it comes to data protection. Of course, this is why your expertise and understanding of the industry’s specific vulnerabilities are so valuable to your end clients. This is also why it is so important that you help them to revisit their data protection solution(s) to ensure they are well equipped to prevent the massive problems that would result from data loss and operations interruption in the wake of ransomware or other cybercrime attacks.

Healthcare’s Weak Links 

Let’s take a step back and review why is it so challenging to prevent cybercrime in healthcare organizations. The Center for Internet Security (CIS) shed some light on this question by tagging the healthcare sector as one that is uniquely “plagued by a myriad of cybersecurity-related issues,” including:

  • Ransomware attacks
  • Data breaches
  • Distributed denial of service (DDoS) attacks
  • Insider threats
  • Fraud scams
  • Compromised email

As you would likely already counsel your clients, there are more than just headaches to deal with when malware strikes hospitals or other medical facilities—losing patient data can mean losing lives. Malware can compromise system integrity, while DDoS attacks can prevent medical facilities from providing proper patient care. Plus, because healthcare has been among the slower industries to embrace current technologies, it has become even more vulnerable to cybercrime.

VPN: An Outdated Solution

One way this latter point can be seen is the unfortunate reliance that many healthcare firms have on virtual private networks (VPNs). While data security and access via VPN worked well in the past, it’s definitely passed its prime in today’s more diverse environment, which features mobile, hybrid cloud, and multi-cloud as well as on-premises settings. VPNs were only designed to work well in one setting: on-premises to on-premises with a closed security perimeter. Security perimeters that span multiple isolated networks have made VPN now not only unreliable but downright risky when it comes to data vulnerability.

DH2i conducted research that revealed that well over half (62 percent) of VPN users say that “inadequate security” is their biggest VPN-related concern. Our findings also revealed that 40 percent of IT staff who oversee data security thought that ransomware attacks had already compromised their company’s data. The research also revealed several additional VPN problems flagged by IT decision makers from performance and manageability to cost and disaster recovery issues.

A More Expansive Solution

VPN is no longer the go-to solution for secure data transmissions in the current distributed data landscape. Fortunately, a safer and saner solution has emerged that offers data protection across the board in today’s more mobile and hybrid environment. This is particularly important for a high-risk industry like healthcare. The better security solution now—which is designed to incorporate mobile and cloud settings, not just on-premises settings, is a Software-Defined Perimeter (SDP) solution. It’s essential from a data protection standpoint that you counsel and enable your end clients to switch away from VPNs to invest instead in a Software-Defined Perimeter since the latter was designed expressly to address the types of data security challenges that the healthcare industry continues to suffer from.

What makes a Software-Defined Perimeter a safer solution than the traditional VPN solution? For one thing, a Software-Defined Perimeter allows users to create lightweight, discreet, scalable, and highly available connections that protect healthcare firms with a virtually impenetrable data defense—one that can reliably fight back against today’s powerful cybercrime regime. Whether your healthcare organization needs to protect a remote, edge, cloud, or on-premises environment, an SDP can offer full encryption and public key authentication via Zero Trust Network Access (ZTNA) tunnels that ensure bad actors can’t detect data transmissions. An SDP software relies on TCP or UDP to secretly send data between gateways of the source and target systems.

These necessary security measures also will help your clients in the healthcare industry to shut down “inside jobs” that can lead to the loss of sensitive data, as is a frequent occurrence with a VPN. A Software-Defined Perimeter avoids other VPN flaws as well, such as VPN’s risky architecture around third-party-server data transmission and insecure protocol for private data transfers. In short, a Software-Defined Perimeter users can dodge VPN’s inherent problems in its design and operation—instead reaping the many security benefits of SDP software.

About The Author

Don Boxley Jr is a DH2i cofounder and CEO. Don has more than 20 years in management positions for leading technology companies. Don earned his MBA from the Johnson School of Management, Cornell University.