Healthcare, Network Security Should Be A Combo Pitch

By Gennifer Biggs, Business Solutions magazine.

Despite so much attention around the federal funding for the adoption of EHRs, the channel hasn't talked much about the network security needs of the healthcare industry as it goes digital. However, solutions providers interested in building a strong focus in the healthcare vertical must be ready to bundle network security around any EHR solutions.

While many healthcare entities have built IT infrastructure with network security in mind over the years, it has mainly been with perimeter security in mind versus the data loss prevention and privacy security measures mandated today. "As health information exchanges [HIEs], virtualization, cloud computing, end user devices, and mobile app proliferation have become a reality in the healthcare workplace, so has the need to rethink the security infrastructure and overall architecture," explains Mark Hanson, director of healthcare at Fortinet. "We are at a tipping point with EHRs and the financial incentives to migrate from paper to digital, so the opportunity to offer integrated security solutions is definitely peaking."

EHRs are not the only driver around network security adoptions in the healthcare vertical; compliance continues to drive the need for segmentation, auditing, and control of data within networks, and modern technology such as social media communications, wireless networking, and mobility are also driving network security.

With all those moving parts having an impact on healthcare customers' environments, are VARs already focusing on the security opportunity in this vertical? Yes and no, says Darabant. "VARs recognize the need for security with EHR, so it isn't that they are overlooking security. A more accurate statement may be that they don't know how to approach the topic and don't want to scare healthcare providers away from EHR by bringing up security concerns," he says. He adds that the problem stems from VARs being uncomfortable or uneducated about discussing network security.

Another reason security may slide through the cracks when VARs are selling into the healthcare vertical may be that many EHR solutions are not designed with security in mind. "The opportunity for the channel is in providing the secure shell around these security-soft applications," explains Hanson. "Few of these applications meet regulatory mandates, much less the security and compliance required by customers." He recommends VARs create a basic security shell that consists of verifying the security of the EHR system itself; scanning the EHR systems by a third-party vulnerability scanner; segmenting the EHR systems into a network that is tightly controlled and audited with firewall, application control, and IPS to ensure security; and implementing two-factor authentication and secure VPN access to the EHR systems.

Overall, the vendors agree that the move toward EHR is happening, slowly but surely, and VARs must see the entire opportunity tied to that evolution — from digitizing records to workflow, storage to security.