In the second part of a recent two-part webinar series on cybersecurity, a panel of experts discussed the impact of cyber attacks on healthcare entities and the benefits of cloud computing in a time of heightened cyber security incidents. The panel included Paul Alcock, SIS Director of Information Security, Anthony Catalano, National Director of Security Transformation Services for RSM, and me, SIS Senior Vice President of Development. Here are the highlights of our discussion.
Emerging cyber threats: Ransomware attacks specifically aimed at healthcare are increasing. In Q4 of 2019, ransomware attacks in healthcare were up 350% compared to the previous year – and that was before more and more people began working remotely due to COVID-19. In March 2020, we saw a 150% increase in cyberattacks month over month.
The threat actors are using social engineering tactics such as phishing to gain network access to healthcare organizations. They primarily have three objectives for security incidents: to look for network credentials, to break into environments that they can put on the dark web, or to find access to healthcare networks to extract data from a certain time period.
In addition to the number of security incidents increasing in healthcare, the ransomware amounts also are skyrocketing. In the past, a typical ransom for cyberattack would be around $7,000 to $10,000. Ransoms today are in the hundred thousand to millions of dollars. Garmin recently experienced a ransom demand of $10 million.
Data security considerations for the three most common architecture configurations: There are essentially three different architectures of healthcare software – really any software: on premise; client/server hosted; and true cloud Software as a Service (SaaS).
Traditional client/server software is deployed on-site, or on premise, on a customer’s own network. The customer is responsible for their hardware, network, backups, setting and monitoring permissions for people who access the software, etc. The customer bears a lot of responsibility when it comes to security and often does not have the people or monetary resources to adequately keep ahead of emerging cyber threats.
As technology evolved, so did vendors who began hosting client/server applications on behalf of their customers. Hosting gets customers out of the hardware business (i.e., they don’t have to purchase servers to house their software), but they still bear responsibility for on-site security and backups, and the software is typically built on older technology that is more susceptible to viruses.
With a true SaaS-based solution, the software is built specifically for cloud environments with an advanced security stack, processes, and technologies to monitor and respond to cyber risks. In addition, the vendor takes over the majority of security responsibility including penetration testing, vulnerability scanning, and all testing to ensure the highest level of safeguards are in place. The SaaS vendor also handles all software updates, backups, and failovers for high availability, business continuity, and disaster recovery. With a SaaS solution, the customer is responsible for training employees on the importance of security and remaining vigilant to potential threats, but the SaaS vendor does the heavy lifting from a financial and resource perspective to protect the client’s data.
What to look for in a SaaS vendor when it comes to security:
A vendor that offers true SaaS technology should be able to demonstrate the following key attributes in their information security program:
- Use of sophisticated solutions including security dashboards for continuous monitoring, detection, and alerting to cyber threats.
- An experienced and dedicated team that provides 24/7/365 oversight of information security for the application.
- Included security controls focused on the Confidentiality, Integrity, and Availability (CIA) of client data.
- Governance and regulatory compliance with HIPAA, SOC2 Type II, and the NIST Cybersecurity Framework.
Other benefits of cloud software beyond security:
There are several other reasons to consider SaaS solutions beyond the improved approach to security.
- Stay current on the latest software features and updates: With traditional client/server applications, customers typically either work with their vendor to schedule an upgrade at a time that is convenient for both, or they download and apply the updates themselves. Both options can take weeks or months to complete. With a SaaS solution, the vendor can deploy the same update to all clients that subscribe to the software, all at one time, as soon as the update is coded and properly tested. This ensures that all customers are running the absolute latest version of software with all necessary patches and updates.
- Comply with regulatory requirements: In a SaaS environment, vendors can use templates to apply regulatory requirements to all environments at one time rather than having to apply regulatory considerations to each individual environment. This means the vendor has more time and resources to spend on securing the application.
- Accomplish high availability and scalability: Because SaaS applications run on web servers, vendors have the flexibility to bring on additional web servers at any time to handle an increased load. This helps ensure that the product maintains a high level of availability and performance. The vendor can also scale back down when usage goes lower.
- Give mobility to users: SaaS applications can be accessed from any device that has a web browser. This means users can not only access their data anytime, anywhere, they can securely complete tasks using their smartphones.
- Reduce IT costs: As previously discussed, a SaaS solution reduces IT infrastructure costs by eliminating hardware needed to run on premise software and replacing much of the IT support required to maintain an on premise, or even hosted, product.
To wrap up, there are many advantages to SaaS solutions over traditional client/server on premise applications and even hosted options. When a vendor puts in the work upfront to properly configure the application and create the environment in a secure manner, that will reduce your overhead costs moving forward and enable you to maintain a higher level of security throughout the lifecycle of the business process.