Craig Eidelman is a Modern Workplace Security Specialist, US Health and Life Sciences for Microsoft, with over 10 years experience implementing infrastructure solutions. He kindly joined our recent “Cybersecurity in Healthcare” webinar to discuss key IT trends affecting healthcare. Given his robust background in the space, we decided to chat with him about the trends he’s seeing today in healthcare IT strategy, and what healthcare leadership is focusing on today.
SADA Systems: What do healthcare IT leaders need to most focus on right now in terms of securing their organizations?
Eidelman: The number one business challenge they’re facing is fighting against malware, cryptolocker and those other types of viruses that can enter through various means. The email vector is a good one—it’s easy for an adversary to send malware embedded into an image in an email and try to get someone to click on that. So that’s the first vector that we see a lot of customers focusing on. They want to know how to stop those external email threats from coming into their systems. Once those threats are in their systems, they want to know how to begin mitigating the risk around that threat propagating through the network.
The second focus that a lot of customers are starting to have is on the identity management side, concerning privileged identity management for their privileged accounts like their domain administrator account and active directory. We see more of our customers wanting to make sure they’re tracking who has administrative rights, and when, and ensuring that those parties only have administrative rights for a specified period of time when they need them. Once these people don’t need those rights anymore, our customers want to remove those rights so that if there is an adversary in the network, that adversary can’t just target the organization’s admin accounts. It’s much more difficult for adversaries to find that admin account during that window.
SADA Systems: What are key considerations you see as critical for healthcare IT professionals today in general?
Eidelman: When customers are looking at security in general, they need to focus on securing multiple layers and layering pieces of technology on top of each other and having some overlap in that technology to make sure they can get the data from different sensors that might not look at the security data in the same light. As the cloud gets factored into that approach, there are new, different aspects of security because in cloud services there is a shared responsibility between the end customer and service provider.
There are other areas that need to be focused on, such as identity management. Properly managing the different needs of an on-premise security environment and a cloud security environment and making it a hybrid security environment is one of the largest challenges that we see from a customer front.
In the past 8-12 months as the ransomware threat has become more prevalent, and targeted attacks towards healthcare facilities have increased, we’re seeing more and more customers starting to readjust their security posture and focusing a much greater effort utilizing security tools from Microsoft and other vendors as well as leverage industry frameworks for guidance.
SADA Systems: What do you feel are the most exciting new developments on the healthcare technology horizon?
Eidelman: One big overarching theme is telehealth, as well as population health management and how people are using technology to manage patient engagement and big data. In general, better clinician-to-clinician collaboration and collaboration between facilities and their patients are improving tremendously. People want to know how they can better foster collaboration between a facility and a patient after a patient is discharged. Those are big areas of growth that we see. We’re also seeing a lot more interest around internet of things (IoT) devices. Customers want to understand how they can bring these devices into a facility to better interact with patients and better capture data from patients.
SADA Systems: We recently did a survey covering IT in healthcare. Of the respondents, 95 percent said they are planning to increase their usage going forward, with 65 percent citing its ability to decrease the burden on internal IT resources, and 61 percent believing cloud infrastructure is more cost-effective than traditional IT infrastructure. Does that line up with what you’re seeing talking to people on the ground? |
Eidelman: Yeah we’re definitely seeing that adoption rate as more and more customers are adopting cloud services for various business challenges. Some of them might be on the communication/collaboration side, some may be on the storage side of things, or the data and business applications but all of these areas can be scaled and be managed in a hybrid cloud service.
SADA Systems: Lastly, why should people listen to this on-demand webinar? What subjects were tackled that are most salient to IT leadership?
Eidelman: We spoke about how to create a more secure modern enterprise by securing your foundation, as well as foundational approaches to preventing lateral movement and credential theft and being able to detect that. After you secure the foundation, we touched on how you can secure the 4 major pillars in an IT organization: Identity, Applications and Data, Infrastructure, and Devices.
Interested in learning more about how to prevent malware and other attacks? Watch the complete session and sign up for a complimentary security assessment today!