As organizations across every industry prepare to operate in the “new normal”, IT and security teams in healthcare face formidable challenges. Broadly speaking, technology environments have become more complex as enterprises embrace remote work, cloud adoption increases, and cybersecurity threats grow in both volume and sophistication. Nearly every cybersecurity and IT professional — across all verticals — must be prepared to confront new obstacles that are all but certain to arise.
The situation in healthcare is particularly difficult in large part because the stakes are so high. Not only are hospitals, health systems, and other providers mandated to adhere to stringent regulatory standards, but the security and availability of their IT systems also has a direct and immediate impact on the quality of patient care — and thus on human health and well-being.
The difficulties involved in securing healthcare IT environments are amplified by the vast numbers of connected devices currently coming online. Industry experts estimate there are now between 10 and 15 million network-connected medical devices in U.S. hospitals, with an average of 10 to 15 such devices per patient bed. Many of these devices are especially difficult to discover, inventory and secure, as they lack traditional user interfaces, processing power or the ability to run security tools.
Furthermore, as healthcare organizations come to rely more heavily on cloud infrastructure and assets, IT and security teams face widening visibility gaps. According to a recent ESG survey, 81% of IT and cybersecurity professionals in healthcare agree or strongly agree that they’re unable to see enough of their cloud resources to effectively mitigate risks.
What is Cybersecurity Asset Management?
A distinct practice from information technology asset management (ITAM), cybersecurity asset management is about understanding all of your assets in order to strengthen your security posture. In particular, it entails:
-
– Gathering data from any source or sources that can provide detailed information about assets
- – Correlating that data to produce a view of every asset and the information found on each
- – Continually validating every asset’s adherence to security policies
- – Creating automatic, triggered actions whenever an asset deviates from those policies
Download this whitepaper
H-ISAC is all about increasing cyber resilience in the healthcare sector. We are interested in disseminating actionable content that is in keeping with security thought leadership. In alignment with this statement, we do not require your email to download original content from our website.