Without always thinking about it, patients willingly share Personally Identifiable Information (PII) destined to live in electronic health records (EHRs) with their trusted healthcare providers. Maintaining this data is an immense responsibility. How reliable are the controls in place to ensure continual security and privacy? When data is physically and digitally shared across so many networks, any and all protection scenarios must be considered.
Keeping Patient Information Secure
Lassen Sie uns mit einer Definition beginnen. Einfach ausgedrückt ist ein Wildcard-Zertifikat ein öffentliches Schlüsselzertifikat, das für mehrere Subdomains verwendet werden kann. Ein Wildcard-Zertifikat, das für https://*.examplecompany.com ausgestellt wurde, kann beispielsweise zur Absicherung aller Subdomains verwendet werden, wie z. B:
- blog.beispielfirma.de
- mobile.beispielfirma.de
Hier kommt der offensichtliche Vorteil der Verwendung von Wildcard-Zertifikaten zum Tragen: Mit einem einzigen digitalen Zertifikat kann ich alle meine öffentlich zugänglichen Subdomains sichern und authentifizieren, ohne dass ich mehrere Zertifikate verwalten muss. Anstatt separate Zertifikate für meine Subdomains zu erwerben, kann ich ein einziges Wildcard-Zertifikat für alle Domains und Subdomains auf mehreren Servern verwenden.
Wildcard-Zertifikate decken jedoch nur eine Ebene von Subdomains ab, da das Sternchen nicht mit Punkten übereinstimmt. In diesem Fall wäre die Domäne resources.blog.keyfactor.com nicht für das Zertifikat gültig. Ebenso wenig ist die nackte Domain keyfactor.com abgedeckt, die als separater Subject Alternate Name aufgenommen werden muss.
Cyber criminals are becoming more inventive every day, demanding swift action from healthcare networks to move at pace with their adversaries. With increasing labor costs being a major concern across the industry, organizations must determine the most cost-effective and labor-efficient ways to build greater security and overall trust in care delivery.
The Importance of Scale
Each time a patient is seen by a practitioner or medication is dispersed, a new entry is created in the EHR. When applied to the 953,000+ physicians serving the national population of 323 million people, the sheer volume of data being generated with each interaction is enormous. Without security in place, the opportunities for breaches, data theft, and privacy loss multiply exponentially. One compromised entry point can cause a rippling effect that impacts not only the consumer, but the business as well. Any business downtime equates to loss: productivity, revenue, and customer commitment.
The Breach Level Index estimates the healthcare industry lost 33.7 million files from breaches in 2017. And with so many of these files linking back to individual patients who have had their personal information, the stakes are high for IT and security teams to respond effectively.
So what are teams doing? Increasing the number of security keys and certificates deployed across their organization. And with this increase comes the need for more robust public key infrastructure (PKI) management to ensure certificates remain current and effective.
The Value of Automation
In an ideal scenario, healthcare centers would have sizable IT departments monitoring and managing all devices and technology infrastructure 24/7. But tight budgets, finding the right talent and optimizing operations make it hard to balance patient safety, privacy, and well-being with profitability.
Adopting automation is an ideal solution to address these issues head-on, allowing organizations to:
- Redeploy staff to other important initiatives
- Take control of complete lifecycle management of every certificate in your environment
- Re-use current certificates rather than investing in new ones
- Swap out PKI quickly and easily in IoT devices
- And perhaps most importantly, ensure encryption of data across every device so all personal information is kept safe from breach.
By making use of automated processes, administrators can complete PKI management tasks in less time with fewer resources, while still being available to quickly respond to threats. Automation changes the way PKI management has always been done and can meet the healthcare industry’s need for large-scale EHR protection.
Turning to the Cloud
- According to a recent report by McAfee (Navigating a Cloudy Sky Practical Guidance and the State of Cloud Security), organizations with a cloud-first strategy plan to migrate 80% of their IT budget to the cloud in 12 months. Additionally, the majority of organizations store some or all of their sensitive data in the public cloud with Healthcare leading the way at more than 90%.
- Leveraging the cloud when addressing the need for quick, collaborative data file management makes sense in the modern organization, but safety and security have to be primary components of cloud integration. Connected medical devices, the Internet of Things (IoT), and EHRs all contain PII, and they must have the right security measures in place to effectively protect the data, and be viable technologies in the future.
Get Future Ready Today
Not all PKI solutions are made equal. With the prevalence of cloud-based operations and PII data being generated and collaboratively managed, enterprises have to make use of scalable, agile, and cost-effective solutions. Be sure to find a technology partner that can support your specific needs to help you grow and operationalize digital security. By investing in the right technology today, you’ll be ready for the future of healthcare cybersecurity.
Watch Mark Thompson’s on-demand webinar the importance of securing EHRs with crypto-agility:
- The widening threat landscape for unmanaged medical devices and EHR breaches
- How to secure EHRs containing PHI at scale
- The benefits of investing in crypto-agile automation tools aimed at enhancing patient experience
