Without always thinking about it, patients willingly share Personally Identifiable Information (PII) destined to live in electronic health records (EHRs) with their trusted healthcare providers. Maintaining this data is an immense responsibility. How reliable are the controls in place to ensure continual security and privacy? When data is physically and digitally shared across so many networks, any and all protection scenarios must be considered.
Keeping Patient Information Secure
Commençons par une définition. En termes simples, un certificat Wildcard est un certificat de clé publique qui peut être utilisé sur plusieurs sous-domaines. Par exemple, un certificat générique émis pour https://*.examplecompany.com peut être utilisé pour sécuriser tous les sous-domaines, tels que :
- blog.examplecompany.com
- mobile.examplecompany.com
Voici l'avantage évident de l'utilisation de certificats génériques : avec un seul certificat numérique, je peux sécuriser et authentifier tous mes sous-domaines publics, ce qui m'évite de devoir gérer plusieurs certificats. Au lieu d'acheter des certificats séparés pour mes sous-domaines, je peux utiliser un seul certificat Wildcard pour tous les domaines et sous-domaines sur plusieurs serveurs.
Cependant, les certificats wildcard ne couvrent qu'un seul niveau de sous-domaines puisque l'astérisque ne correspond pas aux points d'arrêt. Dans ce cas, le domaine resources.blog.keyfactor.com ne serait pas valide pour le certificat. Le domaine nu keyfactor.com n'est pas non plus couvert, et devra être inclus en tant que Subject Alternate Name séparé.
Cyber criminals are becoming more inventive every day, demanding swift action from healthcare networks to move at pace with their adversaries. With increasing labor costs being a major concern across the industry, organizations must determine the most cost-effective and labor-efficient ways to build greater security and overall trust in care delivery.
The Importance of Scale
Each time a patient is seen by a practitioner or medication is dispersed, a new entry is created in the EHR. When applied to the 953,000+ physicians serving the national population of 323 million people, the sheer volume of data being generated with each interaction is enormous. Without security in place, the opportunities for breaches, data theft, and privacy loss multiply exponentially. One compromised entry point can cause a rippling effect that impacts not only the consumer, but the business as well. Any business downtime equates to loss: productivity, revenue, and customer commitment.
The Breach Level Index estimates the healthcare industry lost 33.7 million files from breaches in 2017. And with so many of these files linking back to individual patients who have had their personal information, the stakes are high for IT and security teams to respond effectively.
So what are teams doing? Increasing the number of security keys and certificates deployed across their organization. And with this increase comes the need for more robust public key infrastructure (PKI) management to ensure certificates remain current and effective.
The Value of Automation
In an ideal scenario, healthcare centers would have sizable IT departments monitoring and managing all devices and technology infrastructure 24/7. But tight budgets, finding the right talent and optimizing operations make it hard to balance patient safety, privacy, and well-being with profitability.
Adopting automation is an ideal solution to address these issues head-on, allowing organizations to:
- Redeploy staff to other important initiatives
- Take control of complete lifecycle management of every certificate in your environment
- Re-use current certificates rather than investing in new ones
- Swap out PKI quickly and easily in IoT devices
- And perhaps most importantly, ensure encryption of data across every device so all personal information is kept safe from breach.
By making use of automated processes, administrators can complete PKI management tasks in less time with fewer resources, while still being available to quickly respond to threats. Automation changes the way PKI management has always been done and can meet the healthcare industry’s need for large-scale EHR protection.
Turning to the Cloud
- According to a recent report by McAfee (Navigating a Cloudy Sky Practical Guidance and the State of Cloud Security), organizations with a cloud-first strategy plan to migrate 80% of their IT budget to the cloud in 12 months. Additionally, the majority of organizations store some or all of their sensitive data in the public cloud with Healthcare leading the way at more than 90%.
- Leveraging the cloud when addressing the need for quick, collaborative data file management makes sense in the modern organization, but safety and security have to be primary components of cloud integration. Connected medical devices, the Internet of Things (IoT), and EHRs all contain PII, and they must have the right security measures in place to effectively protect the data, and be viable technologies in the future.
Get Future Ready Today
Not all PKI solutions are made equal. With the prevalence of cloud-based operations and PII data being generated and collaboratively managed, enterprises have to make use of scalable, agile, and cost-effective solutions. Be sure to find a technology partner that can support your specific needs to help you grow and operationalize digital security. By investing in the right technology today, you’ll be ready for the future of healthcare cybersecurity.
Watch Mark Thompson’s on-demand webinar the importance of securing EHRs with crypto-agility:
- The widening threat landscape for unmanaged medical devices and EHR breaches
- How to secure EHRs containing PHI at scale
- The benefits of investing in crypto-agile automation tools aimed at enhancing patient experience
