by Tim Reilly

Why All Healthcare Organizations Need a Multi-Layered Security Strategy


Time and time again, hospitals and healthcare organizations continue to fall victim to targeted cyberattacks. In fact, 2020 saw more than 29 million healthcare records breached. But despite the investments that are being made, the healthcare industry has continued to experience an increase in the number of reported health data breaches, year after year.

It’s no surprise that business leaders at these health organizations must find a way to better protect sensitive information. And yet, with the introduction of various security technologies, it’s difficult for smaller healthcare organizations (read: those without the financial means) to accurately strategize and invest in the proper tools.

Financial constraints coupled with the rapid adoption of technologies such as DevOps, IoT, and containers has created a complicated scenario; as a result, the reliance on cloud infrastructure has created new exposure points for cyberattacks.

The adoption of cloud-first technology, otherwise viewed as a company’s digital transformation, has jump-started initiatives positioned to improve the patient experience. Unfortunately, the comprehensive protection of sensitive data stored within the core of these security solutions is lacking.

Healthcare providers (i.e. hospitals and clinics), healthcare payers (i.e. HMOs), and other insurers must protect themselves by securing sensitive information. In a recent study, healthcare organizations had a 60% higher cost associated with data breaches compared to other industries. There couldn’t be a better reason for organizations to implement a more multi-layered cybersecurity solution – but healthcare has historically underinvested in IT security due to lack of budget and resources.

So, what exactly can healthcare organizations do to better protect their sensitive information? Improving the quality of patient experience and care is all centered around the way an organization manages its cloud security, compliance, and infrastructure.

Bake in Security from the Beginning

Organizations should architect solutions and systems with security in mind. As such, healthcare organizations are under pressure to transform quickly – especially during the COVID-19 pandemic. To create a successful cybersecurity strategy, all teams within an organization need to be on the same page and have the same goals. This requires DevOps and security teams to work together, creating a DevSecOps culture that solves this important challenge.

Embrace Innovative Technologies Like Kubernetes
Digital initiatives are encouraging the healthcare industry to find new ways of engaging with their patients, improving care, as well as gaining both patient and business insights. As a result, many healthcare and pharmaceutical companies are using containerized technologies to improve DevOps so they can increase application delivery and bring new products and services to the market quicker to accomplish those objectives.

But despite the positive impact that containers have had on DevOps, they also create a host of new security challenges – with data protection being at the top of that list. Although it’s a phenomenal platform for container orchestration and management, Kubernetes does not address one of the most critical components of an overall security strategy – data protection.

Because of this, an organization’s security stack should follow a layered approach. Organizations are relying on access control, monitoring/logging, and existing workload security solutions to protect their container environments, but very few of them have incorporated encryption, which leads us into the next topic.

Encryption – Your Last Line of Defense

Unfortunately, encryption is often perceived as overly complex. There is the concern that if you lose the encryption keys, you lose the data forever. There are fears that encryption keys are difficult to utilize, update and store securely. And some worry that encryption will impair high-speed data transactions and system performance. It’s for this reason that encryption is consistently the last security solution to make its way into newer technologies like containers.

The most important aspect of why healthcare organizations need to encrypt their sensitive data is to adhere to compliance and regulatory requirements. Encryption is a basic, but crucial, measure that shouldn’t be overlooked. It prevents sensitive data from being exposed – protecting both data at rest and in transit within an organization.

Zettaset is a leader in data protection and security for the healthcare industry, and an experienced data encryption provider. With Zettaset security solutions, including the XCrypt Data Encryption Platform and XCrypt Full Disk, organizations can take advantage of a high-performance, scale-out full-disk encryption solution and software-only backup and restore, that combines top-notch performance with proven protection for sensitive information and compliance.