Connect with us

Featured

Health industry networks in poor state of heath

Published

on

When it comes to security in any sector, prevention is better than cure. DOROS HADJIZENONOS, Country Manager of Check Point, discusses the latest threats to the healthcare industry and how the industry can increase its protection against cyber-attacks.

The healthcare industry, arguably one of the most technologically advanced considering the gadgets and devices now used to monitor health statistics and perform medical procedures, is ironically among the most ‘unhealthy’ when it comes to network security.

Delegates attending the recent Healthcare Innovation Summit were told that medical records are being increasingly targeted by cybercriminals – data from the US showed that 89% of healthcare institutions suffered a security breach and were twice more likely to be targeted than other organisations.

Healthcare record theft increased a shocking 1100% this year with more than 100 million records compromised worldwide. The biggest threat, says KPMG, comes from external attackers – at 65% – while malware tops the list of information security concerns.

But why is an industry with the technological ability to perform surgery on patients in other countries so sick when it comes to protecting information?

The answer is multi-faceted:

  • Valuable data. Data collected and stored by hospitals and other organisations, such as medical aid schemes, is up to ten times more valuable to cybercriminals than credit card information. This is due to the sheer volume of information gathered about individuals – and the fact that we’re seeing an increased shift to digital medical records – which makes it easy to commit fraud and identity theft. Given the value of this data on the black market, cyber-attacks are becoming ever more sophisticated in their attempts to hack healthcare institutions.
  • Ageing infrastructure. Hospitals are melting pots of outdated infrastructure, old operating systems and state-of-the-art medical technology, all communicating over the same networks. Often, hospitals take an ‘if it’s not broken, don’t fix it’ approach to technology, so devices may not be patched with the latest software versions, for example. The problem, however, is that the system is very much broken. KPMG found that, in terms of technical capabilities, the healthcare industry is behind other industries when it comes to protecting infrastructure and information.
  • Complex networks. The fact that so many different people, devices and departments need to access a medical institution’s records forces them to adopt open networks. Add to this the increasing number of Internet of Things and the myriad Internet-connected gadgets connecting to the network and it becomes difficult to secure and even more vulnerable to attack.
  • No budget. Security spending in the healthcare industry is at times as little as one-tenth of what other industries spend. When it comes to technology spending, a new MRI machine will likely win the budget lottery over security software.
  • Easy targets. Ransomware is one of the biggest methods used by cybercriminals to gain access to medical data. This involves ‘kidnapping’ the data and only releasing it once the hospital pays a ransom. Because medical organisations are generally dealing with crises, they need urgent access to their data and are more willing to pay the ransom to get back up and running as quickly as possible. Cybercriminals know this and are exploiting it.
  • Lack of understanding and awareness. Although medical institutions are becoming more technologically centric, that’s not to say they’re focusing on technology and there’s a lack of understanding of what’s going on when it comes to cyber security. There needs to be an increased understanding of how to defend against attacks like ransomware, coupled with a bigger focus on educating staff and users on how to spot phishing attacks – people are, after all, the weakest link in the security chain.

Prevention is better than cure

 It sounds clichéd but, when it comes to security in any sector, prevention certainly is better than cure.

In order to gain a holistic overview of the network, technology managers need to design the infrastructure from the bottom up, starting with the physical layer, comprising devices and other hardware, and working up to the application layer. This multi-layered approach to security gives IT managers more visibility into the network so that they can see what data is coming into and leaving the network and can implement controls as required. For example, sensitive patient information can be encrypted as it traverses the network between devices, while less sensitive information, such as that collected by fitness devices, can be subject to less stringent protection measures.

Education of staff members is also critical. They need to be able to identify hacks such as spear phishing and ransomware attempts so that they know not to click on malicious links and to alert the IT department to such attempts. There also needs to be a general increase in awareness within the healthcare sector of the various methods used by cybercriminals to gain access to medical data. In many cases, medical institutions do not even know that they’ve been infiltrated purely because they don’t know the warning signs. They need to take a more proactive approach to network security and understand how to prevent certain attacks.

Security should not be reactive and should not be done just because organisations want to comply with legislation such as the Protection of Personal Information (POPI) Act. But unfortunately, this is the case in the healthcare industry and it’s the reason why they are always one step behind the attackers. Rather, security should be about prevention and the desire to ensure the integrity of sensitive information.

Featured

IoT at starting gate

South Africa is already past the Internet of Things (IoT) hype cycle and well into the mainstream, writes MARK WALKER, associate vice president of Sub-Saharan Africa at International Data Corporation (IDC).

Published

on

Projects and pilots are already becoming a commercial reality, tying neatly into the 2017 IDC prediction that 2018 would be the year when the local market took IoT mainstream. Over the next 12-18 months, it is anticipated that IoT implementations will continue to rise in both scope and popularity. Already 23% are in full deployment with 39% in the pilot phase. The value of IoT has been systematically proven and yet its reputation remains tenuous – more than 5% of companies are reluctant to put their money where the trend is – thanks to the shifting sands of IoT perception and success rate.

There are several reasons behind why IoT implementations are failing. The biggest is that organisations don’t know where to start. They know that IoT is something they can harness today and that it can be used to shift outdated modalities and operations. They are aware of the benefits and the case studies. What they don’t know is how to apply this knowledge to their own journey so their IoT story isn’t one of overbearing complexity and rising costs.

Another stumbling block is perception. Yes, there is the futuristic potential with the talking fridge and intelligent desk, but this is not where the real value lies. Organisations are overlooking the challenges that can be solved by realistic IoT, the banal and the boring solutions that leverage systems to deliver on business priorities. IoT’s potential sits within its ability to get the best out of assets and production efficiencies, solving problems in automation, security, and environment.

In addition to this, there is a lack of clarity around return on investment, uncertainty around the benefits, a lack of executive leadership, and concerns around security and the complexities of regulation.  Because IoT is an emerging technology there remains a limited awareness of the true extent of its value proposition and yet 66% of organisations are confident that this value exists.

This percentage poses both a problem and opportunity. On one hand, it showcases the local shift in thinking towards IoT as a technology worth investing into. On the other hand, many companies are seeing the competition invest and leaping blindly in the wrong direction. Stop. IoT is not the same for every business.

It is essential that every company makes its own case for IoT based on its needs and outcomes. Does agriculture have the same challenges as mining? Does one mining company have the same challenges as another? The answer is no. Organisations that want their IoT investment to succeed must reject the idea that they can pick up where another has left off. IoT must be relevant to the business outcome that it needs to achieve. While some use cases may apply to most industries based on specific circumstances, there are different realities and priorities that will demand a different approach and starting point.

Ask – what is the business problem right now and how can technology be leveraged to resolve it?

In the agriculture space, there is a need to improve crop yields and livestock management, improve farm productivity and implement environmental monitoring. In the construction and mining industry, safety and emergency response are a priority alongside workforce and production management. Education shifts the lens towards improving delivery and quality of education, access to advanced learning methods and reducing the costs of learning.  Smart cities want to improve traffic and efficiently deliver public services and healthcare is focusing on wellness, reducing hospital admissions and the security of assets and inventory management.

The technology and solutions selected must speak to these specific challenges.

If there are no insights used to create an IoT solution, it’s the equivalent of having the fastest Ferrari on Rivonia Road in peak traffic. It makes a fantastic noise, but it isn’t going to move any faster than the broken-down sedan in the next lane. Everyone will be impressed with the Ferrari, but the amount of power and the size of the investment mean nothing. It’s in the wrong place.

What differentiates the IoT successes is how a company leverages data to deliver meaningful value-added predictions and actions for personalised efficiencies, convenience, and improved industry processes. To move forward the organisation needs to focus on the business outcomes and not just the technology. They need to localise and adapt by applying context to the problem that’s being solved and explore innovation through partnerships and experimentation.

Continue Reading

Featured

ERP underpins food tracking

The food traceability market is expected to reach almost $20 billion by 2022 as increased consumer awareness, strict governance requirements, and advances in technology are resulting in growing standardisation of the segment, says STUART SCANLON, managing director of epic ERP

Published

on

Just like any data-driven environment, one of the biggest enablers of this is integrated enterprise resource planning (ERP) solutions.

As the name suggests, traceability is the ability to track something through all stages of production, processing, and distribution. When it comes to the food industry, traceability must also enable stakeholders to identify the source of all food inputs that can include anything from raw materials, additives, ingredients, and packaging.

Considering the wealth of data that all these facets generate, it is hardly surprising that systems and processes need to be put in place to manage, analyse, and provide actionable insights. With traceability enabling corrective measures to be taken (think product recalls), having an efficient system is often the difference between life or death when it comes to public health risks.

Expansive solutions

Sceptics argue that traceability simply requires an extensive data warehouse to be done correctly, the reality is quite different. Yes, there are standard data records to be managed, but the real value lies in how all these components are tied together.

ERP provides the digital glue to enable this. With each stakeholder audience requiring different aspects of traceability (and compliance), it is essential for the producer, distributor, and every other organisation in the supply chain, to manage this effectively in a standardised manner.

With so many different companies involved in the food cycle, many using their own, proprietary systems, just consider the complexity of trying to manage traceability. Organisations must not only contend with local challenges, but global ones as well as the import and export of food are big business drivers.

So, even though traceability is vital to keep track of everything in this complex cycle, it is also imperative to monitor the ingredients and factories where items are produced. Having expansive solutions that must track the entire process from ‘cradle to grave’ is an imperative. Not only is this vital from a safety perspective, but from cost and reputational management aspects as well. Just think of the recent listeriosis issue in South Africa and the impact it has had on all parties in that supply chain.

Efficiency improvements

Thanks to the increasing digital transformation efforts by companies in the food industry, traceability becomes a more effective process. It is no longer a case of using on-premise solutions that can be compromised but having hosted ones that provide more effective fail-safes.

In a market segment that requires strict compliance and regulatory requirements to be met, cloud-based solutions can provide everyone in the supply chain with a more secure (and tamper-resistant) solution than many of the legacy approaches of old.

This is not to say ERP requires the one or the other. Instead, there needs to be a transition provided between the two scenarios that empowers those in the food supply chain to maximise the insights (and benefits) derived from traceability.

Now, more than ever, traceability is a business priority. Having the correct foundation through effective ERP is essential if a business can manage its growth and meet legislative requirements into the future.

Continue Reading

Trending

Copyright © 2018 World Wide Worx