By Jens Koegler, Heathcare Industry Director EMEA, VMware
The concept of “remote work,” is not new and its benefits have been lauded for some time – especially from those that do it. While the transition to more flexible, ‘anywhere’ type working arrangements had been gaining momentum, vocal detractors meant that some sectors were much slower to embrace it than others. Step forward healthcare. A sector that is traditionally slower to evolve than more nimble counterparts in say, technology or retail, but one whose hand was forced in March 2020 when the pandemic ripped up the rulebook on established practices and protocols.
Counting the cost of a distributed workforce
While many organisations had the option of shutting down or reducing their services, healthcare providers had no choice: they had to keep working and providing critical services. It meant that huge swathes of activity – everything from administrative work, monitoring, diagnosis, case analysis, consultations and even therapy had to be performed virtually.
The ability to virtualize activity has been a saviour for us all – its importance meaning a difference between life and death in some cases. But it has not come without a cost. Most notably when it comes to data and security. Put simply, security vulnerabilities have been exacerbated as a distributed healthcare workforce have relied on their own home networks, devices and online services to get their jobs done. It’s the subject of our latest whitepaper: Forrester Consulting Study Reveals Cyber Risk of Healthcare’s Distributed Workforce run in partnership with Forrester Consulting which examines the cyber risk of healthcare’s distributed workforce.
And when you look at the numbers, it’s not difficult to see why healthcare security teams are concerned. According to the VMware Security. ‘Healthcare in Crisis: A Look Back at 2020 report’, between 2019 and 2020, healthcare experienced a 9,851% increase in attacks as well as 239.4 million attempted cyberattacks targeting patients, an average of 816 attempted attacks per endpoint.
Three security trends facing healthcare
Attackers are exploiting healthcare’s highly vulnerable, distributed workforce, and healthcare decision-makers are feeling the impact – according to the research this is in three main areas.
Perhaps the most important is that the increase in remote working has meant a lack of visibility for healthcare teams, making it harder to keep up with emerging and frequent threats. Indeed, 45% of those surveyed claimed to have experienced a loss of network visibility with remote workforce. This is a challenge because, to the world’s criminal fraternity, healthcare data is incredibly valuable. Pre-pandemic, patient information was perceived to be physically secure, confined to systems housed within offices and facilities. It still is, but because healthcare information is highly confidential and protected by compliance mandates to assure patient privacy, it requires greater attention to network visibility and the ability to monitor user activity.
Another major trend was that healthcare was less prepared for the security impact of remote workers compared to other industries. The study found that prior to COVID-19, healthcare organisations had very few remote workers – two years ago only 11% of healthcare organisations had more than 5% of employees remote. Today, it is 98%. This almost overnight shift to remote work led to 80% of organisations seeing an increase in use of personal devices to cope – each one a recipe for a security breach.
Finally, the study found that one of the main security challenges facing the healthcare sector is budget gaps preventing providers from improving security practices. According to the decision-makers whom Forrester surveyed, a third (34%) highlighted this as a major challenge ahead of issues like; the evolving nature of IT threats (32%), day-to-day tactical activities taking up too much time (30%), convincing the organisation of the business value of security (28%) and securing the remote workforce (26%). While it is understandable budgetary requirements have been required elsewhere, the lack of investment creates an issue because corporate security is only as strong as its weakest link.
Accidental positives
However, when it comes to security and remote working in healthcare, it’s not all bad news. The study also found that shared adversity improved the relationship between IT and security teams. According to the data, security and IT practitioners relationships moved from being 38% positive pre-pandemic to 60% positive today while IT leadership and IT practitioners relationships also experienced a similar jump – 26% pre-pandemic to 47% today. It is clear that healthcare IT teams benefitted from the pandemic’s “we’re all in this together” attitude, and many saw improvements in their working relationships.
The research also found that healthcare organisations are pivoting to address key use cases and future-proof their organisations in order to make the new normal work for them. Over half (51%) of healthcare respondents want to prioritise use cases that help future-proof the organisation. Other areas designated for improvement included; those most important to business stakeholders (47%) and those that improve security or the security posture (both 47%). This was followed by those that reduce networking challenges (42%) and those that reduce remote workforce challenges (38%).
Foundation for our healthcare future
What is apparent is that there is a great deal to learn from the pandemic’s positive and negative impacts. While many healthcare executives see the work-from-home scenarios as temporary for much of their workforce, the rise in cyber threats and need to protect data are not changing. Healthcare enterprises can and should take advantage of the changes forced upon the sector to adopt integrated solutions that support stronger cybersecurity initiatives as well as bolster the day-to-day user experiences of remote workers. The successful foundation of our healthcare future will depend on healthcare leaders strengthening defenses against cyber attackers to prevent operational losses, brand damage and patient harm. Please download a copy of the research whitepaper, Forrester Consulting Study Reveals Cyber Risk of Healthcare’s Distributed Workforce, or visit our new healthcare site here for more information on how VMware can help with your healthcare transformation.