Monday, December 23, 2024

Modernizing – and Securing – Hospital Technology Infrastructure – MedCity News

Must read

The healthcare industry is undergoing a profound digital transformation, driven by the need to improve patient outcomes, enhance operational efficiency, and stay ahead of evolving technological trends. At the heart of this transformation lies the imperative to modernize healthcare technology, a process that requires a strategic and multifaceted approach.

The conundrum arises when transformation must happen on a shoestring budget, which is the case for most hospitals. To save money, you must spend money, and most healthcare tech leaders are budget-restricted. This has become a more challenging issue in this day of mergers and acquisitions, in which many hospitals are creating networks of hospitals, all of which typically use different systems.

The result? Integrations that should take six months take five years because budget-restricted CIOs try to stretch systems and solutions that aren’t flexible enough to handle multi-tenet, multi-location facilities. Unfortunately, 10-year-old solutions and systems won’t evolve to support modern infrastructures. 

Let’s use traditional hospital EHR systems as an example. Until recently, most of these solutions were built on inflexible architectures with limited support for data outside the platform. These EHR systems have poor interoperability and view data ownership as belonging to the provider rather than the individual. Today’s massive growth of individual health data by IoT devices, the advancements in healthcare research through AI, and hospital consolidations are forcing modernization.   

Modern EHR systems need flexibility, portability, and security to truly take advantage of technology advancements, simplify future integrations, and support future healthcare evolution. Two potential architectures that lend themselves to this modern state are containers and cloud-native platforms, but we don’t currently work with a single hospital running either of those architectures. 

There aren’t a lot of standalone hospitals left and we’re trending in a direction in which none could exist 20 years from now. The reality for most hospitals is they need to do a datacenter rip and replace to become more competitive – but that’s not realistic in most instances. Don’t get me wrong: we want to see organizations moving to more modern infrastructures, but the reality for many is cost- prohibitive. 

So, if you’re strapped, how do you prioritize evolving your systems to operate like a modern data center? 

 Prioritizing security in healthcare technology modernization

One of the most critical aspects of healthcare technology modernization is prioritizing security. The sensitive nature of patient data and the high-stakes healthcare environment make the industry a prime target for cybercriminals. According to IBM, the healthcare sector experienced the highest average data breach cost of any industry in 2022, at $10.1 million per incident.  

Hospitals lack the new technological level of security required for today’s cyber threats. For hospitals, security should encompass everything – not just the data center. Zero trust, a security framework that limits attacks by not trusting anyone anywhere, should be a constant target for hospitals to strive for, even if unattainable. 

To mitigate exposure to these risks, healthcare organizations must adopt a comprehensive security strategy that encompasses both technological and human elements. This starts with creating three critical frameworks: Zero Trust, Data Protection/Ransomware, and Data Governance/Compliance. Implementing these frameworks will significantly change how data will be accessed, how it can be manipulated, and how users and access are verified. Today’s advanced monitoring mechanisms can help safeguard sensitive data, identify anomalous data manipulation, and secure unauthorized access attempts with automation to secure these types of exposures.

Beyond technical measures, healthcare organizations must also prioritize security education and employee awareness. Cybersecurity training programs can empower staff to recognize and respond to threats like phishing attempts and social engineering attacks. By fostering a culture of security awareness, healthcare organizations can significantly reduce the risk of data breaches and other security incidents.

Importance of data governance and locality in mitigating risks

The effective management and governance of data underpins the success of healthcare technology modernization. As healthcare organizations collect and process an ever-increasing volume of patient data, it is crucial to establish a robust data governance framework. Without defined data governance, it’s impossible to build a successful security platform for the digital hospital. 

These policies should address data privacy, security, and compliance requirements, ensuring that sensitive information is handled in accordance with relevant regulations, such as HIPAA and GDPR. Additionally, healthcare organizations should consider the importance of data locality, ensuring that patient data is stored and processed within the appropriate geographic boundaries to comply with data sovereignty laws and mitigate the risks of cross-border data transfers. They need to determine how data is stored and where it is stored. 

The best guidance typically involves storing data on platforms that have well-designed cyber security and data validation capabilities. Ransomware protection and immutable snapshots are just two capabilities that are critical to data cyber protection in today’s world. It is also critical to design a cohesive plan to classify and protect data based on its risk and value as defined by your data governance framework.   

By prioritizing data governance, protection, and locality, healthcare organizations can build trust with patients, demonstrate compliance with regulatory requirements, and reduce the risk of data breaches and other security incidents.   

Embracing AI-based solutions in healthcare

Once you’ve defined your data management processes – and only once you’re confident in it – another key aspect of healthcare technology modernization is the adoption of AI-based solutions. Artificial intelligence has the potential to transform various aspects of healthcare, from clinical decision-making to operational efficiency, but AI is only as good as the data that feeds it. 

There are many AI opportunities which healthcare providers can take advantage of without the need to rearchitect the entire datacenter.  AI is being incorporated into current technologies across the industry, advancing the capabilities and providing increased value to organizations. These AI enabled solutions can provide incredible insights, increased efficiencies, as well as provide some of the best technology to protect our digital transformation efforts. 

AI incorporated into your environment can bring monitoring and decision making to the next level using AI driven automation and data protection frameworks based on predefined policies. Identity management tools have also advanced – thanks to AI – and are a must for hospitals. These tools provide users with access to content that only applies to them and flags any suspicious activity. Hackers may gain access to one worker’s identification, but with AI monitoring and execution policies they will be identified and then locked out and unable to access anything within the network.  

Many AI security technologies are already very advanced. Take a tool that we all use: antivirus, which traditionally uses machine learning to automatically collect and extract data from its user base — then trains every security module. After finding a new malware sample, these products are automatically updated with new models, providing crucial, up-to-the-second protection.  Today’s newest AI based antivirus can now improve security by enhancing threat detection, response capabilities, and overall cybersecurity. With new capabilities like advanced threat detection and real-time monitoring: AI can now analyzes data for unusual patterns and behaviors to identify exposures which have yet to be identified, enabling early threat detection.  

Building for the future 

Protecting digital assets is critical for hospitals to maintain patient privacy, ensure continuity of operations, and mitigate risks like cyberattacks and data breaches. Hospitals can significantly reduce vulnerabilities by implementing a comprehensive cybersecurity strategy with robust access controls, encryption, network monitoring, and incident response plans.

Ongoing cybersecurity training for all staff is also essential to create a culture of vigilance against evolving threats. From front-line clinicians to IT administrators, every employee plays a role in protecting sensitive medical records, intellectual property, and the digital infrastructure that modern healthcare relies upon. Investing in cybersecurity is an investment in patient safety and trust. 

Photo: ipopba, Getty Images


Derek Grant has been VP of Technology at EchoStor since 2020. In his role, Derek works closely with EchoStor customers on emerging technologies and driving business ROI from technology. Prior to joining EchoStor, Derek held a variety of roles at Dell EMC.

This post appears through the MedCity Influencers program. Anyone can publish their perspective on business and innovation in healthcare on MedCity News through MedCity Influencers. Click here to find out how.

Latest article