Thank you for Subscribing to Healthcare Business Review Weekly Brief
Asset management has emerged as a primary opportunity for hospitals and healthcare systems to invest in as they 'up' their cybersecurity game and place a greater emphasis on risk reduction. This is, although overall spending may not yet match the totality of the cybersecurity threat landscape.
FREMONT, CA: There is an ongoing dispute as to whether asset management is the most crucial task in organizational cybersecurity or if it is a minor but crucial element of a much larger risk reduction puzzle.
Proponents will argue that without unimpeded access to the precise number of applications and devices connecting to or endeavoring to connect to the corporate network(s), no business can proactively protect against attacks, manage vulnerabilities, and accelerate incident response. Those less optimistic about asset management as a panacea cite its inherent complexities and the enormous hurdles posed by the Internet of Things (IoT) development.
Almost everyone agrees that asset management is a net benefit to a company's overall security posture, notwithstanding divergent opinions. Perhaps this is why so many government agencies—from the National Institute of Standards and Technology (NIST) and the Center for Internet Security (CIS) in the United States to the National Cyber Security Centre (NCSE) and the European Banking Authority abroad—rank asset management as the top recommendation for cybersecurity preparedness.
TRADITIONAL CHALLENGES IN ASSET MANAGEMENT
Asset management has long provided a unique set of obstacles to large enterprises, leading to deemphasizing the program in favor of investing more in detection and response technologies.
From a device perspective, gathering the total number of unmanaged programs and workstations with networking capability can be a years-long hassle needing substantial IT and security resources. This is further compounded by the rise of hybrid and remote work due to Covid-19 and the popularity of Bring Your Own Device (BYOD) rules that allow devices not under corporate control to access corporate networks.
Even when firms believe they have entire or near-total visibility into their assets, they have not had an easy way to evaluate data in the past. As with asset discovery, the complexity of asset inventory analysis has increased in recent years. Primarily as a result of the acceleration of cloud migration and Internet of Things (IoT) deployments within corporate environments, the shift to edge data centers, and other digital transformation and future work initiatives that strain network usage.
These obstacles have prevented hospitals and health systems from achieving asset management objectives.
UNIQUE CHALLENGES HINDER HEALTHCARE ASSET MANAGEMENT UBIQUITY
Nation-state hackers and cybercriminals have prioritized attacks against hospitals and healthcare systems over the past decade due to the wealth of valuable data available for exploitation and the subpar cybersecurity measures intrinsic to many commercial equivalents. Almost every month last year, more than one million people were harmed by data breaches at healthcare institutions, according to the Wall Street Journal.
Even before Covid-19, hospitals and healthcare institutions began to increase their budgets and efforts for cybersecurity. Cybersecurity Ventures estimates that the sector will spend $125 billion annually on cybersecurity by 2025. Bank of America alone invests over $1 billion annually in cyber security.
Asset management has emerged as a primary opportunity for hospitals and healthcare systems to invest in as they 'up' their cybersecurity game and place a greater emphasis on risk reduction. This is, although overall spending may not yet match the totality of the cybersecurity threat landscape. Unlike ordinary corporate asset management, cybersecurity asset management provides three unique issues that significantly complicate the endeavor. These consist of:
Physician Budgets: In hospitals and healthcare organizations, IT purchase choices are increasingly determined by committees comprised of doctors, C-level executives, compliance officers, and others; nonetheless, physicians frequently maintain their budgets to acquire new software and gear. According to a 2017 MGMA survey, hospital-owned medical practices spent $8,000 per physician per year on IT. Since then, Covid-19 has influenced IT purchasing decisions, with bigger IT implementations being postponed and clinicians emphasizing telemedicine and RPM purchases. Historically, physician budgets did not include a corporate requirement to alert IT or security staff about purchases, let alone assist with implementation. While this is evolving with increased security concerns, physician technology adoption without IT notification might keep security stakeholders ignorant of some assets until a threat or vulnerability is found, which is too late to minimize interruption or damage effectively.
Massive Increase in Connectivity: Healthcare IoT devices are now used to streamline vital workflows, interact with patients, and care for millions of patients. Moreover, because of their vital responsibilities in patient care and the complexity of their IT network infrastructure, many of these devices cannot be detached, making it impossible to patch and safeguard against new threats and vulnerabilities. In addition, it is impossible to manually map and inventory thousands (and frequently tens of thousands) of connected assets, as was customarily the case with asset management. Also, most legacy asset management products on the market are not designed to display healthcare-specific communication protocols