News

Improving technology monitoring in the age of governance and compliance

Published

on

By Sascha Giese of SolarWinds.

In today’s connected world where ransomware demands are being made every day of the week, it’s crucial for healthcare organisations to protect sensitive patient data and have all possible measures in place to keep it secure and only accessible to those who have the right to see it.

Public health technology infrastructure is clearly a major target for cybercriminals. The ransomware attack in May 2021 on the Irish health system, for example, is among the most serious and concerning so far.

Months later, the service is still working to repair all its systems, with 95% fully restored as of September. The problem is international, with serious incidents targeting healthcare systems reported as far afield as France and Australia.

These ongoing and potentially catastrophic problems have increased the emphasis on security compliance and governance in public healthcare systems. For instance, the NHS’s Data Security and Protection (DSP) Toolkit enables relevant healthcare organisations to measure their performance against data security and information governance requirements.

All organisations with access to NHS patient data and systems must use it to provide the assurance they are practising good data security and personal information is handled correctly.

Using the DSP Toolkit, UK-based organisations can compare their practices to the ten data security standards set forth by the National Data Guardian, an appointed individual responsible for advising healthcare organisations how to secure and use NHS patients’ confidential information.

Each year, every organisation with access to NHS patient data and NHS systems must submit their DSP Toolkit assessment before the annual deadline. By submitting a DSP Toolkit assessment, organisations can demonstrate they’ve handled personal data appropriately and engaged in strong data security practices over the past year.

Monitoring the health of IT networks

Key to demonstrating compliance is the ability of any organisation to collect, normalise, and correlate network log data, so they can ensure environments are fully monitored.

Ideally, they’ll also be able to automatically respond to threats in real time and alert all relevant stakeholders of suspicious activities.

This serves not only to raise awareness of security threats, but also helps comply with National Data Guardian’s Data Security Standards.

Indeed, effective network monitoring remains a vital strategy for ensuring healthcare organisations can deliver sufficient levels of security.

This requirement has become even more important as some healthcare workers continue to work more remotely. What’s more, the pace of digital transformation in the sector is accelerating, with innovation ranging from complex IoT solutions to investment in artificial intelligence and machine learning adding to infrastructure complexity.

Technology monitoring 

The use of compliant-ready tools for network monitoring, however, is enabling IT professionals to build greater network visibility and follow a set of best practices, which include:

  • Analysing the flow of data — Using NetFlow analysis, IT can quickly identify suspicious and potentially dangerous increases in unwelcome types of traffic or traffic going to a questionable external destination.
  • Monitoring all digital objects — As healthcare organisations increase their reliance on cloud computing solutions, every virtual instance on the cloud should have its state and performance parameters monitored around the clock for continued compliance.
  • Tracing application traffic — In an environment where any slowdown or disruption could cost lives, application tracing of actual application traffic allows IT teams to carry out rapid root cause identification for network issues.
  • Logging access to resources — An important requirement for any cybersecurity effort, this allows IT pros to easily identify and aggregate traffic and user access patterns for analysis, monitoring access based on user behaviour and identifying anomalies.

These are important considerations, especially as technology and data security best practices are constantly evolving. Similarly, DSP Toolkit requirements are frequently reviewed and updated to ensure they reflect current data security standards.

Healthcare organisations that improve IT security posture, actively monitor their entire environment, and restrict access to sensitive data will be better placed to protect themselves from unusual events or from the risk of data falling into the wrong hands.

Click to comment

Trending stories

Exit mobile version