Healthcare in digital transformation
As healthcare organizations digitally transform themselves to better serve a post-pandemic world, the prevailing goal in the past year has been for them to safely extend health services beyond clinical walls. Be it to power everything from pop-up clinics to telemedicine, this is driving the healthcare technology stack out to the edge. And to keep patient care confidential and compliant no matter where data flows, the heavier reliance on edge computing is pushing healthcare organizations to transform their cybersecurity controls and practices in lockstep with innovation.
These were the themes illustrated in this year’s healthcare breakout of the 2022 core AT&T Cybersecurity Insights Report:Securing the Edge. Released this week, AT&T Cybersecurity Insights Report: Securing the Edge-A Focus on Healthcare details the use cases, the risks, the challenges, and the opportunities for healthcare organizations as they work to secure their organizations—from core to edge–in the coming year.
Healthcare use cases driving edge momentum
Survey data from the 2022 AT&T Cybersecurity Insight Report found that 74% of healthcare organizations globally are planning, have partially, or have fully implemented edge use cases.
The confluence of events stemming from the pandemic accelerated healthcare edge computing, driving edge momentum across a number of non-traditional clinical settings. For example, virtual care services surged during the pandemic, as they are convenient for consumers and help reduce healthcare costs by providing care in settings such as patients’ homes. Unsurprisingly, analysis of report results showed that among the 43% of organizations that say they’re at the mature stage of deploying to the edge, consumer virtual care is the leading use case.
Meantime, hospital at home use cases are rapidly driving planning and proofs of concept in that mid-stage of edge adoption. Edge computing capabilities such as the processing of data where it is consumed or produced, along with lower latency provided by 5G architectures, will enable other use cases such as tele-emergency medical services and autonomous mobile robots and drones in hospitals to learn from the pioneering healthcare edge computing use cases identified in this report.
As a part of the analysis in this year’s report, survey respondents were asked about the perceived risk of most prevalent industry edge use cases—including self assessment of likelihood of compromise and impact of compromise. Healthcare use cases had the lowest perceived risk among all six industries broken out by the report. This could indicate that the experiences wrought by the transformative pivots during the pandemic, as well as healthcare’s response to increasing cyberattacks—particularly ransomware attacks—in recent years has helped speed up cybersecurity maturity of late.
When it comes specifically to the most common edge use case of virtual care, it has an average perceived risk across all edge cases, but it also has the highest perceived impact from an attack.
Healthcare infrastructure is hybrid heavy
The survey from the 2022 core AT&T Cybersecurity Insight Report showed that the hybrid approach is dominating architectures for edge networks and security controls across all industries. Healthcare very much follows this broader trend, as healthcare organizations exhibit an almost 50-50 split between those whose security and network roadmaps combine cybersecurity and network functions in the cloud through frameworks such as secure access service edge (SASE) and Zero Trust and those that do so with on-premises tools such as traditional network and security appliances.
One thing that is clear is that healthcare risks are increasingly clustering around edge and cloud assets. The study shows that while for most other industries ransomware attacks are the number one concern, healthcare sees two other attack vectors as top-of-mind ahead of ransomware: the potential for attacks against servers or data at the network edge and attacks against associated cloud workloads. The study found:
63.8% of healthcare organizations ranked attacks against server/data at the network edge as cyber threats of highest concern to them
63.4% of healthcare organizations said attacks against associated cloud workloads were some of the riskiest future attacks against them
Legacy cyber controls demand healthcare balancing act
Healthcare respondents rank intrusion and threat detection, multi-factor authentication, data encryption at rest, and endpoint and device monitoring as the most efficient and effective security controls at their disposal.
Legacy cybersecurity controls—those with traditional on-premises architectures–still remain at the backbone of healthcare cybersecurity at many organizations. The study found that:
45.7% of healthcare organizations plan to combine cybersecurity and network functions on-premises
37.4% of them will implement cybersecurity with multiple cybersecurity-only functions on-premises
22% will implement cybersecurity utilizing single-function cybersecurity functions on-premises
Given the attention and concern over cloud computing attacks, this heavy emphasis on legacy on-premises cyber controls might come as a surprise. But data from the survey across all industries shows that much on-premises infrastructure remains so for a myriad of reasons, including:
legacy infrastructure that is not yet ready to be retired,
concerns about data residency or regulatory issues, or
lingering prejudices against cloud usage in certain high-risk use cases.
This dynamic, combined with accelerating edge deployments means that healthcare organizations will need to balance network and security controls with flexible architectures that can ensure security in the most complex hybrid scenarios.
Healthcare cybersecurity investments aligned with shared responsibility models
One of the heartening thematic threads that wove itself across the body of healthcare data collected for the 2022 AT&T Cybersecurity Insight Report was the fact that healthcare organizations are leading with a security-first mindset when it comes to technology innovation. As hospitals had to open up remote testing sites, remote clinics, telemedicine functions and more during the pandemic, leadership increasingly understood how important security was to enabling business success.
Our study shows that some 44% of healthcare organizations are going to spend somewhere between 11% to 20% of their overall edge use case spend directly to security. That’s a significant investment and it indicates a progress in mindset compared to our studies in previous iterations of this report. The 2021 AT&T Cybersecurity Insights Report focused heavily on the growing importance of shared responsibility models in the age of edge compute, as responsibilities are spread across cloud service providers, 5G carriers, and enterprises. In 2021, survey data revealed many organizations were planning only to use 1% of their total project budgets for security in the planning phase. The results here clearly show that organizations are recognizing they’ll need to invest more to safeguard digital assets all the way to the edge.