When it comes to cyber security, the healthcare industry is in a precarious position. Investment in cybersecurity has historically lagged other industries such as financial services. And as patients and practitioners increase their use of remote patient monitoring devices, this is placing added pressure on cybersecurity professionals.

“There has been a rush of investment in technology but security was often an afterthought,” said Anahi Santiago, CISO at Christiana Care Health System. “This is one of the reasons why we’re a target as an industry.”

This all helps to explain why healthcare breaches are frequent and on the rise. Nearly 90% of healthcare organizations surveyed by Ponemon Institute in its Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data have suffered a data breach in the past two years and nearly half (45%) have incurred more than five data breaches over the same time span.

Although Christiana Care is fortunate to have a mature cyber security program in place, Santiago is well aware that all it takes is one insecure entry point to alter its security readiness. “The challenge for us is that it can pose a potential risk to patient care and patient safety,” said Santiago.

To help address security requirements with the Internet of Things (IoT), Santiago believes that an essential element is for technology vendors to take a security-first approach to software and hardware development.

“We need to look at the technology, conduct a thorough risk assessment, and decide whether these are things we want to put on our network,” said Santiago.

Nevertheless, Santiago sees the use of remote medical devices such as Fitbits and heart monitors as the future of intelligent telemedicine.

“This is the wave of the future, managing each patient through their lifecycle and especially for critical diseases,” said Santiago. “As we’re deploying those technologies, we’re partnering with the business, assessing the security posture of those technologies, and assessing the potential risks to the patient.” This includes efforts to assess the security of smartphones and other devices used by patients to transmit their medical data to practitioners and payers, she said.

Another challenge that participants in the healthcare industry face is securing clinical devices that increasingly have networked connections. “Back in the day, clinical devices could be isolated from the rest of the organization to lower security risk,” said Santiago.

But now that many clinical devices require network connections, health systems such as Christiana Care must make sure they’re not running outdated operating systems.

“This is a huge challenge in the healthcare industry as this represents a massive investment for healthcare organizations and it’s very hard to replace these clinical devices,” said Santiago. “It’s a major challenge to keep these devices updated and secured.”

Looking ahead, Santiago believes that healthcare organizations that have mature cybersecurity practices will need to assist those that don’t.

“Ultimately, our role is closely aligned with the quality of care and patient safety,” said Santiago. “We need to collaborate with our peers to make sure we’re doing things securely and correctly for patients and we must share our resources with the smaller physician groups so they can continue to do good.”

To learn more about top cyber security trends and best practices, check out our upcoming New York and San Francisco CISO summits.