The cybersecurity challenges confronting healthcare providers are immense. Patient data must be constantly secured, and large numbers of connected devices must operate consistently and securely in an environment where patients, doctors, non-medical staff, the IT department, and outside contractors all require varying levels of system access. When one takes the challenges of securing such an environment together with the high value of patient data – in which a typical electronic health record (EHR) for an individual can contain their name, their social security number, their medical history, their banking and credit card information, the names of their relatives, and much more of value to hackers – it’s easy to see why healthcare is the industry most often targeted by hackers.
The extent to which business still runs on outdated tech might surprise you. Banks and other fintech companies, for example, still lean heavily on mainframes and other so-called “big iron” infrastructure because of its speed and reliability in handling thousands of transactions per second. Those kinds of capabilities beg the question as to whether such tech is indeed outdated – but legacy tech designed for high throughput does pose problems, with a high number of administrators citing integration with legacy systems as a challenge as they consider future planning and efforts.
In today’s digital threat climate, cybersecurity is no longer optional. The reality, however, is that it’s not always easy to put security measures in place, thanks to business constraints. Small teams, tight resources, and complex hierarchies make implementation more complicated than “just do it.” Not to mention the ever-increasing number and breadth of regulations with which companies must comply to meet minimum standards of data and system security.
What if airtight security measures were built into your DevOps processes by design, from conception, and not shoe-horned in after the fact? What if passwords weren’t built into scripts and uploaded to GitHub for all to see? What if an entire DevOps team could work seamlessly and efficiently without ever needing to stop and authenticate each step?
The EU’s General Data Protection Regulation – or GDPR – has now been in force for a year. Because of the ongoing impact it has on business, this first anniversary is a good opportunity to step back and reexamine GDPR in terms of why it exists and what it calls for, as well as look at a couple of notable non-compliance cases that have already been brought to serve as a reminder – and a warning.