In at present’s cybersecurity panorama, the stakes have by no means been increased particularly for organizations within the healthcare business. Knowledge breaches and ransomware assaults are usually not simply growing in frequency—they’re turning into extra refined, leaving even probably the most ready organizations weak. The fact is obvious: defending digital protected well being info (ePHI) calls for complete, granular management.
This urgency has been underscored by the Division of Well being and Human Providers’ (HHS) proposed updates to the HIPAA Safety Rule, which emphasize the need of community segmentation to assist forestall lateral motion and safeguard delicate information. Nonetheless, it’s not nearly compliance; it’s about survival in a world the place threats evolve day by day. In the case of segmentation, not all options are created equal.
Whereas conventional segmentation approaches, comparable to VLANs or static firewall guidelines, present some stage of safety, they fall quick within the face of contemporary threats. These strategies are sometimes inflexible, advanced to handle, and lack the real-time adaptability wanted to handle at present’s dynamic threat panorama. That’s the place microsegmentation steps in, providing a superior different. Let’s first perceive the brand new steerage and why it issues.
Why the New HIPAA Steering Calls for Extra
The proposed modifications to the HIPAA Safety Rule, particularly 45 CFR 164.312(a)(2)(vi), name for “affordable and acceptable” technical controls to phase networks and digital info techniques. This represents a vital step ahead in addressing the shortage of limitations to lateral motion inside a community.
Think about the next state of affairs:
- A degree-of-sale (POS) system, related to a flat community of property, is hit by a focused malware assault designed to take advantage of vulnerabilities within the system.
- With out community segmentation, the attacker can then transfer laterally and acquire entry to an digital well being document (EHR) system.
- The outcome? A catastrophic breach of delicate ePHI, resulting in monetary, reputational, and regulatory fallout.
This instance underscores why microsegmentation is essential in at present’s world of cybersecurity. The objective is obvious: impede intruders at each flip, isolate techniques to stop widespread harm, and guarantee delicate information stays safe.
The upcoming modifications to HIPAA Safety Guidelines are set to create important challenges for healthcare organizations, however the largest hurdle is probably not compliance itself–it’s the underlying community infrastructure. Many healthcare suppliers function digital well being information (EHR) techniques on flat networks the place information strikes freely between units, purposes, and customers with out strict microsegmentation. Whereas this design is environment friendly it additionally presents main safety dangers in a world the place information safety necessities demand a stronger strategy.
The Price of Rearchitecting vs. Microsegmentation
Historically, community safety operations relied on next-generation firewalls (NGFWs) and VLAN segmentation, however for many organizations, rearchitecting an current flat community utilizing these legacy instruments can be advanced and costly. Making these modifications to adjust to new tips and higher shield EHRs may require an enormous funding in infrastructure and end in downtime.
That is the place a microsegmentation technique begins to make extra sense as a sensible and cost-effective resolution. Not like conventional community segmentation, microsegmentation applies safety insurance policies on the workload stage, enabling granular management over information flows with out the necessity for expensive {hardware} overhauls. With microsegmentation, organizations can implement HIPAA-mandated protections with out disruption and decrease prices.
Take Motion
The dangers are clear, the steerage is specific, and the options can be found to assist organizations safe their ePHI, adjust to evolving regulatory requirements, and shield organizations from catastrophe.
In at present’s evolving cybersecurity panorama, staying proactive is crucial. Microsegmentation supplies a strong option to improve your group’s safety and resilience in opposition to trendy threats. Taking motion now might help safeguard your techniques for the long run.
About Garrett Weber
Garrett Weber is the Discipline CTO for Akamai’s Enterprise Safety Group, the place he works with organizations to information them via their Zero Belief journey. In his function as Discipline CTO, Garrett labored very carefully with organizations of all sizes to undertake and efficiently implement Zero Belief options into their setting. Garrett brings sensible, real-world expertise from years working in numerous safety roles, within the Insurance coverage, Healthcare and Consulting industries. He additionally spent 12 years within the Air Nationwide Guard as a part of a Cyber Warfare Squadron that labored alongside each the Air Pressure Pc Emergency Response Group (AFCERT) and the Protection Info Programs Company (DISA).
