The secret sauce for building healthtech that works

By CyberArk

CyberArk shares how healthcare institutions can rapidly develop new tools while not compromising on security.

The European Union developed its vaccination passport in just a few months, but it didn’t take long for security teams to find gaps, DW wrote. They created a fake digital vaccination certificate for a person born in 1843, which the app accepted without question. This resulted in a waiting period of over 130 years for his passport to become valid.

The healthcare industry faces the pressing challenge of having to roll out new digital tools under short notice. This is in light of the pandemic where developers may not scrutinise security practices sufficiently as hospitals have to innovate rapidly during crunch time.

CyberArk shares how healthcare institutions can keep security front and centre since day one.


New innovations in healthcare


Healthtech has witnessed many innovations over the past few years. One healthcare trend looks at how AI has been making major waves in diagnosis.

For example, the Singapore National Eye Centre is using AI to analyse patients’ retinal scans to detect signs of diabetic eye diseases. Algorithms help to reduce the time it takes to read the scan from an hour to a few seconds, GovInsider reported.

The region’s healthcare industry has also had to evolve with the global pandemic, giving rise to significant advances in tech. Biogenes Technologies is Malaysia’s first company to develop a new rapid antigen-based test kit for Covid-19. The kit can ping test results to a mobile app in less than 20 minutes, Malay Mail wrote.

Thailand’s Bumrungrad Hospital has launched telehealth platforms to perform clinical examinations and evaluations before patients visit for surgery, Corporate Wellness Magazine wrote. This initiative has been particularly useful during the pandemic when people could not meet easily.


Security challenges in healthcare


As hospitals go digital, they will need to move patient data to online platforms. Singapore’s National Electronic Health Record collates patient health records from different healthcare providers and is one example of this shift.

Institutions will likely face security challenges when transferring information as hackers may intercept highly confidential data during this process, HIT Consultant reported.

Hospitals that have yet to migrate their data from outdated networks to a common platform are also at risk of a security breach. This is because hackers can execute their attacks from multiple entry points, leaving organisations more vulnerable.

The consequences of a security breach are severe. They include stolen personal information and errors in administering treatment. Doctors could wrongly operate on patients, pharmacists could give incorrect doses of medicine, and patients may experience delays in receiving the care they need.

As developers rush to rectify these problems, they lose focus on introducing new innovations in healthcare that could improve patient outcomes.


DevSecOps explained


One approach that can address this issue is DevSecOps, which allows organisations to build healthtech tools faster by integrating security processes early on.

DevSecOps is the convergence of software development, IT operations, and security. Under this model, developers and IT teams evaluate security as they build a healthcare tool instead of leaving security as an afterthought.

This allows them to put out tech tools more quickly as there will no longer be last-minute changes needed to address vulnerabilities. Performing security early on will help organisations avoid delayed releases.

This approach also trains IT teams to become more thorough with security measures, as they can remedy any issues that crop up along the way before moving on to the next stage of building a healthcare application.


How to secure healthcare’s digital transformation


CyberArk recommends that organisations take a proactive approach to security. By implementing strong security practices throughout the entire process of building tech, organisations can better mitigate vulnerabilities.

First, organisations should try to keep their passwords and authentication tokens out of developer laptops. This will prevent third parties from breaching these secrets.

Second, organisations can establish a baseline for normal usage patterns by developers. For example, if developers typically write code between 9am and 6pm, it would be out of the ordinary for computer systems to detect activity at 3am.

This baseline helps with detecting anomalies, allowing organisations to trace malicious users and prevent them from stealing credentials at the time of attacks.

Third, organisations can apply the principle of least privilege. This means that machines and people are only given the privileges needed to complete a specific task, instead of gaining access to all networks and systems.

Fourth, organisations can record how credentials are used. For example, human users can video record the session as they perform different actions. This will help to promote greater transparency as they account for their activity.

Alternatively, organisations can also record the keys struck on a keyboard to tell when workers are at their desks and what they are programming. They can compare this data against any changes made to their networks.

Fifth, organisations can use automation to counter reactively when it detects a breach. For example, computer systems can automatically terminate a session the moment it identifies an intruder. It can also rotate passwords periodically to strengthen cyber defense.

As the security of applications becomes more challenging and more critical, DevSecOps can help healthcare institutions build tools more quickly and safely. This will ensure that as many people as possible receive the help they need under timely conditions.

For more information on CyberArk DevSecOps solutions, please click here.