Technology Record - Issue 25: Summer 2022

160 V I EWPO I NT Securing patient data S A L LY ANN F RANK : M I C ROSOF T Innovative start-ups are extending Microsoft’s security capabilities in response to the specific threats faced by healthcare organisations Healthcare organisations are operating in an increasingly complex environment. In addition to effects of Covid-19 which are still being felt all over the world, providers are also dealing with the ‘great resignation’ which is seeing thousands of healthcare workers leave the industry. They are also facing a significant rise in cybersecurity attacks. The increase in security breaches and attacks is due, in part, to the expansion of the attack surface and the strained infrastructure that many providers maintain. A study by the Ponemon Institute in Michigan, USA, found that in 2019 the average cost of a breach for a healthcare organisation was approximately $8 million, and trending upwards. According to a report by the US Department of Health and Human Services, a breach can exceed $400 for each patient record that is exposed, elevating the importance of establishing strong risk management practices. In response to this, Microsoft continues to expand its commitment to privacy, security and compliance, pledging $20 billion investment in cybersecurity research and development between 2022 and 2027. This enables us to continue responding to customers’ increasing demand for effective security products. Microsoft is also working with security innovators, which are extending the capabilities of our tools in response to the specific threats faced by healthcare organisations. The goal of cybersecurity is to predict, prevent, detect, and respond to attacks. Noname, Illusive, Infinipoint and Cynerio are leading, early-stage businesses that are at the forefront of innovation and are approaching cybersecurity from different angles. Noname Security’s platform identifies cyberattacks on application programming interfaces (APIs) automatically and brings deep traffic insights to existing gateways and serverbased environments, using artificial intelligence models specifically tailored for API security. In modern healthcare applications, the back end – which is often based on APIs – acts more like a direct proxy to the data. A flawed API can therefore lead to sensitive data exposure, account takeover and even denial of service – which renders a machine or network resource unavailable to its intended users. Noname’s approach counters this by protecting APIs in real time and detecting vulnerabilities and misconfigurations before they are exploited. The Noname API Security Platform does not require agents or network modifications, and offers deeper visibility and security than API gateways, load balancers and web application firewalls. For one North American healthcare organisation, Noname was able to detect 500 APIs, 49 of which had security vulnerabilities that it quickly and efficiently remediated. Illusive is also working within healthcare security, protecting customers by continuously discovering and automatically mitigating privileged identity risk. The firm gives healthcare providers’ security teams the visibility they need to prioritise risk mitigation efforts, enable zero-trust initiatives, and avoid ransomware. “Illusive Attack Surface Manager gives us many more pieces of the puzzle in a single “Noname, Illusive, Infinipoint and Cynerio are at the forefront of innovation”