While healthcare organizations and clinicians are on the frontlines providing unrelenting patient care in the face of a global pandemic, healthcare IT teams have been thrust into uncharted technology waters by two distinctly opposite forces. These IT teams are working feverishly to implement and enable telehealth solutions as they become the “new normal,” while at the same time fighting off unprecedented and malicious ransomware attacks.
A recent advisory highlights the imminent threats to U.S. hospitals and healthcare providers. A threat assessment for the EU noted that more than 66% of healthcare organizations experienced a ransomware attack in 2019, and a recent Purple Notice shows that Interpol’s Cybercrime Threat Response team has detected a “significant increase” in ransomware attempts against hospitals and medical organizations.
Cybercriminals are trying to take advantage of an overworked and already stressed healthcare industry, and searching for potential new avenues of attack in hastily released telehealth solutions.
What is Telehealth and Why is it Important?
Telehealth provides remote access to health assessment, consultation, diagnosis, intervention and more. It allows patients to meet with their healthcare providers without entering overburdened, possibly infectious, healthcare facilities, protecting both patients and providers. It can be particularly important for the elderly, the immunocompromised, and those living in senior facilities who are especially at risk from infectious diseases like COVID-19.
However, for already overworked and resource-constrained healthcare IT teams, deploying and supporting a telehealth solution with the necessary scalability, availability, and security creates significant challenges.
Nutanix EUC Superpowers for Telehealth and Remote Work
Nutanix helps healthcare providers achieve greater telehealth success more quickly. For example, Delaware Valley Community Health (DVCH) turned to Nutanix hyperconverged infrastructure (HCI) when it’s traditional three-tier architecture could no longer deliver the performance and availability needed by the organization.
DVCH uses Nutanix HCI in combination with Citrix to meet its End User Computing (EUC) needs. This solution provides DVCH with centralized management and scaling for its Virtual Desktop Infrastructure (VDI) environment and improves security. Nutanix HCI also supports critical databases and other services at the same time.
When the COVID-19 pandemic emerged, DVCH rapidly shifted operations to support remote employees and remote healthcare delivery. With Nutanix already in place, the team implemented a full telehealth solution in one week, shifting 75 percent of its employees to work-from-home in just days and ensuring that staff remained fully employed and productive.
Additional benefits included:
- Improved database performance that accelerated EMR login time by nearly 90 percent, reducing patient wait times and enabling staff to see more patients.
- Enhanced backup and DR for improved availability of healthcare systems, speeding recovery time from approximately 24-48 hours to six minutes while reducing backup time from approximately 4-6 hours to just 30 minutes.
We are using Nutanix for the server/backend virtualization and Citrix for the End User Computing experience. The benefit of that combination is tremendous, because it helps us really be diligent with security and application delivery resting on the back of HIPAA and the HITECH ACT.
Isaiah Nathanial, CIO, Delaware Valley Community Health
Nutanix Security Superpowers
Increasing the use of EUC and telehealth solutions during the pandemic as DVCH has done has the potential to open new avenues of attack to cybercriminals. Ransomware—encrypting data and denying access to potentially critical patient data—is the preferred attack vector. Research firm Cybersecurity Ventures estimates that the global costs of ransomware will reach $20 billion in 2021.
EUC improves work-from-home security versus physical desktops by eliminating the need to store critical data on endpoint devices that can be easily lost, stolen, or compromised. Instead, users access data from your datacenter where it can be managed, monitored, and protected. Deploying EUC on Nutanix enables you to take advantage of several additional layers of built-in security that competing solutions often lack.
Infrastructure Security
Nutanix HCI software conforms to industry best practices to ensure that your VDI deployment starts out in a state that is hardened and secure and increases protection further with:
- Built-in Auditing and Remediation. The HCI software and hypervisor remain in compliance and don’t deviate from the initial secure configuration.
- Streamlined Patches and Updates. Nutanix has simplified upgrades for all software and firmware running on our systems making it much easier to keep them up-to-date and secure.
Data Security
Nutanix protects data from unauthorized access with:
- Data-at-Rest Encryption. All data stored on Nutanix can be encrypted using flexible methods, ensuring that media such as flash drives cannot be read if removed from the datacenter.
- Least-Privilege Access. Users and administrators receive the least amount of privilege necessary for their roles, limiting the damage that can be done if any access credentials are compromised.
- Role-based access control (RBAC). Different security policies can be assigned to different groups and administrative levels.
Zero Trust
The ability to control access to and from user sessions and infrastructure services provides another layer of security for EUC. Zero Trust mandates limits on what each user can access, reducing it to only the required set of resources. Microsegmentation greatly reduces exposure and spread should there be a malware infection or a malicious user. Nutanix provides software-defined network, application, and identity-based segmentation policies, enabling a Zero Trust network strategy.
Business Continuity
Your business continuity and disaster recovery (BCDR) strategy is the last line of defense from a ransomware attack. Nutanix offers flexible and comprehensive services to protect your telehealth operations and patient data. A clean Nutanix snapshot from a time just before the ransomware infection provides an extremely quick option for recovering access to critical data.
Finding Out More
To learn more about how Nutanix solutions enable telehealth and ensure security, please visit nutanix.com/healthcare.
You may also want to read our recent blog on why telehealth is here to stay, and check out our EUC Security Brief to learn more about protection from malware and ransomware.
© 2021 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and the other Nutanix products and features mentioned herein are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Other brand names mentioned herein are for identification purposes only and may be the trademarks of their respective holder(s). This post may contain links to external websites that are not part of Nutanix.com. Nutanix does not control these sites and disclaims all responsibility for the content or accuracy of any external site. Our decision to link to an external site should not be considered an endorsement of any content on such a site. Certain information contained in this post may relate to or be based on studies, publications, surveys and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys and other data are reliable as of the date hereof, they have not independently verified, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from third-party sources.
This post may contain express and implied forward-looking statements, which are not historical facts and are instead based on our current expectations, estimates and beliefs. The accuracy of such statements involves risks and uncertainties and depends upon future events, including those that may be beyond our control, and actual results may differ materially and adversely from those anticipated or implied by such statements. Any forward-looking statements included herein speak only as of the date hereof and, except as required by law, we assume no obligation to update or otherwise revise any of such forward-looking statements to reflect subsequent events or circumstances.