Healthcare organisations (HCOs) and pharmaceutical companies have not always been first to the chase when it comes to embracing new technologies. However, in the UK this is changing, with a growing realisation that digital platforms can streamline processes, improve collaboration, reduce costs and empower patients. That’s led to an ambitious strategy to make the NHS paperless by 2020. But HCOs and pharma firms must also contend with a growing cyber-threat to the highly lucrative patient data and IP they hold, as well as damaging ransomware-driven service interruptions.
The key to unlocking value from digital transformation whilst protecting vital systems and data is Identity as a Service (IDaaS). It’s the only way organisations in the sector can maximise protection whilst supporting the flexibility and IT efficiency promised by new platforms.
Cloud and app-based platforms are already being favoured by HCOs to support content management, medical record systems, portals and clinical collaboration. The latter is particularly important when healthcare organisations interact with pharmaceutical firms in clinical trials. However, the industry is beset by challenges, including:
Costs: Government spending cuts continue to hamper NHS investment, with at least one leading think tank predicting a spending gap of over £20 billion by 2022/23. However, the efficiency gains offered by digital platforms should still make transformation efforts a priority.
Staff: Over 86,000 NHS posts, including IT positions were vacant during January-March 2017. This makes it more important than ever to automate manual processes and empower patients to self-serve.
Collaboration: HCOs and pharma firms are characterised by a diverse and fluid user base which needs to collaborate seamlessly with each other, third parties and patients. The multiplicity of roles and permissions adds extra complexity.
Compliance: There are already strict codes of practice governing how records should be managed and data secured. These will be expanded by the EU General Data Protection Regulation (GDPR), which requires strict data security controls to keep employee and patient PII secure. The new regulation expands the scope of “personal” data to include things like x-rays and MRI results, only adding to the burden.
Cybersecurity: It’s no secret that patient data is highly sought-after on the cybercrime underground. That puts the log-ins of medical practitioners at risk from being guessed, cracked or phished — not to mention the risks associated from accidental data leaks. But that’s not all. The WannaCry ransomware worm in 2017 caused an estimated 19,000 cancelled NHS operations and appointments and disrupted over a third of Trusts.
When it comes to pharma, IP theft remains the pre-eminent risk, with nation states increasingly looking to short-cut expensive and time-consuming R&D cycles by stealing intelligence from rivals. Some estimates claim two-thirds of pharma companies have suffered a serious data breach — leading to major financial and competitive losses and reputational damage, in an industry where trust is paramount.
The IDaaS difference
On-premises identity and access management (IAM) tools aren’t engineered for the modern cloud- and app-based systems increasingly favoured in this sector. They’re inflexible, hard to integrate and have a high TCO. To safeguard mission critical systems and data, HCOs and pharma companies therefore need to move IAM into the cloud via IDaaS. It’s all about securing access at the cloud app layer rather than the perimeter and providing granular visibility into all apps, users and devices from a single interface.
That makes it easy to switch on multi-factor authentication (MFA) to mitigate the risk of password stealing/cracking/guessing attacks. Enhance this with single sign-on (SSO) to ensure only approved healthcare and pharma employees can access cloud services with just one username, one password and one session. This improves productivity, reduces security risk and can even lower IT costs by reducing the number of helpdesk password-reset calls.
Don’t take our word for it: Roche Diabetes Care is using the Okta Identity Cloud’s MFA and SSO capabilities to improve security and collaboration, whilst minimising overheads for a complex environment, including legacy infrastructure and new cloud-based tools like Office 365.
“The mission of IT is to support the mission of our company: to improve the life of our patients,” says Security Solution Architect, Angelo La Penna. We’re very proud of now being able to offer this kind of support … and with Okta we’re growing together all the time.”
With the Okta Identity Cloud you get:
Secure cloud access: A scalable, agile foundation to manage apps and secure highly sensitive patient data.
Agility for mergers and acquisitions: Okta helps to avoid the friction and cost of consolidating AD domains, so you can seamlessly transition any number of organisations to a common set of tools quickly, without interruption.
Secure & efficient collaboration for value-based care: Okta’s flexible architecture enables secure and efficient access to any apps shared across providers, without compromising the user experience or security.
Secure & seamless patient experience: Whether you’re a payer looking to acquire new customers online, or a provider who wants to unify a constellation of patient portals, Okta makes web and mobile access secure, compliant, and frictionless.