How to close the 7 IT and OT gaps threatening healthcare organizations

How to close the 7 IT and OT gaps threatening healthcare organizations
Don’t let your healthcare organization become a victim to avoidable cybersecurity breaches.

Posted September 1, 2023

Reading Time: 4 minutes

While IT is all about the data that moves your organization forward, operational technology (OT) focuses on the tools controlling how your organization functions. Healthcare has historically set hard demarcations between IT and OT, but with digital transformation in the form of IoT, big data, analytics, and cloud computing, the line separating the two is thinner than ever. Data digitally created, processed, and transmitted provides opportunities for other business processes, like OT, to expand their horizons, streamline their workflows, and positively impact performance levels. This type of harmony is only possible if IT and OT work together.

Integration without preparation is a cybersecurity nightmare

The increasing interconnectivity between IT and OT systems gives cybercriminals the opportunity to exploit vulnerabilities and gain unauthorized access to medical records. If bad actors can take advantage of weaknesses in one system to gain access to other areas within your organization, it can create a security breach domino effect.

Future Healthcare Today states “hospitals can have 15 to 20 networked devices per bed and that larger facilities may have 85,000 non-IT medical devices. It is little wonder that 93 percent of healthcare organizations experience a data breach, and in 2021, 57 percent of healthcare organizations had more than five breaches.”

And according to Privacy Rights Clearinghouse’s Data Breach Chronology report, between 2005 and 2022, the total number of records affected by healthcare data breaches was 1.9 billion.

Many healthcare organizations don’t have the expertise or resources to identify and mitigate potential security risks promptly and effectively, allowing cybercriminals to exploit vulnerabilities and gain unauthorized access to medical records.

7 common gaps between IT and OT systems in healthcare

As you synchronize IT and OT within your healthcare organization, it’s critical you close security gaps and strike the balance between smooth sailing and safe harbors. According to SHI’s healthcare experts, these are the most common IT and OT gaps.

1. Security vulnerabilities

Many healthcare OT systems still have generic vendor accounts (embedded admin accounts) that are unknown to their internal IT security team and measures, making them more susceptible to cyber threats and data breaches.

2. Compatibility challenges

IT and OT systems are often built in silos, resulting in entrenched processes and tools that lack interoperability. This gap requires significant customization, data mapping, and integration efforts.

3. Skill gaps

IT personnel are skilled in network security, data management, and software development, while OT staff are experts with medical devices, control systems, and process automation. These varied perspectives and dueling skill gaps are often a source of conflict.

4. Maintenance and updates

Because OT systems require long-term stability and rely on vendor maintenance and updates, they’re typically updated less frequently than their IT counterparts. This gap often creates a vacuum of responsibility to maintain your organization’s systems.

5. Regulatory compliance

IT and OT systems face different data privacy and protection regulations, medical device regulations, and industry-specific standards. This gap creates misunderstandings, complexities, and resource-intensive time sinks as IT and OT attempt to work together.

6. Risk management

IT systems often have established risk assessment and management practices, while OT systems may rely on frameworks adhered to by their respective vendors. Clashing internal and external practices complicate your risk and mitigation management strategies.

7. Cultural and organizational differences

IT and OT teams may have distinct or contrasting organizational structures, reporting lines, and cultures. These differences can lead to a lack of trust between IT and OT teams, stifling collaboration and communication.

How can you close these gaps?

To address IT and OT gaps, you need to take a multidisciplinary approach. Foster deep collaboration between IT, OT, and healthcare professionals and focus on the secure and efficient integration of IT and OT systems in your healthcare environment.

Establish common goals

Integrating IT and OT means aligning teams who often think of themselves as disparate entities. But there’s one area where IT and OT will invariably agree: security is a top priority. To unify these teams, establish common security goals, including:

Developing a unified security strategy.
Fostering a culture of security awareness.
Implementing effective endpoint detection and response (EDR)

Maintain effective communication channels

Without strong collaboration, IT and OT will never be on the same page. By level setting their communication tools and current posture of your IT and OT security, you can foster cross-department teamwork while ensuring their efforts all contribute to the same end goal. You can do this by:

Conducting a comprehensive risk assessment.
Encouraging collaboration through communication tool parity.

Outline shared responsibilities

Closing gaps in IT and OT can’t be a one-way street. Both teams need to take on appropriate responsibilities to ensure experts work effectively within their wheelhouses while still understanding their teammates’ roles, responsibilities, and efforts. To create an understanding of IT and OT’s shared responsibilities, you need to:

Establish trusted partnerships.
Continuously assess and improve your processes.
Regularly manage updates and patches.
Review access controls and segmentation.

SHI helps close gaps and strengthen your defenses

From helping to overcome talent shortages to selecting the best cybersecurity solutions for your unique business case, SHI has over 30 years of experience helping organizations like yours improve efficiency, security, and compliance. Our cybersecurity and healthcare experts help you gain the visibility necessary to identify gaps in IT and OT, then establish a roadmap to close those gaps based on industry best practices.

If you’re a healthcare organization struggling to get IT and OT to function together, it’s not a matter of if a breach will happen, but when. Participating in SHI’s cybersecurity awareness workshop is a fantastic first step to closing the security gaps that threaten your sensitive data.

Contact SHI’s healthcare experts to close the gaps in your IT and OT processes and solve what’s next for your organization.

assessment, Endpoint Detection and Response, Healthcare, operational technology, risk management

NIST CSF and HIPAA compliance: Know your true state with SHI’s CSAW
To futureproof your data security, you need to understand your security posture today. Luckily, SHI’s cybersecurity awareness workshop can help.

Reading Time: 4 minutes Learn how to swiftly remedy the gaps and risks threatening your NIST CSF and HIPAA compliancy.

Protect users from web-based attacks with browser isolation
As cybercriminals continue to up their game, organizations need to reduce their attack surface

Reading Time: 4 minutes Cybercriminals generate, launder, spend, and reinvest more than $1 trillion a year, and it’s predicted to increase.

Looming cybersecurity threats this election season and how to stay resilient
Are your security measures up to the task?

Reading Time: 5 minutes How can organizations, especially state and local governments and related vendors, ensure the proper security measures are intact?