Typically, healthcare does not operate independently; multiple technology suppliers support daily operations in a hospital or clinic environment through the handling of billing services, eligibility verification, and data transfers and exchanges between healthcare organizations. These types of systems have been built and optimized around speed and interoperability, as opposed to long-term security.

Healthcare infrastructure suppliers process large volumes of patient records on behalf of hundreds (if not dozens) of client organizations and their infrastructure products are designed to be the "highways" for transferring patient data between providers, payers, and the administrative entities that support them.

The TriZetto Provider Solutions Data Breach event truly exemplified the risk associated with the centralized technology found within the healthcare sector. In fact, the breach occurred as a result of the underlying and functional architecture that supports the ability for healthcare organizations to provide care.

The primary strengths of these platforms are their uptime and interoperability capabilities. When a disruption occurs, it can affect a provider's ability to file claims for reimbursement from a payer, create disruption in the ability of a patient to receive care, and create regulatory penalties for the healthcare organization. Accordingly, there must be a careful balance between the timely implementation of security patches and structural redesigns of the platform and maintaining the operational continuity for their client.

Data longevity is a significant issue facing the healthcare industry. For example, eligibility records, insurance identifiers, and demographic information are often retained well past their clinical relevance. As time progresses, archives become increasingly difficult to audit as they do not always keep in pace with advances in health information technology and evolution of data governance policies.

Another important challenge for vendors operating in the healthcare space is managing security through shared responsibility models. An example of a shared responsibility model is that providers expect vendors to handle security, while vendors expect providers to control access. It is also important to note that during a health-related cyber-incident, it is often unclear who is accountable for what; thus complicating response and communication efforts.

The interconnectedness of the healthcare field requires that back-end infrastructure provides defined security postures for the industry. Therefore, ensuring that patient data is secure is equally dependent on both the back-end platform and front-line care settings.

Achieving resilience in the healthcare sector will necessitate repositioning the healthcare sector's approach to infrastructure as a public health issue. When a care system relies on digital technology for the delivery of services, the failure of that technology will have repercussions outside of just the IT department.