Three Ways for Healthcare to Handle Cyber Threats
September 3, 2019 | Security and Risk | Jessica Sirkin
The cost of a data breach has surged over the past five years to almost $4 million per breach. Yet, while every industry is a target, some are being hit harder than others. A recently released study shows that healthcare organizations face an average of $6.5 million per incident, which is about 60 percent higher than other industries.
The modernization of networks, increase in merger and acquisitions (M&A) and Internet of Medical Things (IoMT) makes healthcare a particularly attractive target for cyber attackers. Add the growing need to share information and it’s easy to see why healthcare breach costs are soaring.
Bryan Murphy, Director, Consulting Services – Americas, recently wrote a series of articles for HealthcareITNews, exploring the evolving healthcare threat landscape and outlining steps providers should take to strengthen their overall cybersecurity posture. Following are highlights:
Prioritizing Privilege to Protect Patient Data
Fast-expanding, interoperable care delivery networks generate huge volumes of patient data – or Electronic Personal Health Information (ePHI). From birth dates and social security numbers to private health concerns and detailed illness histories, healthcare information can be much more valuable to cyber attackers than credit card numbers. Furthermore, external attackers are not the only threat: A recent study shows that one in five healthcare employees would be willing to sell sensitive information to unauthorized parties for less than $1,000.
Healthcare organizations need privileged accounts and credentials for administrators to access applications or data, or for devices to access the systems created by the technological advances of the past two decades – especially ePHI. For example, cloud-based Electronic Health Record (EHR) applications, patient diagnostic data integration from third-party services and payer organization reimbursement processes all require privileged access. Cyber attackers recognize this and look for ways to exploit weak points across the continuum of care to find and use to escalate privileges and get their hands on ePHI.
According to industry experts, protecting privileged access is the single best way to mitigate risks associated with ePHI theft and the people and devices that can access it. Learn more by reading the full HealthcareITNews article.
Healthcare Can’t Wait for Device Makers to Prioritize Security
Internet-connected medical devices – such as infusion pumps, heartrate monitors and even imaging and biopsy tables – have become a critical part of the healthcare environment. However, this broad movement of connected devices represents a growing cybersecurity threat that puts patient data, medical information and, potentially, patient wellbeing at risk.
Securing connected devices – both unsupported legacy devices and new IoMT devices – has emerged as one of the top priorities for healthcare IT security professionals. In fact, medical devices now outnumber healthcare industry staff three to one.
Healthcare leaders are prioritizing establishing privileged access controls to secure and manage the accounts, credentials and secrets that can give users wide-ranging powers on a device, network or third-party application. Read the full HealthcareITNews article for more details.
How Healthcare CISOs Can Triage IT Risk
As the healthcare industry embraces digital transformation, ransomware and insider threats, third-party breaches are getting more sophisticated and more difficult to prevent. Healthcare CISOs must mitigate the dangers of these daily threats and, at the same time, quantify cybersecurity risk in dollars and cents.
To do this effectively, healthcare CISOs need to understand how every employee, application and IT technology impacts their risk profile. This requires a redefinition of the way they assess risk and new skillsets and tools to help make the right cybersecurity investment decisions.
By understanding the threats and outcomes that could have the greatest impact on both the bottom line and day-to-day care of patients, healthcare CISOs can more effectively identify potential cyber threats and where the greatest impact is to the organization. Learn more about cybersecurity measurement and reporting, as well as frameworks that help quantify risk and risk mitigation ROI, in this HealthcareITNews article.
Healthcare providers require strong privileged access management (PAM) to minimize risk and protect their investments in integrated care delivery networks. The CyberArk Privileged Access Security Solution helps providers protect ePHI, secure complex delivery networks, safeguard investments and deliver quality patient care with confidence. Learn more in our eBook, infographic and on-demand webinar.