The United States holds the unenviable honor of having the highest average cost of a data breach, and healthcare is the most expensive industry with $3.17 million as the average cost of per breach.*
This got me thinking about the intersection of healthcare and security. Why is healthcare such a target?
Healthcare is a highly regulated industry. In the US, Federal HIPAA mandates represent the lowest common denominator and are layered with individual state regulations that can be even more rigorous. While breach remediation, notification, etc. can be more expensive in a regulated environment why is healthcare such a big target?
It’s the value of health data and the magnitude of the possible damage a breach could cause. In 2021, most doctors you visit don’t scribble notes into your paper file folder that gets locked into a secure room every night. They are typing away as you explain your complaints, capturing your vitals, medication history, and risk factors, into an application that also lets patients log-in to make appointments, review test results, and correspond with their care team. Imagine the jeopardy to individual data privacy – a big part of HIPAA – if your personal electronic data were stolen from a medical provider and used for nefarious purposes. Unlike a simple credit card record that holds a few pieces of an individual’s Personal Identifiable Information (PII), healthcare data is so valuable because it often contains all of an individual’s PII, enabling someone to commit extensive identify fraud.
Then, imagine if a hospital’s network was shut down with a ransomware attack, and medical practitioners couldn’t access their electronic records to treat patients effectively.
Now, imagine these scenarios during a global pandemic when the healthcare system is under unprecedented strain.
The value of healthcare data has never been higher both to individuals and to criminals. When the novel Corona virus – Covid-19—hit a year ago, medical professionals struggled to treat the people who started flooding their facilities. Doctors’ ability to access and share information learned from bedside experiences helped the world discover treatment options while researchers worked on vaccines. Had these health applications and networks been taken down in some systematic way, imagine how much worse it could have been.
Even with a good security posture, hospitals still have experienced security events, and many needed to reimagine some of their security procedures. One strategy is to stop playing defense, and go on the offense with capabilities like Cisco’s Managed Detection and Response (MDR). We recently published a case study and video featuring The Brooklyn Hospital Center and how they are using MDR as a key element to bolster their overall security posture. Cisco can monitor your network and detect threats reducing their discovery from days to hours. You can’t respond to a threat that you don’t know about. It takes an average of 280 days before a network threat is discovered.* Cisco’s MDR service can cut that number to hours with the combination of machine intelligence and Cisco security experts in our Security Operations Centers around the world. We can also help with timely, appropriate, and personalized remediation responses.
Healthcare executives can sleep better at night and focus on providing patient care, because we focus on managing the threats to their network and data assets.
Learn why Cisco MDR represents a better way to defend against cyberpredators by reading the IDC Technology Spotlight we’ve posted on our website.
Dr. Sam Amirfar, Chief Information Officer at The Brooklyn Hospital Center says it best:
“I can sleep better at night, with Cisco monitoring our system. We’re healthcare experts, not security experts,
so having Cisco monitoring our IT systems and keeping up with all the new tools that the hackers are coming
up with, that just makes me rest at night easier”