Between 2018 and 2019, the US healthcare industry experienced a five-fold increase in patient data breaches, with hacking accounting for more than 88 percent of them. More than half of the targeted entities were healthcare providers, primarily due to inadequate investments in cybersecurity and the negligence of unsuspecting employees.
Patient data is sacrosanct for the healthcare industry given its highly sensitive nature. In fact, patient Electronic Health Records (EHRs) are priced 10 times higher than credit card information on the dark web. Given that healthcare data is a lucrative target for cyber attackers, healthcare CXOs need a guided approach to secure their patients and enterprises against cybersecurity threats.
A value chain-led view of cybersecurity
Healthcare enterprises are becoming increasingly vulnerable to attacks as patient-centric care takes center stage and care delivery models such as mHealth and remote monitoring become commonplace. So, they must identify their crown jewels – patient data, care delivery applications, and medical devices, among others – across the value chain and allocate their cybersecurity investments accordingly. To do so, they need to contextualize threat intelligence, understand attackers’ behavior and intent, and make appropriate investments in cybersecurity to increase preparedness and reduce response time in the event of a breach.
Stress-testing the value chain-led view
To hack-proof their estates, healthcare enterprises need to adopt a value chain-led view to identify and alleviate cybersecurity concerns across four areas:
Patient engagement: Patient care starts as soon as a patient is made aware of a health condition. To prevent any patient data leaks, healthcare applications must be HIPAA-compliant, designed with patient privacy at the center, and have strong identity and access management controls.
Care/case management: The primary activities in care/case management are appointment scheduling, remote consultations, and mHealth application use, for which physicians need access to sensitive EHR data. It’s important to incorporate patient identity verification and data security layers for EHR access, as well as to build in network and endpoint security protocols to protect EHRs and devices connected to them.
Diagnostics, treatment, and monitoring: As medical devices increasingly connect to the provider network, malware attacks aimed at halting care operations threaten to disrupt hospital functioning. Healthcare enterprises can strengthen their endpoints by adopting malware protection, endpoint detection and response solutions, and device management software. Additionally, providers need to prevent unauthorized access to their systems.
Financials and network management: Providers should also invest in data and network security to make sure all patients’, payers’, and banks’ financial transactions are safe and secure.
Here’s an example of how a healthcare provider can prioritize its IT security investments in accordance with its business priorities by taking a value-chain view.
Setting the wheels in motion
Once healthcare enterprises have identified what to do to bolster security across the value chain, they need to think about how to do it. We recommend a three-phased approach:
Prioritize: Enterprises need to prioritize their investments and chart out a strategic and technical implementation roadmap. Having a cyber architecture in place, along with a future security plan, will aid implementation.
Evangelize: Once implementation begins, providers should address internal risks and change management by combining a consultative approach with a sharp focus on managed services. They should ensure that all business units across the value chain are involved for a harmonized security view.
Protect at scale: They should also invest in talent, short-term detection, and long-term threat investigation capabilities across the value chain, as well as solutions contextualized for threat management.
A real-life example of the value chain-led approach in action
US-based Trinity Health adopted an enterprise-wide data security strategy in the aftermath of the WannaCry ransomware attack in 2017. It implemented an asset management plan to govern its connected devices and networks to improve its response to adverse events. It also instituted an event response team to isolate, contain, and deploy patches when threats were identified. Realizing that its employees could also be vulnerable targets, Trinity Health initiated exercises to help them recognize and respond to cybersecurity threats. And that’s not all; it also leveraged the National Institute of Standards and Technology (NIST) Cybersecurity Framework to redesign its procurement process, technology and security assessments, and supplier evaluation responsibilities to recover in case of actual emergencies.
In an industry committed to digital transformation and increasingly embracing patient-centric care, healthcare providers must devise a well-thought-out cybersecurity strategy to protect their crown jewels across the value chain. This is the only way they’ll retain patients’ trust, drive brand value, and ensure better outcomes for all stakeholders involved.
According to the Identity Theft Resource Center, a staggering 1,200+ breaches were reported in 2018. A breach can wreak havoc on a business, including – but not limited to – loss of revenue and reputational harm. And poor incident response can compound that damage, as demonstrated by breaches at Deloitte, Equifax, Uber, and Yahoo.
Some enterprises are recognizing the importance of being prepared and able to respond to attacks: 22 percent of respondents to a 2018 Everest Group survey rated “reduction in time/effort to detect, respond, and recover from breaches” as their top strategic priority in next 12-24 months.
But given the dangers, 100 percent of enterprises need to think through and create an effective risk mitigation strategy. This is where Digital Forensics and Incident Response (DFIR) can be essential. Combining incident response with deep forensic analysis to collect and examine digital evidence on electronic devices, an effective DFIR strategy can help mitigate business risks in the early stages of an attack.
Starting on the DFIR journey: an enterprise perspective
The first step in the journey is establishing forensic analysis and incident response teams responsible for reporting, incident handling, and monitoring when a breach is detected.
The incident response team should have specific training in areas such as file systems and operating system design, and have knowledge of possible network and host attack vectors.
After a breach is detected, the forensic analysts must work closely with the incident response team to address several issues, such as isolating affected systems and making containment decisions, based on existing device, access, and data security policies. Enterprises must also update their policies regularly to stay ahead of attackers.
Putting DFIR into action
An effective incident response plan should include the following components:
A guided approach to creating a DFIR strategy
Enterprises without a cyber-attack incident response plan leave themselves open to potentially insurmountable losses. Despite the danger, they often face significant challenges in creating a plan. These challenges include:
Limited budget for plan development and forensic analysis
Lack of built-in approval systems to kick off incident response
Lack of support for cyber insurance policies
Lack of adequate skill sets to perform forensic analysis.
Our guided approach to developing a DFIR strategy can help enterprises evaluate and onboard digital forensics as part of their overall cybersecurity strategy.
Specialist DFIR offerings can help
As many enterprises aren’t equipped to improve their security posture and reduce incident response times on their own, specialist DFIR vendors – such as CrowdStrike, Cylance, and Mandiant – can assist with suites of holistic offerings. In contrast with managed security services (MSS) players, specialist DFIR vendors lead with localization as their core value proposition. Their product-centric service offerings, localization, and a guided approach help enterprises build resilient business are valuable resources for enterprises.
In fact, DFIR capabilities are becoming a deal clincher/breaker in large security transformation deals between enterprises and MSS providers. Enterprises need to carefully analyze the value proposition of their current/potential MSS partners serving as their DFIR vendor. The following checklist can help enterprises determine if their MSS providers can provide DFIR services.
Approaching DFIR in the digital world
Today’s business environment has dramatically changed the way enterprises need to address DFIR. Adoption of digital technologies such as cloud, IoT, mobility, software defined everything (SDX), etc., has made traditional forensics techniques obsolete. And issues such as evidence acquisition, validation, and cataloging are just the tip of the iceberg.
The following new approach can help enterprises effectively protect themselves against cyber attacks in the digital world.
Given what’s at stake, enterprises must understand that remaining in the dark about potential breaches can prove significantly more devastating than the time and resources required to build or onboard competent digital forensics capabilities. DFIR can be a challenge, but it’s worth it.
Please reach out to us at [email protected] and [email protected] if you are interested in exploring DFIR in further detail.
Shadow IT is an issue that just about every organization faces on some level, but when I speak to executives and IT leaders, it’s simply not a topic that comes up. When I do bring it up, it quickly becomes clear that the tech industry as a whole underestimates the size and scope of the issue. And that lack of awareness and understanding is posing an ever-increasing threat to data protection and cybersecurity.
Some executives I speak with haven’t even heard the term “shadow IT,” which refers to systems, software, or applications that individuals in an organization use on a regular basis without the knowledge of executive leadership or the IT department. And when I tell them that recent research by the Everest Group found that upwards of 50 percent of technology spend in organizations lurks in the shadows, I can see their jaws drop. This means that half their budgets are being spent on software that teams, groups, and business units are purchasing (and using) without the IT department’s knowledge.
Read more in TNW
Innovation builds a strong base over which digital investments in technology and talent enable development and execution of the right customer strategy. Retailers should focus on four key data strategies to propel business growth.
Visit the report page