In this episode of the SecurityIntelligence Podcast, IBM Security public sector product marketing manager Bill Venteicher tackles the challenges of healthcare security with IBM’s director of security solutions, Jennifer Kady. In her nearly two decades with IBM, Kady has worked side by side with chief medical and healthcare security officers and developed deep knowledge of healthcare and life science concerns.
Taking Stock of Healthcare Security Trends
While awareness of healthcare attacks is reaching an all-time high, serious threats persist. Organizations reported more threats in the second quarter of 2018 than in the first, and July 2018 may be the worst month on record. Kady identifies three key security trends for healthcare enterprises:
- Data governance: Who has access, and to what? What can doctors and patients access using Internet of Things (IoT) medical devices?
- Security budget: Strict regulation often limits healthcare security budgets, making enterprises in the sector prime targets for ransomware.
- Cloud adoption: How do companies scale current security to the cloud without losing the ability to safeguard and manage data?
Breaking Down People, Processes and Security Budgets
For Kady, improving the healthcare cybersecurity outlook starts with people and processes. Organizations must understand who has access and what they’re doing with it. Next, processes must be put in place to patch devices and quickly remove users as required. Education remains a key component; many users “still click on everything” and healthcare agencies must develop processes to find and educate these users.
Many organizations also struggle to implement effective security due to budget constraints. As Kady notes, however, healthcare breaches are twice as expensive ($406 per capita) as the next leading industry ($200 in finance). In Kady’s experience, what really turns the tide are more indirect concerns, such as poor disposal of data leading to theft or loss, or the loss of patients because they don’t believe their data will be protected. Not only does great security bring patients back, but they’re willing to pay more for the assurance of data defense.
What’s the Treatment Plan for Improved Healthcare Security?
Kady recommends establishing partnerships with incident response specialist teams, such as IBM’s X-Force Incident Response and Intelligence Services (IRIS), which assists security professionals if and when a breach occurs and helps them gain a better understanding of the threat landscape with in-depth consultations and tabletop exercises. When it comes to protecting healthcare data, it’s worth paraphrasing the old doctors’ adage: An ounce of prevention is worth (at least) $406 dollars of cure.
If you enjoyed listening, please consider rating the podcast or leaving your feedback on iTunes or wherever you listen.