Stolen medical records are worth 10 times more than credit card data. That’s because they contain a wealth of information needed to commit fraud, including the filing of false tax returns, obtaining credit, acquiring illegal prescription drugs, making false Medicare/Medicaid claims and committing medical identity fraud.
In fact, 91 percent of health care organizations have suffered a breach that lost patient data in the last 24 months, and 40 percent experienced more than five breaches. These firms are also increasingly targeted for ransomware attacks that can have a devastating impact on operations.
Health Care Needs a Security Immune System
Why does this matter now? The health care industry has become increasingly competitive. Customer acquisition and retention are now critical for success, and patients now have more choices in selecting a provider and health care plan.
The Ponemon Institute’s “2015 Cost of Data Breach Study” revealed that health care has the highest increase in customer loss rates after a breach at 6.1 percent, or three times the rate of retail. Patients are voting with their feet when breaches occur.
Health care as an industry has also traditionally underinvested in security at an average of 3 to 4 percent of IT budget versus a range of 3 to 14 percent in all industries. With new delivery channels including cloud and mobile, new regulations, new sources of information via medical and wearable devices and the use of cognitive computing, information has become much more pervasive, porous and shared. That makes it more difficult to secure.
According to IDC, 65 percent of consumer transactions with health care organizations will be mobile by 2018, requiring health care organizations to develop omnichannel strategies. Additionally, 80 percent of companies in the health care industry will look to leverage the cloud in some way by 2020.
Watch the on-demand webinar: Improving Health Care’s Immunity to Security Threats
Creating a Multilayered Approach
What does this all mean for a health care organization? It means taking a new approach to cybersecurity by creating a security immune system.
Security controls and practices must be designed according to an integrated, multilayered approach. Effective cybersecurity needs to be set up like the body’s immune system: a system of capabilities that work together to protect the entire organism regardless of where the threat is coming from.
The human immune system relies on layers of protection to create a barrier to disease, detect invaders when they get through and then ultimately respond to eliminate the threat. The same can be said for an effective security system, which brings together capabilities to prevent, detect and respond to threats in a continuous, coordinated fashion. It requires:
- Integrated intelligence: Correlate and analyze siloed information from hundreds of sources to automatically detect and respond to threats.
- Integrated protection: Enhance security with solutions that interact across domains to provide cohesive, easy-to-manage protection.
- Integrated research: Incorporate the latest information on vulnerabilities, exploits and malware into intelligent security solutions across domains.
- Integrated infrastructure: Security is not complete unless you take advantage of a secure infrastructure.
- Integrated incident response (IR): Firms must not only anticipate incidents, but they must also plan for them. As incident responders know all too well, solid IR begins long before an event and continues long after an incident is resolved. It’s a continuous cycle of preparation, assessment, management and mitigation.
Applying the Right Capabilities
There is a logic to all these capabilities, which fall into major security domains: data, applications, network, endpoint, mobile, advanced fraud and identity and access. Security intelligence is the brain, the central nervous system that aggregates and integrates the data and infuses analytics, cognitive learning and machine learning into domains to make them stronger. It also taps into the expertise of the team.
Think of these as domains of capabilities. Each domain has a maturity, and with the use of analytics, each can start to become truly secure. It is critically important that capabilities work together. This doesn’t mean they all have to come from one vendor, but the cybercriminals will find the spaces between the domains. The gaps are how attackers get through.
At IBM, we think seeing is believing. Watch our on-demand webinar “Improving Health Care’s Immunity to Security Threats” to learn more about our approach to security and see how a security immune system can help protect your organization.
CTO Data Security and Privacy, IBM Security