Over the past few months, I’ve been meeting with Verodin customers in the healthcare industry. This includes healthcare providers such as hospitals, laboratories, imaging facilities, healthcare payers (such as insurance companies), and healthcare sciences (such as pharmaceuticals).
So, I decided to write a three-part series and outline the various healthcare use cases that came out of my conversations. This is the first installment of the three: healthcare providers. You can find the piece on healthcare payers here and healthcare sciences here.
According to an Experian Study, Healthcare is the most targeted sector for cyber attacks. Ransomware was one attack type that was particularly concerning in my conversations. I learned that healthcare providers want to know if their security controls are effectively blocking, detecting, correlating and alerting before they experience a breach.
Healthcare providers are responsive to the idea of validating that their security controls are protecting their critical assets (including specialized medical devices and electronic healthcare records ([EHR]), are secure, and remain secure across network, endpoint, cloud and email security controls.
There is a definite need for security controls to protect patient records and the copious amounts of sensitive data that reside within healthcare provider environments. Providers are particularly concerned about sensitive data loss from their data centers and clouds. The HIPAA Journal even shows that some of the 2017 healthcare breach statistics amplify this. For example, Commonwealth Health Corporation exposed ~700k of records, Airway Oxygen Inc. exposed ~500k records, and Women’s Healthcare Group of PA exposed ~300k records. In total, there were about 342 reported healthcare security breaches in 2017.
Healthcare providers have to follow a large number of regulatory mandates and require illustration that they are in compliance. Mandates include HITECH, HIPAA, PCI DSS, SOX, DPD, and EPCS as well as state laws and other regulations. And HIPAA breaches can cost several hundred dollars per victim when you include: investigations, remediation, notification letters, identity theft prevention, fines from the Office of Civil Rights and/or the Attorney General, reputational issues, class action lawsuits, and more.
Healthcare providers direly need more empiric information about the state of their security effectiveness that isn’t predicated on qualitative risk scores and subjective analysis. But even more, healthcare providers need their security effectiveness measures to be automated and continuous. Specifically, I’m talking about producing juxtaposed to annual (or semiannual) results that are manually intensive, error-prone, and costly.
Verodin SIP for Healthcare Providers
Verodin SIP for healthcare providers helps by allowing healthcare providers to validate that their security controls work as well as that configuration changes provide the desired results. Further, Verodin SIP provides healthcare providers with advanced environmental drift analysis which facilitates automated, ongoing validation that security controls that are functioning correctly, continue to operate correctly across network, endpoint, email, and cloud.
One key area of focus for Verodin SIP is the validation that data security solutions, such as DLP, are mitigating data loss through the accurate prevention, detection, and integration with management stack solutions like SIEMs that correlate and alert. In addition to DLP, our team focuses on ensuring that security controls are protecting systems that house data from outsiders as well as insiders (i.e. firewalls, IPS, WAFs and endpoint security controls) and that they are effective. This level of security validation needs to extend beyond the data center to cloud-based solutions as well.
For healthcare providers, validating security controls with Verodin SIP against a wide number of attacks is important. But equally important is validation against attacks that are particularly relevant and painful for healthcare providers, such as Ransomware like WannaCry. And since there’s no shortage of new attacks or attack variants, it’s important to be able to leverage capabilities like the Verodin SIP Open Content Platform. This is so that information from ISACS, such as the NH-ISAC, threat intelligence sources, PCAP databases, and other third-party attack information repositories can be personalized and operationalized. With this platform, security effectiveness can be quickly and easily measured and improved in the face of new threats.
It’s understandable that, like many organizations, healthcare providers don’t have massive security teams or budgets. However, now they can utilize Verodin SIP to get the most value out of their existing security controls, which will allow them to prioritize new investments by retiring unneeded security controls and saving money. Leveraging executive reporting to easily communicate security trends and overall effectiveness prove to be an invaluable capability to these teams with limited resources.
Verodin SIP is a powerful platform for healthcare providers, payers, and sciences looking to optimize their security controls, increase value, communicate effectiveness, and reduce risk. To learn more about how Verodin SIP works, check out our website and request a demo.