Security Instrumentation for Healthcare Sciences

Healthcare sciences are prime targets for cyber attacks. According to a survey by Securing Industry, almost 67% of pharma companies have suffered serious data breaches.

June 19, 2018

Over the past few months, I’ve been meeting with Verodin customers in the healthcare industry. This includes healthcare providers such as hospitals, laboratories, imaging facilities, healthcare payers (such as insurance companies), and healthcare sciences (such as pharmaceuticals).

Here’s a recent interview with leading healthcare CISO, Jeff Vinson.

Jeff Vinson interview

So, I decided to write a three-part series and outline the various healthcare use cases that came out of my conversations. This is the final part of the series:  healthcare sciences. You can find the piece on healthcare providers here and healthcare payers here.

One quick note before diving in… I’m co-hosting an upcoming health-care focused webcast with Frank Kim of SANS Institute. Don’t miss it! (register here).

Healthcare Sciences

Healthcare sciences are prime targets for cyber attacks. According to a survey by Securing Industry, almost 67% of pharma companies have suffered serious data breaches. Hackers may also target healthcare sciences for geopolitical reasons, according to the Pharmaceutical Manufacturing article “Industrial Cybersecurity Defenses Essential for Pharma Companies.” 

For these reasons, it’s critical that the same levels of security effectiveness validation applied to healthcare providers and payers also be applied to healthcare sciences. But, based on my conversations, the sciences have a unique use case not seen in those other two categories.

Healthcare sciences spend billions on intellectual property across patented drugs and new medical research and development. This results in vast amounts of IP that must be protected, lest that investment will be diminished or lost altogether.

Some of the healthcare sciences IP is stored in traditional IT data storage solutions. These storage solutions for IP are seen in virtually all businesses including healthcare providers and payers. However, there is also a significant amount of IP stored in industrial control systems (ICS). These systems are more commonly associated with organizations working in power and energy or oil and gas, for example.

These control systems house vast amounts of data related to development. Consider a new drug. The parameters for how that drug is created includes temperature, humidity, active ingredient levels, inactive ingredient levels, mixing cycles, time, and an almost limitless number of other variables. Consider an Aspirin tablet. Sure, an Aspirin tablet contains acetylsalicylic acid (ACA) which is the active ingredient, but it can also contain various levels of inactive ingredients like carnauba wax, corn starch, Hypromellose, powdered cellulose, and triacetin.

Intellectual property related to how the process works, what steps are taken and in what order, for how long, under what environmental variables, etc. are extremely valuable and proprietary and, as such, need to be protected even though the data resides in industrial control systems.

Verodin SIP for Healthcare Sciences

I’ve already talked about how Verodin SIP can be used to help validate that the security controls protecting your data are working and that the security configuration changes you make don’t negatively impact that protection. As it relates to industrial control systems, I’ve actually got a whole blog for that: see “Security Instrumentation for Industrial Control System Environments.”

For the healthcare sciences, validating the security controls around the industrial control systems is paramount. Not only do these control systems contain valuable IP, but the control systems themselves are generally designed without a focus on confidentiality–instead, they default to high levels of availability.

This is why Verodin SIP fits into healthcare science environments so well: it’s safe. Control systems are never attacked, data is never put at risk, and system availability remains high. The Verodin SIP Actor architecture ensures that Actors only attack other Actors and in doing so, measures the security effectiveness of the security controls tasked with protecting these industrial control systems containing IP. Verodin SIP lets you get true value from your security tools.

Verodin SIP is a powerful platform for healthcare providers, payers, and sciences looking to optimize their security controls, increase value, communicate effectiveness, and reduce risk. To learn more about how Verodin SIP works, check out our website and request a demo.

Return to Blog

Get new cybersecurity effectiveness podcasts delivered straight to your inbox.

We will never sell or distribute your information.