051616 Cybersecurity - Cybersecurity in the healthcare industry: not if, but when

Cybersecurity in the healthcare industry: not if, but when

Now more than ever, the FBI is warning healthcare providers to guard against cyberattacks. Security experts say cybercriminals are increasingly targeting the $3 trillion U.S. healthcare industry, where many facilities are still reliant on aging computer systems that do not use the latest security features. According to an article by IBM’s Security Intelligence, cybercriminals are using medical information to acquire treatment, pharmaceuticals and medical equipment, making healthcare data the most valuable target today. In fact, your medical information is worth 10 times more than your credit card number on the black market.

Last year began and ended with a series of high-profile cybersecurity attacks, starting with the pilfering of 80 million Social Security records at health insurer Anthem and culminating with infiltrations at numerous healthcare targets. These digital assaults ranged from standard malware to more sophisticated, clandestine entries, and they will only continue to increase in frequency and sophistication.

How can businesses defend themselves?

The core building block of any effective cybersecurity posture should be a deep and regularly updated understanding of the threat landscape. By helping organizations comprehend who is going to target them, why they are going to be targeted and what is going to be targeted, threat understanding enables an asset-based approach to defense that is both more efficient and more cost-effective. Increased knowledge about cyberattack methods and techniques also enhances defenders’ ability to detect attacks to their own networks.

Cybersecurity defense appears to be an exercise in laborious, never-ending tasks. However, CIOs can shore up their assets by building a team of trusted advisors, including internal and external partners. These teams can share the labor for monitoring technology developments and introducing new technologies, as well as the learnings around cybercriminal practices and evolving legislation.

Furthermore, companies must assign data owners and custodians to distribute responsibility for safety and vet suppliers, including the third-party companies with which they work. Educating employees, often a company’s weakest security link, is paramount. CIOs should also commit to regular cybersecurity drills that incorporate communication, threat assessment and risk mitigation.

Because of the insight it provides into how incidents typically evolve, good cybersecurity threat intelligence leaves a company better positioned to respond more quickly and successfully to the breaches that all firms, without exception, eventually suffer. Protection, detection and response are the bedrocks of cybersecurity, but they must be informed by intelligence about the threat.