Aug 02

2017

How’s the Health of Your Security Budget?

By Great Bay Software

A recent Harvard Business Review article1 reminds us that the healthcare sector is the most heavily-targeted vertical industry. Read more in our earlier “Top Target” post. In 2016, more than 25% of all data breaches were related to healthcare. “The estimated loss to the industry is $5.6 billion per year. These stats should be a wake-up call for the entire industry.” HBR cites a combination of reasons why cyberattacks continue to plague the healthcare segment.

 

Financial and other industries have become more sophisticated in detecting and blocking cyberattacks. Criminals are motivated to find new sources of valuable data. The healthcare segment is rich in customer data and according to HBR, has been relatively slow to adopt truly effective security practices.

 

Uncertainties about changing healthcare laws, thin operating margins and growing costs are squeezing hospital budgets. The good news is that IT security spending appears to be on the upswing. In a recent survey report, 81% of respondents indicated that spending is up; compared to 60% in 2016. Budget priorities fall into three key areas:

 

Compliance is in the Driver’s Seat

 

HIPAA/HITECH, EPCS, eCFR, and others make regulatory compliance, at a minimum, cybersecurity table stakes. It’s costly to meet these complex and diverse laws and regulations, but possibly more so when not met. Therefore it’s not surprising that compliance is not just the top security priority, it may also be an organization’s overall security strategy. Yet being compliant isn’t a guarantee for protecting against breaches. In fact, there’s an interesting dichotomy where some compliance rules align with increased security while others (eg EPR) actually increase risks.

 

Protect & Prevent – Detect & Respond

 

We see evidence of increased spending in network security, endpoint protection and mobility. Given the success of cybercriminals in stealing healthcare data or pulling off ransomware attacks, conventional network security tools are not enough. Broadly deployed IoMT applications and devices significantly improve healthcare outcomes. They also have the potential to create wide-open backdoors to the network. Increasing the quality of patient care comes with risks.

 

Training and education – Skilled IT and Savvy employees

 

Investments in skills are a top priority – IT generalists must become security specialists. Companies across all industry segments are challenged

to fill cybersecurity positions. In a Robert Half Technology Survey, 41% of CIOs say that these skills are in great demand within their companies. This is driving more spending in training - from security basics to certifications. IT organizations are investing in their personnel through a wide range of classes, offered by organizations such as the SANs Institute.

 

Human error is one of the leading causes of security breaches. Training investments goes beyond IT and risk organizations. Ongoing education for doctors, nurses and other staff increases overall awareness about security risks and best practices.

 

Get the Most Bang for Your Buck

 

Are your security budgets growing? Where are you spending? Most importantly, are you seeing positive outcomes? Great Bay Software enables you to embrace your security goals with confidence. Our Beacon Product Suite is a cost-effective solution with measurable ROI. Learn how we can help you know and trust what’s on your network to identify and mitigate potential threats.

 

 Why the Healthcare Industry is the Top Target for Data Breaches

Report | Minimizing Network Security Risks Created By Medical Devices

HIMSS Securing IoMT OWB CTA button

 

 1: https://hbr.org/2017/06/11-things-the-health-care-sector-must-do-to-improve-cybersecurity

Comments

Related Posts

Aug 17

2017

It’s Always Sunny in Philadelphia

It’s Always Sunny in Philadelphia Healthcare Informatics, an-online publication, hosts a series of Health IT Summits across the country. We just returned from the Philadelphia Conference. We had...

Aug 10

2017

Is Your IoMT Security Keeping up with Regulatory Mandates?

Securing healthcare networks and devices is not just critical to operational continuity but to regulatory compliance as well. Compliance can be a veritable alphabet soup of mandates: HIPAA mandates...

Jul 11

2017

On the Record: HCIC Task Force Report to Congress

First Wannacry and now Petya. These recent global attacks are not just big headlines, but big risks as well. They demonstrate how Cybercrime is moving beyond data theft and ransomware. The Petya...

Subscribe to Blog Updates