Welcome!

Cloud Security Authors: Yeshim Deniz, Zakia Bouachraoui, Liz McMillan, Elizabeth White, Ravi Rajamiyer

Related Topics: Cloud Security, Agile Computing, @CloudExpo

Cloud Security: Article

Healthcare: The New Arms Race Is in Cybersecurity | @CloudExpo #Cloud

Cybersecurity personnel are tasked with the onerous and difficult job of protecting the core network and departmental systems

The evolution of cybersecurity as it relates to healthcare in the United States is by most standards in its infancy, but this situation is changing quickly. The industry is scrambling to shore up defenses as cyberattacks and breaches increase.

Very few people, if asked twenty years ago, would have predicted that stolen medical records would be such a massive criminal enterprise. The rapid expansion of EHR/EMR has created an unparalleled opportunity for criminal fraud and abuse. A recent Ponemon study found that the healthcare industry has the highest breach costs of any industry at $363 per stolen record.

Cybersecurity personnel are tasked with the onerous and difficult job of protecting both the core network and departmental systems found in healthcare operations. This is particularly true in multidisciplinary and multi-location healthcare facilities. Historically, typical cybersecurity deployments built walls around the perimeter and static internal defenses; this strategy alone has failed for the same reason the French strategy of the Maginot Line failed in World War II. The adversaries are too agile and able to infiltrate multiple locations via speed, stealth, and sometimes brute force. Traditional security technologies simply cannot protect or react fast enough. Make no mistake, there's a new arms race and it is in cybersecurity. The Internet and increasing interconnectivity of medical systems and devices is exacerbating the problem by constantly increasing the healthcare industry's attack surface and exposure. In many ways it's the same reason why perimeter strategies and static defenses alone also fail to protect us from physical terrorist attacks. The attack surface has become both physical and virtual in all aspects of our lives.

It's becoming clear the healthcare industry needs to join with and enhance some of the best cybersecurity practices of financial and insurance institutions. Financial institutions would never consider short changing physical security, alarms, vaults, etc. This mindset has made their industry one of the notable early adopters of security defense in depth strategies. It is widely accepted in the financial industry sector that advanced cybersecurity solutions need to go well beyond the perimeter. They extend deep into the core networks in their data centers. Financial institutions have responded by rapidly adopting a layered defense approach that includes behavioral analysis tools designed to protect their most important data. The assumption is that traditional defense practices are inadequate and therefore render existing assumptions invalid.

The latest generation of cybersecurity assumes previously trusted entities may now be compromised and may act maliciously, typically targeting the heart of every corporation, where the most sensitive digital asset is located. Under such assumptions it is now clear that a different approach that employs a constantly adapting set of assumptions and focuses on behavioral aspects is the way forward. Advanced behavioral cybersecurity methods will allow healthcare providers to detect attacks on their EHR/EMR data that today remain invisible until it is too late. Very large sums of money are being spent on post-attack forensics, as opposed to prevention. Cybersecurity is just like most chronic disease issues. Prevention is generally less costly and the most effective strategy. The bright side is that the new behavioral cybersecurity detection solutions do not require a lifetime of planning. We are not foolishly suggesting that healthcare providers abandon forensics and remediation. What we are advocating and suggesting is that a transition to new advanced behavioral technology protecting the core EHR/EMR will yield significant economic benefit.

Will healthcare embrace these latest generation cybersecurity technologies? Well surprisingly enough, there's an apparent disproportion between the size of the industry and the investment in cybersecurity. Interestingly, the financial and insurance sectors represent only eight to nine percent of GDP in the U.S. while healthcare is in excess of 17 percent and is expected to expand to as high as 21 percent by the year 2021. It is generally accepted that cybersecurity is one of, if not the top, initiatives in financials but rarely so in healthcare. Given its significant percentage of the overall U.S. economy, healthcare needs to become a leader and early adopter of behavioral cybersecurity technology that protect their core EHR/EMR and prioritize it more appropriately.

It is understandable that healthcare naturally wants to funnel all their resources into improving the level and quality of patient care through advanced analytics such as population analysis. These are laudable and appropriate goals. Sadly, billions of dollars are being siphoned off through cyber theft and fraud. We often find healthcare providers with the misguided view that cybersecurity is a bothersome expense. The facts are that in the healthcare industry improved cybersecurity represents a significant opportunity to recapture billions of dollars in lost revenue. It is time for healthcare providers to lead the way in the protection via early detection of medical records and sensitive data breaches. In doing so they will end up savings billions of dollars that could then be put to the purpose originally intended - to improve the level and quality of care in America.

More Stories By Mark Keelan

Mark Keelan is RVP Sales at DB Networks, a provider of database cybersecurity.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...