As the nation gears up for impending health care reform legislation, IT leaders in hospitals, physicians' offices, clinics and other medical facilities are focusing on their own special kind of turmoil: cyberattacks.
Health care cybersecurity came to the fore after Anthem and Premera Blue Cross experienced data breaches that collectively affected more than 90 million Americans. Shortly after their disclosures, The Washington Post dubbed 2015 the year of the health care hack. But here's the rub: If 2015 earned that moniker on account of the quantity of breaches targeting health care, then 2016 has handily supplanted its predecessor.
Remarkably, health care cyberattacks increased 320 percent year over year from 2015 to 2016, according to Healtcare IT News. In other words, the cyberthreat landscape has significantly deteriorated this past year. And as deserving as ransomware is of being called the most prolific threat of 2016, it's worth pointing out encryption malware's favorite target: health care institutions. According to Healthcare IT News, 88 percent of ransomware attacks in the second quarter of 2016 targeted health care.
The bottom line is that strong information security has never been more important to the health care sector than it is right now. To properly protect patient data and critical systems, health care institutions must reform internal security measures, and there's no better place to start than with threat detection and response.
Security priority No. 1: Smarter threat detection
"Threat detection is the information security priority for 72% of health care organizations."
According to TechTarget's 6th Annual Health IT Purchasing Intentions Survey, 62 percent of respondents said that security upgrades and HIPAA compliance are their top drivers of IT change. Diving deeper, threat detection is the top information security priority for 72 percent of health care organizations.
Part of the reason for this is the increasing cost of cyberattacks. The average expense of a single incident is now $4 million, according to the Ponemon Institute. Three of four years ago, health care institutions could get away with putting their faith in perimeter defenses. But with so much money at stake, that's not really an option anymore – especially not with social engineering, advanced strains of malware and third-party breaches at large.
More importantly, ransomware and Internet of Things-related attacks have the potential to cripple a health care institution's operations. According to Healthcare IT News contributor Mac McMillan, hackers are only just getting started. He noted that the IoT attacks from 2016 "were just test runs for the real thing." That "real thing" could be the hijacking of medical devices in earnest, and for reasons beyond using them in DDoS attacks.
Next steps: A cybersecurity strategy overhaul
Organizations in health care that hope to improve threat detection need to take a more holistic approach to cybersecurity. Working with an MSSP that provides noncontextual threat detection isn't enough, because it fails in two key ways:
- It doesn't provide enough detail to execute swift incident response.
- Without greater context of the threat lifecycle, institutions cannot make overarching improvements to security posture.
So while threat detection is rightly a priority, there is a right and a wrong way to do it. The right way requires a fully fledged security operation center that whittles down network events into a core set of actionable alerts. More importantly – and this is where the SOC is so critical – threat intelligence needs to be summarized in such a way that makes the best course of action obvious to IT. What good is knowing about an incident without any context for how it occurred?
Granted, in-house SOCs don't come cheap. Staffing round-the-clock security engineers and arming them with the tools they need to get the job done can cost millions of dollars every year. This makes the task of building a SOC from the ground up extremely difficult.
That said, new managed security models are emerging that help health care organizations circumvent those challenges without sacrificing the comprehensiveness they demand from a SOC. One example is managed detection and response (MDR) services, which is an integral part of a strong SOC-as-a-Service offering. Rather than staffing security engineers and building a SOC from scratch, all of that is provided. With threat detection and response covered, IT can focus on implementing the right controls to truly improve their organization's security posture.
Click on the banner below to learn more about how MDR can help your health care institution.