[ad_1]
This voice is auto-generated. Please let us know if you have any feedback.
Editor’s Note: Retired General Keith Alexander is the Chief Executive Officer of IronNet and Adrian Meyers is the Chief Information Security Officer of the health insurance nonprofit Premera Blue Cross.
A repository of valuable patient information and low tolerance for downtime, the healthcare sector continues to take a heavy hit from cyber attackers. Healthcare has the highest average cost of breach of any sector, up 42% from 2020.
In particular, most organizations are highly organized cybercriminals and state-state actors (e.g., North Korea).
The healthcare ecosystem is a target-rich environment for adversaries as digital transformation takes place across a sector comprised of an endless network of third-party providers and suppliers. According to Experian, we all know they’re primarily after protected health information, but on the dark web, about $1,000 per record (about $5 per credit card number, $1 per social security number, $10 per record). dollars) can be obtained.
Against this backdrop, investments to secure non-patient IT infrastructure typically lag other sectors, even though the ultimate impact can directly impact patient care. is taking Additionally, many healthcare organizations are not adequately staffed for the security risks commensurate with their environment.
How can we undo the scale? The answer is to take a “holistic” approach to cybersecurity and scale your cyber defenses.
The days of protecting alone are over
The entire healthcare ecosystem must be pieced together and connected so that we can not only strengthen the defenses of specific organizations, but also strengthen the collective defenses of the entire sector. This means enabling healthcare providers, payers, and even employers investing in group healthcare programs to work together in real time to protect the healthcare ecosystem at scale.
We call this strategy a “holistic” approach to cybersecurity. It is built on two-way trust so all stakeholders can work together to share real-time threat intelligence as cyber threats are shaping up (e.g., command and control ( C2) The infrastructure is set up long before the attack itself occurs. should also be open to sharing with governments. – Sector networks.
For this approach to be successful, the healthcare sector will need to overcome a systematic fear of sharing threat data. This is a legitimate fear caused by stringent data privacy regulations and compliance requirements.
It is important to recognize that cybersecurity threat sharing is based on fully anonymized data. It’s the easy part handled by technology. Cyberthreats on networks can be detected using behavioral analytics without the need for company or personally identifiable information. This level of security applies to businesses and organizations with on-premises, cloud-based, or hybrid network environments.
The difficult part is addressing long-standing fears that sharing information will put the reporting organization out of compliance. As such, the language of the Critical Infrastructure Cyber Incident Reporting Act of 2022 regarding the protection of private entities when sharing cyber threat information is critical in clarifying what threat sharing really means for healthcare. important to and, more importantly, to reconfigure the relationship between the public and the public. and private bodies. We must bring about this collective mind shift.
A “whole health” approach to cybersecurity complements current efforts by Health-ISAC. Because it adds both actionable attack intelligence on new and emerging threats and a real-time, radar-like picture of the cyberthreat landscape. .
Let’s create a “phalanx of abilities”
This approach creates a “ability phalanx” that allows sectors to defend at scale.
Military operations rely on the convergence of expertise such as battlefield intelligence, special operations intelligence, and multi-weapon operations expertise. In cyberspace, once you start thinking about creating a phalanx of capabilities, your ability to hit objectives and successfully complete missions increases exponentially, making it much harder for enemies to bring down mission objectives.
In addition to leveraging the collective expertise and resources of the collective defense community for health care, this phalanx will need to layer public sector and government functions to complement private sector insights. By leveraging this phalanx, a healthy cybersecurity community can help all stakeholders understand a common outcome: collective defense for sector and national improvement.
leave no healthcare entity behind
A collective defense community that unites payers, providers and employers changes the adversaries and the overall health care calculus, especially for small businesses facing ongoing resource constraints. They can take advantage of volume by leveraging the expertise of hands-on analysts in larger, more resource-rich organizations. Greg Garcia, Executive Director of the Healthcare and Public Health Sector Coordinating Council Cybersecurity Working Group, said recently at the HIMSS Healthcare Cyber security Forum:
This whole-health approach creates a sort of cyber peloton that draws in those who may not be as cyber-strong as the pack leader, cutting through the headwinds and competing before the enemy as a collaborative group where everyone has the same eye. Goal: better defense.
Whole-health cybersecurity is back to protect patient care
Cybersecurity is not an IT issue. This is essential for healthcare organizations, whether they are providers, payers or employee stakeholders, to provide high quality patient care while protecting and safeguarding their data. His CIO David Finn, a member of the U.S. Health and Human Services Cyber Task Group, identified this particular challenge. We are making progress in this area, but the industry has taken time to realize that this is a corporate risk issue. “
Acting now is essential. Opting into collective defense is no longer an option for the healthcare sector. Public-private cooperation across the ecosystem of providers, payers and employers is required if there is even the slightest chance of countering cyber attackers. Don’t put off this important cyber-healthcare health check any longer.
[ad_2]
Source link