Intelligent CISO Issue 10 | Page 75

Proper cybersecurity hygiene in an environment where the stakes are so high cannot be compromised. cybersecurity hygiene in an environment where the stakes are so high cannot be compromised. This all starts with effective privileged access management. What do today’s threats look like? With increasingly changing patient demands come new and innovative technologies to improve patient care. The issue is, such fast innovation cannot be created without the tighter cybersecurity measures that will protect | Issue 10 it. ePHI is now being dispersed across expansive networks of patient monitoring devices, mobile endpoints for employees and self-service patient web portals, growing the risk to healthcare providers. Taking a holistic approach to securing the environment is the only effective way of reducing the risk of damaging cybersecurity incidents and that includes correct privileged access control. Building ‘high walls’ to protect an organisation’s perimeter is an out of date approach to security. According to the CyberArk Global Advanced Threat Landscape Report 2018, 52% of healthcare IT decision-makers cannot prevent attackers from breaking into their networks, and 59% believe that customers’ personally identifiable information (PII) could be at risk. Organisations must understand that a breach will happen to them, so they can implement the security tools that will prevent an attacker from gaining access to sensitive systems. Beware of new regulations and their harsher penalties While ransomware and other cyberattacks continue to grow alarmingly, IT organisations face an increasingly tight regulatory environment. Strong privileged access security (or the lack thereof) can make or break a healthcare organisation’s ability to demonstrate compliance and avoid hefty fines. The other side of the coin is the significant operational costs organisations face to recover from a data breach. A Ponemon study found that a healthcare data breach costs on average US$380 per record – more than 2.5 times the global average across industries. To demonstrate compliance with HIPAA HITECH, GDPR and other industry regulations, healthcare providers must have access to documented, auditable proof of their efforts to protect privileged access. Audit trails require organisations 75