Proper cybersecurity
hygiene in an
environment where
the stakes are so
high cannot be
compromised.
cybersecurity hygiene in an environment
where the stakes are so high cannot
be compromised. This all starts with
effective privileged access management.
What do today’s threats look like?
With increasingly changing patient
demands come new and innovative
technologies to improve patient care.
The issue is, such fast innovation
cannot be created without the tighter
cybersecurity measures that will protect
www.intelligentciso.com
|
Issue 10
it. ePHI is now being dispersed across
expansive networks of patient monitoring
devices, mobile endpoints for employees
and self-service patient web portals,
growing the risk to healthcare providers.
Taking a holistic approach to securing
the environment is the only effective
way of reducing the risk of damaging
cybersecurity incidents and that includes
correct privileged access control.
Building ‘high walls’ to protect an
organisation’s perimeter is an out of
date approach to security. According
to the CyberArk Global Advanced
Threat Landscape Report 2018, 52% of
healthcare IT decision-makers cannot
prevent attackers from breaking into
their networks, and 59% believe that
customers’ personally identifiable
information (PII) could be at risk.
Organisations must understand that a
breach will happen to them, so they can
implement the security tools that will
prevent an attacker from gaining access
to sensitive systems.
Beware of new regulations and
their harsher penalties
While ransomware and other
cyberattacks continue to grow alarmingly,
IT organisations face an increasingly
tight regulatory environment. Strong
privileged access security (or the lack
thereof) can make or break a healthcare
organisation’s ability to demonstrate
compliance and avoid hefty fines.
The other side of the coin is
the significant operational costs
organisations face to recover from a
data breach. A Ponemon study found
that a healthcare data breach costs on
average US$380 per record – more
than 2.5 times the global average
across industries.
To demonstrate compliance with HIPAA
HITECH, GDPR and other industry
regulations, healthcare providers must
have access to documented, auditable
proof of their efforts to protect privileged
access. Audit trails require organisations
75