A Q&A with Logicalis experts Ron Temske, Ed Simcox, and Mike Johnson
Healthcare data is among the most valuable data on the black market today, which makes medical organizations prime targets for cyberattacks. What are the threats, what can you do to protect your healthcare IT data, and what are some of the barriers standing in the way? To find out, we asked three of Logicalis US’ top experts: Ron Temske, Vice President of Security Solutions; Ed Simcox, Practice Leader for Logicalis Healthcare Solutions; and Mike Johnson, Director of Technical Sales.
Q: What are some of the most significant threats surrounding patients’ protected healthcare information (PHI) today?
RT: There are really two emerging threats – the first is to steal patients’ protected healthcare information (PHI) from providers and sell it on the black market. The value of PHI data on the black market is estimated to be as much as 50 times that of stolen credit cards, for example, which means healthcare organizations are being targeted more often than their counterparts in other vertical markets today.
The second emerging threat is ransomware. Because healthcare providers have such strict regulatory requirements for how they handle PHI data, healthcare CXOs are particularly concerned about data breaches. Savvy cybercriminals know this, and those running multi-million-dollar ransomware enterprises are also targeting large healthcare organizations that have the money to pay hefty ransoms should their patients’ data be compromised.
Q: What can the healthcare market do to better protect this information?
ES: When it comes to protection, the safeguards that need to be put in place in the healthcare sector are really no different than in any other vertical market segment.
The key is to understand that no organization is immune to cyberthreats, and to prepare for how you will thwart an attack before it happens, detect it when it happens, and recover from it after it happens. Planning ahead and having the right strategy in place is the best thing that a CIO can do, and that often includes working with an experienced solution provider that can help identify gaps in protection and present the latest advancements in both security and IT solutions for consideration.
Q: What is the biggest barrier for healthcare organizations when it comes to improving their cybersecurity efforts?
RT: IT budgetary restrictions is probably the No. 1 barrier to improving cybersecurity in healthcare. Since budgets are tight, the first thing that has to be established is what you are trying to protect, and whether or not all of your digital assets need the same level of protection. Most organizations don’t think that way; they see security as a single, across-the-board, ubiquitous solution. People often think if they have a firewall and anti-virus in place, they’re secure. Others believe no one is targeting them. In both cases, nothing could be farther from the truth.
Q: What steps can healthcare CIOs can take to address cybersecurity issues moving forward?
MJ: There are three important steps healthcare CIOs can take to combat cyberattacks:
First, IT pros charged with protecting mission-critical data assets need to see everything, which means they need to be “network omniscient.” In other words, they need the ability to see – either physically or virtually – what is happening from end to end throughout their data network at all times.
Second, they need to be prepared. While prevention is the best medicine, even the best cyber defenses are penetrable. IT pros need to be able to quickly detect breaches, and to have pre-planned procedures at the ready to intervene. To do this requires constant vigilance; breaches can happen at any time, on any day, without any notice. Real-time data sharing across the network and beyond will help experts focus on potential threats and stop them in their tracks when they do occur.
And third, they must eliminate gaps in their armor. Securing the corporate network is, of course, vital, but that security must also encompass mobile, endpoint, cloud and data center resources. Having a unified set of policies and procedures as well as a method for centrally managing the organization’s IT infrastructure from end to end will eliminate some of the gaps that spell opportunity for hackers and will increase the IT department’s ability to more quickly detect breaches that do occur and enforce security measures that will reduce the damage done.
Want to learn more? Listen to an instant replay of a recent Logicalis ransomware webinar, then test yourself with 10 tough security questions every CIO must be able to answer. Explore the secret to protecting your organization’s digital assets as well as the best ways to prepare your network before, during and after an attack, then find out why some cloud providers are not equipped to protect your enterprise data from loss – and what you can do about it.