Healthcare organizations have some of the toughest problems of any industry when it comes to securing their computing environments. They must meet strong regulations, secure massive amounts of data, deal with many types of internal users and devices, and approach the task with an understanding the risks are much higher than normal enterprises. Protection of patient data breaches and financial fraud are important, but more critical aspects must also be considered. Life safety systems must not be impacted from denial-of-service attacks and integrity compromises. A simple altering of medication manufacture or patient dosage assignments could have catastrophic consequences. Additionally, healthcare companies face strong regulatory oversight and scrutiny when it comes to patient privacy as well as drug handling and distribution.
One aspect which is no different than other organizations is the fact they have much to secure and not enough resources to cover everything. They must prioritize and make intelligent decisions. One way to get a grasp on the most important threats is to understand the attackers. If you know who is attacking you and why, resources can be efficiently mustered to the defense.
Applying the Threat Agent Risk Assessment (TARA) methodology can help. With that in mind, Intel has released a whitepaper discussing improvements to healthcare risk assessments in order to maximize security budgets.
To my collogues in the healthcare industry, who are on the frontlines defending their electronic ecosystems from attack, I hope you find value in the paper.