Intel and NH-ISAC Enable Healthcare to Benchmark Security Readiness

Breaches and ransomware continue to have alarming impact and disruption across the Health & Life Sciences (HLS) industry worldwide. The global average total cost of a data breach is now $3.62 million USD, with healthcare having the highest per capita cost across all industries at $380 USD per patient record[1].

Ransomware infections, such as the WannaCry attack in May 2017, severely disrupted HLS critical infrastructure worldwide as encrypted patient information became unavailable, compromising patient care, and forcing many HLS organizations to direct patients elsewhere[2]. In 2016, ransomware payments were expected to exceed $1 billion USD, according to the FBI[3].

Potential Damages of Cyber Crime

Global ransomware damage costs are predicted to exceed $5 billion USD in 2017, up over 1,400 percent from $325 million USD in 2015[4], making cyber crime and ransomware increasingly lucrative and likely to continue to grow going forward. Many breaches and ransomware attacks are untargeted, opportunistic, and tend to affect HLS organizations that are lagging in cyber security and relatively vulnerable.

However, HLS organizations typically don’t know how their security compares with the industry and peers, and if they are lagging and relatively vulnerable. The Intel Security Readiness Program (SRP) is a global, open industry collaboration with over 40 partners collaborating worldwide to enable HLS organizations to benchmark their cyber security against the HLS industry, and peer organizations of a similar focus, locale, and size. At present this program has over 126 HLS organizations participating across nine countries. In this blog, we share highlights from the industry level, aggregate and anonymous results of the SRP.

Ransomware (86%) is by far the highest priority, followed by Cybercrime Hacking (78%), and Insider Accidents or Workarounds (64%). A wide distribution in security readiness is evident across all eight breach types, (e.g. for ransomware readiness scores range from 17 percent to 91 percent with an average of 58%), indicating there are many HLS organizations that are significantly lagging in security and relatively vulnerable.

Data Breach Type Readiness Scores

The readiness score for a given breach type assigned to an HLS organization participating in the program reflects the percentage of capabilities the organization has implemented that are relevant to mitigating risk of that breach type. Average readiness scores across eight breach types range from 47% to 60%, indicating the HLS industry has much room for improvement in security. Several foundational security capabilities in the baseline tier of maturity have relatively weak levels of implementation, including Audit and Compliance (58%), Endpoint Device Encryption (60%), and Security Incident Response Plans (61%).

These represent specific areas of improvement in security posture for the HLS industry. On the other hand, several foundational security capabilities in the baseline tier had relatively strong levels of implementation including Firewall (92%), Anti-malware (91%), and Email Gateway (90%). These represent areas where the HLS industry is relatively strong in security.

Future breaches and ransomware are likely to increasingly use untargeted, opportunistic attacks that use broadcast phishing emails, computer worms, and other highly scalable propagation techniques to infect and penetrate the broadest possible target base, thereby increasing their TAM for monetization.

Such attacks will continue to affect organizations that are lagging in security, and relatively vulnerable. This makes it increasingly important for HLS organizations to understand how their security posture compares with peers and the industry, if they may be lagging, if so specifically where, and be prepared to proactively remediate security capability gaps as needed to mitigate risks and enable improved patient care.

Security Readiness Webinar Schedules

Join Intel and NH-ISAC on August 7th at 2:00 pm EDT, for a complimentary Intel Security Readiness Program Overview Webinar, where we will share further information on the Healthcare Security Readiness Program and the industry level results and insights coming from it.

In addition to this, on August 9th at 2:00 pm EDT, we will be running a complimentary group Healthcare Security Readiness Workshop Webinar.

Join and participate in the program, and receive your confidential security readiness report. Through collaboration and benchmarking, healthcare organizations can tackle breaches and ransomware, lower risks, and enable improved patient care.

If you have questions about the Intel Healthcare Security Readiness Program or would like to see our program overview and sample assessment report, please visit www.Intel.com/securityreadiness.

You can also email us at securityreadiness@intel.com with your questions.

 

[1] Ponemon 2017 Cost of Data Breach Study – Global Overview https://www.ibm.com/security/data-breach/

[2] WannaCry Ransomware Attack https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

[3] Ransomware: Now a Billion Dollar a Year Crime and Growing http://www.nbcnews.com/tech/security/ransomware-now-billion-dollar-year-crime-growing-n704646

[4] Ransomware Damage Report by Cybersecurity Ventures http://cybersecurityventures.com/ransomware-damage-report-2017-5-billion/