Healthcare security is a difficult prospect, better risk assessments can help

Healthcare organizations have some of the toughest problems of any industry when it comes to securing their computing environments.  They must meet strong regulations, secure massive amounts of data, deal with many types of internal users and devices, and approach the task with an understanding the risks are much higher than normal enterprises.  Protection of patient data breaches and financial fraud are important, but more critical aspects must also be considered.  Life safety systems must not be impacted from  denial-of-service attacks and integrity compromises.  A simple altering of medication manufacture or patient dosage assignments could have catastrophic consequences.  Additionally, healthcare companies face strong regulatory oversight and scrutiny when it comes to patient privacy as well as drug handling and distribution.

One aspect which is no different than other organizations is the fact they have much to secure and not enough resources to cover everything.  They must prioritize and make intelligent decisions.   One way to get a grasp on the most important threats is to understand the attackers.  If you know who is attacking you and why, resources can be efficiently mustered to the defense.

Applying the Threat Agent Risk Assessment (TARA) methodology can help.  With that in mind, Intel has released a whitepaper discussing improvements to healthcare risk assessments in order to maximize security budgets.

To my collogues in the healthcare industry, who are on the frontlines defending their electronic ecosystems from attack, I hope you find value in the paper.

Improving Healthcare Risk Assessments to Maximize Security Budgets.pdf

Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.