How Does Your Healthcare IT Security Match Up Against Peers?

Ransomware is now a billion dollar a year crime and growing, and is causing severe disruption to health and life sciences (HLS) organizations. Breaches have reached alarming levels of frequency of occurrence with nearly 90 percent of healthcare organizations – often seen as vulnerable targets lagging in security compared with peers in other industries, and intolerant to disruption – have experienced a breach in the past two years.

The average total cost of a breach is now $4MM USD, with the healthcare per capita/patient cost of a breach at $355, the highest across all industries. HLS organizations are increasingly realizing that while regulatory compliance is essential, a basic compliance approach to security is no longer sufficient to adequately mitigate risk of ransomware and breaches. How much further beyond basic compliance do they have to go with their security?

This depends largely on where they stand with security, relative to peers and the HLS industry. Many attacks are broadcast/untargeted/opportunistic. Organizations that are lagging in security are more vulnerable and tend to be affected more frequently, both with cybercrime attacks such as ransomware and hacking, as well as with accidental breaches caused by well-intentioned healthcare workers. But how can HLS organizations understand how their security compares with peers and the industry? The Intel HLS Security Readiness Program now has over 100 HLS organizations from across nine countries participating, and enables these organizations to benchmark their security against peers and the industry. This confidential security benchmark includes maturity, readiness and priorities across eight key types of breaches including ransomware, and their security capabilities across 42 key safeguards.

Through this engagement they can see how their security compares, whether their organization is lagging, on par, or leading peers and the industry, whether they may be over or under prioritizing relative to the benchmark set, and if they have a gap in a specific security capability whether this is common or their organization is lagging in implementing that capability. This engagement takes the form of a one-hour workshop conducted by Intel or partner, and is confidential, and complementary (no cost to the HLS organization). This information can both help HLS security teams prioritize future security initiatives, as well as help them rally support from their stakeholders to allocate resources to address gaps.

To find out more about this program, see HLS industry level results from more than 100 organizations across nine countries, and find out more about how to participate, visit the InfraGard Cyber Health Working Group website, register to be a member, and listen to a webinar I recorded with Amylynn Errera from the FBI who also is the Cyber Health Working Group coordinator.