Helping Healthcare Organizations Better Understand Their Breach Security Maturity

Ransomware, it’s a word I’m seeing with increasing frequency amongst security experts. And it’s one I’m keen to let others know about within healthcare because the dangers are already having a major impact on organisations in health and life sciences. A couple of months ago it was reported that a hospital in Germany suffered a security breach which led to all Electronic Medical Records being locked in what at first appeared to be a ransomware attack, with the hospital confirming that the malicious virus had been sent from an unknown source. Fortunately, in this case, the hospital added that no patient information had been accessed but they had not yet calculated the cost to the organisation in regaining access to the data.

Ransomware Could Cripple The Ability to Deliver Care

When you consider that a personal health record can be 10x to 20x more valuable to a criminal than an individual’s credit card information you begin to understand the scale and importance of mitigating a wide range of security breaches for healthcare originations. Breach types like ransomware compound unauthorized access to sensitive patient information, compromising the ability of healthcare providers to access this information and crippling their ability to deliver care. No organisation is immune from breaches.

Security Workshop for Nordic Regions

That’s why I’m excited to welcome security experts from Intel, including David Houlding, Intel’s Healthcare Privacy and Security Lead, to Sweden at the end of May 2016 for a workshop to help healthcare organisations gain a better understanding of their breach security maturity, and benchmark their priorities across 8 breach types including ransomware, as well as 42 breach security capabilities with the rest of the health and life sciences industry. The event is invite only but if you are interested in finding out more on behalf of your healthcare organization and potentially attending please do get in touch today.

At the workshop, David will be talking through and helping organisations get the most out of the Security Maturity Model developed by Intel and a consortium of industry partners. It’s a fantastic resource and, no matter which country you are based in, I would recommend attending to help you and your organisation identify where your breach priorities or security capabilities fall short of the industry and established best practices, which will enable you to make more informed decisions about where and how to invest future security spending.

The Cost Of Under-Investment In Security

There is, of course, a cost to not investing in security too. In Sweden, I have seen an example of the cost to a healthcare organization which suffered a ransomware attack. An infected file was opened from a webmail application while a doctor was connected to the hospital network. The malware began encrypting local files and those stored on the network, which included patient data from connected health centres outside of the hospital. Additionally, there was also a .txt file containing a ransom note.

Fortunately, the IT support team noticed the attack within 90 minutes and were able to successfully stop backups of the infected data and close down unauthorized access to the network. After many hours of work to rectify the breach, network access was restored some 22 hours after the initial attack. I estimate that the cost in IT resource time alone was somewhere in the region of 20,000 Swedish Krona, which equates to approximately $2,500 or €2,200. The cost in time lost by clinicians having to use workarounds and the potential loss had personal data got into the wrong hands would be multiples of this figure.

Learnings From Healthcare Security Breaches

I’m always keen to understand what lessons can be learned from security breaches such as that explained above, because only then can we start to win the battle against these cyberattacks and keep patient data safe and secure. Intel’s Security Maturity Model is a huge step forward in helping healthcare organisations better understand where they are today and where they need to go in order to mitigate the risks of a breach. This is why I’m delighted that our workshop at the end of May will bring together healthcare organisations and Intel security experts here in Sweden to share their knowledge.

- Contact the author: Johan Liden

- Security Workshop, Sweden, May 31st – June 1st: Register your interest

- Intel Health and Life Sciences: Security and Privacy