Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Cyber-risk management in healthcare

George Grachis | March 9, 2015
If you are a risk manager in healthcare you face the same challenges as in any other Internet-connected business. For example; we are all familiar with the Target and Home Depot data breaches.

If you are a risk manager in healthcare you face the same challenges as in any other Internet-connected business. For example; we are all familiar with the Target and Home Depot data breaches.

But the fact is that all industries that connect to the Internet are subject to the same risk. What really matters is that no matter what industry; what is your organizations risk appetite? The 2014 Verizon data breach investigations report includes 1,367 confirmed data breaches, 63,437 security incidents which represented 95 countries and 50 global organizations. While finance and retail intrusions led by a huge margin we know that healthcare is in a high growth mode, between the business need to push more to data online for business efficiency and the Affordable Care Act, it's all about electronic records.

You will do this ready or not. After all it's 2015 and everything is online. The problem is that in our quest to have access to all our information anywhere anytime, we forgot about considering the risk to do so.

To make things worse, the people actually pushing us to do it now, whether it be from the business or the federal government is that, no one is considering the risk of doing so. In 2009 Leonard Kleinrock recalled for CNN the birth of the Internet. On Oct. 29 of that year, for perhaps the first time, a message was sent over the network that would eventually become the Web. Kleinrock, a professor of computer science at the University of California-Los Angeles, connected the school's host computer to one at Stanford Research Institute, a former arm of Stanford University. That was over 40 years ago.

Kleinrock: There's a very dark side to the Internet, which we're all familiar with. It started with a worm in 1988, and it became spam in 1994, and now we have pornography, we have denial of service [attacks], we have identity theft, we have fraud, we have things like botnets [pieces of software that cyber thieves use to remotely and secretly control your computer], which really worry me. One of the problems of the Internet is that we didn't install what I like to call strong user authentication or strong file authentication. We didn't anticipate the level of the dark side we see today. The culture of the early Internet was one of trust of all the users.

So what we are saying here is that the Internet was not designed to be secure, it was designed for anything but security. So what did we do back in the 1980s? We began to push everything we had online, e-commerce, electronic banking, 24 hour online shopping, medical records, our children's educational records and yes military secrets. Every single one of these sectors has suffered major losses, The F-34 Stealth Fighter secrets were reported stolen in 2013 via a cyberintrusion. The plans for Marine 1, the president's helicopter were compromised via file sharing at its contractor. JP Morgan Chase had a major hit this past year along with Sears, UPS, Target, Home Depot and Sony were also in the news.

 

1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.