Resilience Is the Lifeblood of Digital Health

November 7, 2016

Estimated Time to Read:5 minute read

Resilience Is the Lifeblood of Digital Health

Last month, around 1.3 million records belonging to over half a million blood donor applicants were breached when the Australian Red Cross' web development agency Precedent left a database backup exposed on a public website. The venerable non-profit has since taken responsibility and apologized for the incident, despite being the fault of a third party agency. If anything, the mishap serves to illustrate that resilience—not stronger cybersecurity—is the key enabler of safe healthcare digitization.

The incident* is certainly not the most serious of security mishaps to befall the industry in recent years, as the breach was not the result of criminally motivated actions. Unfortunately, this is not the norm: a recent study by the Ponemon Institute found that 90% of healthcare organizations suffered a data breach in the past two years, with criminal attacks comprising the majority (50%) of these breaches. You've likely seen the driving figures behind the rise of financially-motivated attacks on healthcare: medical information is worth 10 times more than credit card data on the black market. Check out our 2016 CSTAR Report on Healthcare for more information regarding medical and healthcare-related data breaches. 

Free eBooks on DevOps and Security

Robert Lord, a fellow at cybersecurity think tank ICIT and CEO of patient privacy analytics firm Protenus, speaks to the plight of digital healthcare/medicine in a recent interview:

"As a nation, we are in a serious crisis right now. What we did was spend tens of millions of dollars rolling out electronic health records. We put very little thought into how we were going to protect that data. We digitized 300 million Americans' lives, but all that information is protected in a rather weak way. Unfortunately, hackers have decided that healthcare is a very soft target, and that protected health information is extraordinarily valuable." 

Resilient Models for the Healthcare Industry

Banking/finance and retail enterprises have been the traditional, long-standing targets of cybercrime; lessons learned from firms operating in these industries can therefore serve as viable models for healthcare organizations to not just survive, but thrive in increasingly hostile cyber threat landscapes. Stronger cybersecurity tooling is one part of the equation, but—implemented on its own—merely buys organizations a scant window between cyber attacks. For this reason, firms have gradually moved towards digital resilience, or a risk-based approach to dealing with inevitable data breaches. Security incidents can either have devastating or recoverable consequences—resilient firms are more likely to find themselves on the latter side of these two outcomes.

Volumes have been written on strategies for achieving digital resilience, but a practical starting point for aspiring organizations is the proper assessment of third-party risk. Again, banking/finance and retail enterprises have been taking up this key tenet of resiliency; medical firms and healthcare organizations should follow suit. Interestingly, another data breach last month literally at the convergence of healthcare and finance illustrates this point: the Commonwealth Bank of Australia's CBHS health fund suffered a data breach due to the security failures of an unnamed third-party firm. Fortunately, financial data and medical details were decoupled from the breached records—as a result, no member health information, bank account numbers, or logins/passwords were compromised.

In short, even the most well-respected and secure organizations can and will fall victim to cyber attacks, either due to their own direct security failures or unchecked third-party risk. UpGuard's resilience platform was designed to monitor for flaws in IT environments that could lead to data breaches and security compromises: misconfigured web server permissions, open ports, misplaced files, and more. Additionally, our CSTAR resilience scoring enables organizations to determine if third-party vendors are impacting their security posture negatively. To learn more, give UpGuard a spin on us or try out our risk grader for free today.

Get the Digital Resilience eBook

*Countless patients are in need of a life-saving gift that only takes about an hour to give, so please consider paying your local blood donation center a visit this holiday season.

More Articles

The Amex Partner Data Breach and Downstream Liability

If you're one of its 140 million cardholders around the globe, American Express wants you to know that your data is safe. The data breach recently announced by the U.S.' second largest credit card network reportedly involved a partner merchant and not Amex itself.
Read Article >

The Nightmare Scenario: When Your Security Provider Becomes a Security Problem

You’ve spent months with your team designing your company’s security strategy-- you’ve demoed and chosen vendors, spent money, and assured your users that this investment will pay off by keeping their business safe.
Read Article >

Top Retailers Who Should Know Better

The following is a list of 11 online retailers who really should know better when it comes to security.
Read Article >

Share this post: