Article | November 8, 2019

Data Breaches: Safeguarding Your Healthcare Organization

By Callie Guenther, Critical Start

PHI Breach Guarantee On App

Breaches are increasing – a proactive approach to data protection can help you safeguard your organization’s data.

As of June 2019, the news was not good for the healthcare industry in terms of data breaches. According to HIPAA’s mid-year Healthcare Data Breach Report, the first six months of 2019 saw the records of 9,652,575 Americans exposed, impermissibly disclosed, or stolen. That figure is almost double the number of records exposed in all of 2017. Factoring in the data breach at the American Medical Collection Agency – of which the Advisory Board’s August report cited 24.4 million patient records being exposed in the June breach – 2019 could be looking at nearly 35 million healthcare records being breached. This represents more breaches in one year than the previous three years combined.

While specific causes of these breaches are hacks, unauthorized access or disclosures, the acute shortage of cybersecurity professionals also is playing a key role. According to new research, Security Operations Center (SOC) analysts continue to face an overwhelming number of alerts each day that are taking longer to investigate, leading five times as many SOC analysts this year to believe their primary job responsibility is simply to “reduce the time it takes to investigate alerts,” which is leading to security alerts either being prioritized lower or ignored altogether.

Despite these challenges, healthcare organizations can take proactive steps to help stave off a breach. Following are some tips to get you started.

  • Conduct a cybersecurity risk assessment. Risk assessments provide a thorough threat analysis to determine where the most impactful avenues of attack might be and tests for specific vulnerabilities in those priority areas.
  • Perform a perimeter penetration assessment. Test to determine specific threat scenarios and threat actors that can impact your organization to determine how far a malicious actor can go. Restricting lateral movement is critical to your cybersecurity strategy.
  • Develop a remediation roadmap to outline the top objectives from your security assessment. Your plan should strengthen your security posture to include clearly identified steps to achieve specific objectives in key areas. These areas may include general security controls and policy review, network security controls, Windows platform assessments, privileged account access, vulnerability management processes, management of mobile devices, investigation, blocking, and response capabilities, and user awareness training.
  • Assess your security tool inventory to identify redundant or unused products, evaluate security architecture to understand proper product placement in the organization and identify pain points with current security products. In addition, conduct a cost analysis of your security product inventory to ensure you are getting what paid for.

Another step is to consider implementing a managed detection and response (MDR) solution. An MDR can aid your internal team in detecting cybersecurity threats in a particular environment. MDR performs a series of functions including analyzing the types of risks in which your organization may be exposed, helping you determine what the most critical threats are and take preemptive steps to close those doors to cyber thieves.

If you already outsource security functions, be sure to:

  • Find out how your provider deals with alert fatigue. Alert fatigue is the overwhelming volume of alerts that exceeds an organization's capability to properly triage or analyze what currently exists in the queue. Most often, the typical response is to cut off sections of priorities of alerts in which organizations decide only to deal with just the critical alerts – which can lead to breaches.
  • Gain visibility into your service provider’s operations. Find out what’s happening behind the scenes – why are some alerts ignored? What criteria are they using in deciding which alerts to deal with?

Data breaches are not going away, and in fact only seem to be growing. Taking proactive steps can help protect your organization against an attack, potentially saving your organization millions of dollars.

About The Author

Callie Guenther is a CyberSOC Data Scientist at Critical Start, a provider of Managed Detection and Response (MDR) services. Callie’s expertise in the application of data science to the cybersecurity space has helped government agencies, nonprofit organizations, healthcare organizations and the private sector prepare against cyberattacks.