Over the past few years, hackers have focused heavily on healthcare businesses, holding medical records and other sensitive data ransom for their high value. Healthcare facilities are considered easy targets because their security infrastructures are typically less sophisticated than those guarding financial information. These organizations often are slow to recognize or react to breaches as well. In 2017, 477 healthcare data breaches were reported and took an average of 308 days for those organizations to discover they had been breached. The risk of adequate security is twofold: organizations that fail to adhere to HIPAA compliance standards are not only the prime targets of bad actors and millions in ransomware demands, they also run the risk of millions of dollars in fines.
With 43% of attacks initiated from inside the network, it’s clear healthcare organizations need to put more emphasis on security inside the perimeter. However, complexity, limited budgets and resources are often to blame for the lack of intrusion detection and more proactive security approaches. And without more advanced and expensive automation tools, a more proactive stance to security can be very resource intensive.
Organization Lacking Skillset, Budget
When 2018 kicked off with several high-profile healthcare-related data breaches, a Midwest healthcare provider decided it could no longer take a reactive stance to network security. Knowing their business was a prime target for hackers, the organization’s IT team first purchased three next-generation firewalls, one for each of their locations. However, their team was quickly overwhelmed with firewall set up and maintenance requirements. Already pushed to the limit with daily HIPAA compliance activities, the planned post-firewall deployment of IDS/IPS technology would certainly require additional headcount with a new skill set. With little room in the budget for new hires, the firm had to find an alternative to doing it all themselves.
Peace of Mind with Managed Security
Nitel’s managed security service allowed them to offload firewall confirmation hardening and ongoing management to Nitel and quickly move to the proactive security stance they were seeking. Layering managed security testing and incident response provided periodic validation of the overall security posture of the environment while providing peace of mind that the proper expertise was on staff should a breach occur.
In choosing Nitel, the healthcare provider benefited from Nitel’s experience in securing and managing firewall platforms and Trustwave’s fully managed SIEM. This solution not only made HIPAA compliance easier to meet, but afforded them the proactive 24X7X365 network monitoring and management they required, but were not staffed to provide. The organization greatly improved their ability to prevent malicious activity and should a breach occur, they now had the expertise in place to quickly detect and remediate the intrusion. With managed SIEM and operational expense, the healthcare provider was able to stay within their 2018 capital budget.
With the stakes higher than ever, many organizations are looking to include detection, testing and remediation capabilities in their security solutions. Many of these organizations lack skill sets, time and budget, opening the door for managed security.
Looking for more resources on the healthcare industry? Check out our other blog posts:
- Healthcare Industry Checklist
- The Guys in Orange: Successfully Deploying SD-WAN in Healthcare Environments
- Common E-Rate Rural Healthcare Program Questions