Over the past few years, hackers have focused heavily on health care businesses, holding medical records and other sensitive data ransom for their high value. Health care facilities are considered easy targets because their security infrastructures are typically less sophisticated than those guarding financial information. These organizations are often slow to recognize or react to breaches as well. In 2017, 477 health care data breaches were reported and it took an average of 308 days for those organizations to discover they had been breached. The risk of adequate security is twofold: organizations that fail to adhere to HIPAA compliance standards are not only the prime targets of bad actors and millions in ransomware demands, they also run the risk of millions of dollars in fines.
With 43% of attacks initiated from inside the network, it’s clear health care organizations need to put more emphasis on security inside the perimeter. However, complexity, budgets and resources are often to blame for the lack of intrusion detection and more proactive security approaches. And without more advanced and expensive automation tools, a more proactive stance to security can be very resource intensive.
Organization Lacking Skillset, Budget
When 2018 kicked off with several high-profile health care-related data breaches, a Midwest health care provider decided it could no longer take a reactive stance to network security. Knowing their business was a prime target for hackers, the organization’s IT team first purchased three next-generation firewalls, one for each of their locations. However, their team was quickly overwhelmed with firewall set up and maintenance requirements. Already pushed to the limit with daily HIPAA compliance activities, the planned post-firewall deployment of IDS/IPS technology would certainly require additional headcount with a new skill set. With little room in the budget for new hires, the firm had to find an alternative to doing it all themselves.
Peace of Mind with Managed Security
Nitel’s managed security service allowed them to offload firewall confirmation hardening and ongoing management to Nitel and quickly move to the proactive security stance they were seeking. Layering managed security testing and incident response provided periodic validation of the overall security posture of the environment while providing peace of mind that the proper expertise was on staff should a breach occur.
In choosing Nitel, the health care provider benefited from Nitel’s experience in securing and managing firewall platforms and Trustwave’s managed threat detection. This solution not only made HIPAA compliance easier to meet, but afforded them the proactive 24X7X365 network monitoring and management they required, but were not staffed to provide. The organization greatly improved their ability to prevent malicious activity and should a breach occur, they now had the expertise in place to quickly detect and remediate the intrusion. With managed threat detection and operational expense, the health care provider was able to stay within their 2018 capital budget.
With the stakes higher than ever, many organizations are looking to include detection, testing and remediation capabilities in their security solutions. Many of these organizations lack skill sets, time and budget, opening the door for managed security.
Looking for more resources on the health care industry? Check out our other blog posts: