Guest post by David Thompson, senior director, product management, LightCyber.
Healthcare organizations are stuck between being an ever increasing target of a data breach and generally having less security resources than a comparable enterprise. It’s a classic situation of needing more with less, with all of the urgency of a full-scale crisis.
Now it’s not uncommon to see the same organization suffer its second or third data breach, and patience (patients too) are wearing thin. At the same time, we know that many organizations have intruders that are lingering and have stayed hidden for a year or more. It’s possible the cybercriminals are using an undiscovered foothold in one organization to get to another within the same health or provider network.
Almost without exception, healthcare organizations of all sizes seem helpless to be able to stop a data breach. Stopping a breach means different things to different people, and that is part of the problem. A good portion of the industry is still focused on completely keeping an intruder from getting into their network. This is a fool’s errand and simply not achievable. Motivated attackers will find a way into any given network. Some professional vulnerability contractors will guarantee that they can break in to your network within two days. There are far too many ways for an attacker to get in, particularly through an employee account or computer.
So, you can’t keep a network intruder out, but you can try to detect their presence as quickly as possible. Almost all healthcare organizations currently lack this capability, but some newer solutions and procedures are showing great promise in making the speedy detection of a network attacker a reality. The good news is that these approaches might only require an hour or two of personnel time each day—and sometimes quite a bit less than that—so it is well within the means of a small healthcare IT group that wears multiple hats and is always pulled thin.