Proving the Business Case for the Internet of Things

Intel leads team to tackle healthcare security

Steve Rogerson
February 14, 2017



Intel has teamed up with more than 40 companies to create the Healthcare Security Readiness Program, aimed at helping prevent breaches such as cybercrime hacking and ransomware.
 
Nearly 90 per cent of health care organisations – often seen as vulnerable targets lagging in security compared with peers in other industries such as financial services – have experienced a breach in the past two years.1
 
Intel will share more about the programme and results at the Healthcare Information & Management Systems Society (HIMSS) event next week in Orlando, where Intel and multiple industry partners will run a interactive group security readiness workshop and information sharing session.
 
Through its collaborations, the Intel programme is already addressing the security capabilities of more than 60 health care organisations across nine countries, shining light on priorities across eight types of breaches and ransomware along with strengths, weaknesses and opportunities across 42 security capabilities.
 
According to the FBI, ransomware is expected to become a $1bn a year crime in 2016, up 6000 per cent from $24m in 2015. The average total cost of a breach is now $4m, with health care leading all industries in terms of per capita impact at $355 per patient record breached.
 
Ransomware, software that blocks access to data in exchange for payment, has severely disrupted health care with some infections causing health care organisations to shut down and send some of their patients elsewhere.
 
To help health care organisations understand where they stand in terms of security and how they measure relative to their peers and the industry, the Healthcare Security Readiness Program provides one-hour confidential workshops. In addition to assessing maturity, priorities and capabilities, health care organisations also learn through this engagement how their security capabilities relate to HIPAA, NIST, PCI DSS, ISO2700x, CIS and GDPR requirements.
 
"Ransomware is the highest priority type of breach, and health care organisations show a wide spread in readiness from having as little as only 17 per cent of the relevant security capabilities to having up to 85 per cent," said Jennifer Esposito, general manager of global health and life sciences at Intel. "The average readiness for ransomware across health care is only 58 per cent revealing that there is much room for improvement in security capabilities to mitigate risk."
 
The programme's findings show that even foundational capabilities such as security incident response plans are severely lacking, with only a 58 per cent average level of implementation across health care.
 
Health care organisations can supplement existing regulatory, data protection law and standards compliance activities with this additional security readiness input to inform future security decisions, reduce risk of breaches and ransomware, and pave the way for improved patient care.