Cyber Resilience in Healthcare: How to preserve Health Data Privacy

by in Security

From May 18th to the 20th, the CyberRes Voltage team attended the H-ISAC Conference, “Secured in Paradise”, in Naples, Florida, as part of our CyberRes gold-level sponsorship. The overarching theme throughout the conference was the importance of the shift from Cybersecurity to Cyber Resilience, especially in healthcare. As mentioned on day one during the "Protecting the Enterprise in the Age of Supply Chain Attacks" session, criminal activity is intrinsic in society; cyber is simply the new vehicle of choice for these attacks. The healthcare sector has become a target for attacks because of the value of patient data, and it is not if but when you will be subject to a cyber-attack. Cybercriminals are everywhere, and ransomware is out there, which means your health data is at risk if not protected. 

One of the speakers, Jim Routh, mentions that in healthcare, the “crown jewels” data, consumer patient health information, makes up about 80 percent of the data in the enterprise. Crown jewels data are defined as the most valuable data, personal data (PI/PII) and protected health information (PHI), as well as payment card information (PCI). With the shift towards cloud, big data, and machine learning, how can you ensure the protection of your sensitive health data? 

The shift from Cybersecurity to Cyber Resilience in healthcare 

In one of the opening virtual sessions, "Cyber Resilience in Healthcare," we saw how the shift towards Cyber Resilience is becoming a pressing concern to those in healthcare. The session speaker spent time defining Cyber Resilience as:

  • The ability to continuously deliver intended outcomes despite adverse Cyber Events
  • The aggregation of Information Security, Business Continuity, and Organizational Resilience 

However, what are the main differences between Cybersecurity and Cyber Resilience? The differences identified during H-ISAC are:

Cybersecurity

Cyber Resilience

  • Protect the IT system(s)
  • Fail-Safe
  • Scoped to just the IT system(s)
  • Ensure delivery of the business function
  • Safe to fail
  • Scoped to include the associated business processes

In summary, traditional Cybersecurity programs are not enough anymore to protect sensitive patient data, and therefore the shift in healthcare towards Cyber Resilience is crucial. 

How to get started on a Cyber Resilience program? Throughout H-ISAC, CISO’s mentioned the importance of cybersecurity fundamentals and how these are the foundation of any successful Cyber Resilience program. They all agreed that knowing the location of the sensitive data is crucial to any company's success. Completing a crown jewel analysis for data discovery and insight is the first step on your journey towards Cyber Resilience, and this is where the Voltage Data Privacy and Protection portfolio can help. 

How Voltage has you covered 

As you are going through your Crown Jewel analysis, some data elements related to an individual or transaction may not be strictly regulated sensitive data, but in combination with other data (e.g., in an analytics environment) can identify that individual and is therefore also highly valuable to cyber-attackers. The Voltage data privacy and protection portfolio has you covered from data discovery to data insight, protection, monitoring and minimization. For more on protecting PHI in an analytics environment, be sure to watch Phil Sewell’s H-ISAC speaking session called "Preserving Health Data Privacy in the Age of Cloud Analytics."

Cyber Resilience in Healthcare

Find out more: Multi-National Pharmacy Retailer Case Study 

For a multi-national pharmacy that processes hundreds of millions of retail transactions per year, prevention of a data breach and protection of sensitive customer information is critical. Moving to Microsoft Azure cloud, the pharmacy uses Voltage SecureData in its point-of-sale and e-commerce systems: Voltage protects Azure-stored customer data in use, in transit and at rest. This has slashed audit and data breach risk, and Voltage’s smooth integration with Azure assures successful cloud deployment. Learn more in our Healthcare case study. 

Let us know how we can help you by getting in touch with the Voltage team through your account representative or our contact us form.

Have technical questions about Data Security and Encryption? Visit the Data Security User Discussion Forum. Keep up with the latest product announcements and Tips & Info about Data Security and Encryption. We’d love to hear your thoughts on this blog. Log in or register to comment below.

Labels:

Data security and encryption
Anonymous