How you can win against phishing and ransomware
As breaches and data theft continue to roil healthcare, providers and payers have gotten more serious about cybersecurity spending. But how can they be sure to deploy their dollars in the best way?
Many healthcare leaders have a check-the-boxes, compliance-driven mindset, which can prevent the C-suite from thinking about and seeing a more comprehensive view of cyber defense. Healthcare executives certainly know about threats like phishing, denial of service and ransomware; but they know less about what specific risks they face as an organization and which of the myriad of security controls are best for them. Compliance-driven programs drive this lack of understanding about specific risks.
Accenture research into healthcare cybercrime reveals a problem growing both in scope and cost. Our research shows the average cost of cybercrime to each individual healthcare company is $12.5 million a year! Whether managing incidents themselves or spending to recover from the disruption to the business and customers, organizations are investing on an unprecedented scale—but current spending priorities show that much of this is misdirected toward security capabilities that fail to deliver the greatest efficiency and effectiveness.
Here’s a three-prong strategy for smart cybersecurity investment:
Be brilliant with the basics – It’s hard to say you have your bases covered or you have managed your risks effectively if you can’t say with reasonable certainty where your assets lie, or what you are concerned with protecting.
In short, take stock of what you’ve got, and the threats and risks associated with that. Take inventory of the assets most important to your organization, not just data but hardware, software and infrastructure. Then plot out the best way to protect them. That includes doing vulnerability management, patching your systems timely and other baseline elements of alert cybersecurity.
Invest in innovation – Healthcare organizations that are serious about the battle against cybercrime are driving to deploy real-time, risk-aware controls using AI and analytics. These tools facilitate security that learns over time, adapting both to an organization’s emerging needs and ever-lurking threats.
In my work as a consultant, I see leaders in healthcare cybercrime prevention incorporating advanced algorithms in real time to effect behaviors throughout their enterprise. It can be on the network layer, the application layer or wherever a potential threat may lie. As with innovation generally, early adopters here will be well positioned.
Be transparent with customers – There is a hidden cost to cybercrime for healthcare that boils down to the all-important issue of trust. Accenture research finds that after consumers experienced medical identity theft because of a healthcare data breach, one in four patients changed providers and 21 percent of consumers changed health insurers. These defections represent a potentially significant revenue impact.
The flip side to this is customers understand the cybercrime threat, and respond positively when providers take action. The research shows that three-quarters of consumers reporting breached data say the issue was handled “very well” or “somewhat well” by the organization holding their data. Four in 10 add they even gained trust in the organization from this experience.
Invest in building that trust, through openness, through outreach and by keeping consumers informed of cybersecurity protocols you put in place. While you can’t stop breaches from occurring entirely, you can mitigate the damage by being proactive and vigilant in a way your customers will appreciate—and value.