search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
SOLUTION PROVIDER Q&A Sponsored Content


Navigating the Current Cybersecurity Landscape and Mitigating Risk


How are threats like ransomware uniquely impacting healthcare? Outages and downtime are literally a life-or-death situation for healthcare organizations. If a ransomware attack successfully gets to a healthcare organization that is actively providing life-supporting care, they may have no choice but to pay out the ransom if they cannot eradicate the incident before the attacker delivers on their threat. Unfortunately, we have seen healthcare facilities having to switch to paper-based systems once their IT systems, such as electronic health record (EHR) platforms, become inaccessible, and these delays cause major disruptions to operations and quality of care. Also, ePHI can give cyber criminals the ability to create a complete


identity of a person and sell that identity many times over. If a healthcare organization is at risk of leaking that data, it could have life-altering consequences for their patients well beyond the initial attack.


What are some of the differences you see between organizations that recover quickly from incidents like ransomware vs. those that don’t? The difference is in the details of an organization’s Incident Response (IR) plan, the infrastructure in place to execute on it and their ability to identify and mitigate the vulnerabilities that made the incident possible. In order to recover from incidents quickly, organizations must have


a skilled team in place - either their own, a service provider or a com- bination of the two - that is actively monitoring their IT environments 24/7 and able to identify and eradicate incidents within minutes (not hours or days). And to truly close the loop on an incident, the organization’s team should be skilled at digital forensics so they can prevent that same type of threat from penetrating their defenses in the future.


What are the key challenges healthcare organizations face when trying to mature their cybersecurity capabilities? Many organizations experience similar challenges with regard to budget, staffing and expertise. 98% of healthcare organizations spend less than 10% of their budgets on security and privacy (Healthcare cyber study for reference). Also, many of them have teams in place that do not operate 24/7, and many do not have cybersecurity specialists. You see, particularly in smaller and midsize organizations, that the IT Operations team is often also responsible for security. While these people may be skilled, the expertise required to comprehensively protect organizations from modern cyber threats takes skilled analysts, threat hunters and 24/7 monitoring.


What are you seeing in the insurance space and how are you helping healthcare orgs navigate those increasing requirements to get coverage? Healthcare is one of the top five industries filing cyber insurance claims. According to the NetDiligence Cyber Claims Study, 2022 Report, healthcare claims were 16% of all claims and 10% of ‘Total Incident Cost’ at small to midsize organizations; these incident costs ranged from $1,000 to over $11 million. Cyber insurance providers are having to raise the bar on the


cybersecurity requirements necessary for an organization to qualify for insurance. Pondurance has strong relationships with many cyber insur- ance firms and a deep understanding of their stringent requirements. While it can be challenging for a healthcare organization to meet these requirements, we appreciate that they exist because they force at least a minimum level of cybersecurity protections to be put in place and running before insurance is granted. Besides providing 24/7 security operations with our Managed


Detection and Response (MDR) services, we also offer Risk Assessment and Cyber Advisory Services that help ensure an organization meets the criteria for getting and keeping cyber insurance coverage; meets and maintains compliance mandates; and easily adapts to new regula- tions and guidelines.


What are you seeing organizations do to mitigate supply chain risk? Supply chain risk is an extremely serious issue across industries. In healthcare we saw an unfortunate example of this risk play out last year with the Kronos HR workforce management solution, which is used by many healthcare organizations. Kronos suffered a ransomware attack in December 2021 that had a ripple effect impacting the PII of thousands of employees and whether hospitals could pay and sched- ule their workforce. In order to try to mitigate supply chain risk, we’re seeing organizations


put cybersecurity requirements in their vendor/supplier contracts, such as the use of multi-factor authentication (MFA) and threat monitoring and response operations, as well as the requirement that these providers have cyber insurance. Organizations are smart to require that anyone in their supply chain have an Incident Response (IR) plan in place that is regularly updated. Some colleges and universities have made their IR plans available for review by anyone on the internet; it’s not unreason- able to ask a vendor/supplier to share their plan.


http://www.pondurance.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32