Many people have opined that this year could be the year of the healthcare hack, much like 2014 will be known for the Sony debacle. But these hacks are not about curious kids hacking around in their parent’s basement. They have not been for a good while now. Though you will from time to time come across someone actually doing things for fun, the breaches are now, more than ever before, about finding holes, exploiting vulnerabilities and…cashing in. Hackers are holding information hostage, getting organizations to pay in order to recover lost data or to avoid the scope of a breach becoming public knowledge. But the cost to organizations is not all wrapped up into the ransom side of things.
Healthcare organizations are also funding information technology initiatives, either to recover from a breach or in an effort to not become the latest victim of one. How much funding is involved? A lot.
To the tune of roughly six billion dollars per year, in the healthcare sector alone. Yes, that is billion, with a big B.
Where is it all going? Well, if you have ever sustained an attack, or known someone who has, you know it’s a pricey proposition. The vast majority of victims engage a 3rd party to come in and help get your business back online. That’s not cheap, but generally it’s the smart play. The firm may also enlist that group’s help to perform a system audit in order to identify any weaknesses in the network and address them, to make sure there won’t likely be another breach.
What does it all mean? It’s hard to make any network un-hackable, but any CISO worth their weight is going to do their best to make their network unattainable. My own mantra was, we wanted our network resilient enough that, should someone find their way in, you’d have an inclination to hire them and switch them from blackhat to white. Regardless, you want to use your budget wisely, whether that means hardware, software or testing and training. But you’d much rather spend proactively and work hard to stay ahead, as opposed to shelling out thousands if not millions to recover from a breach that could possibly have been avoided.
After all, wouldn’t you rather have control over where your budget gets spend, as opposed to some 3rd party (hacker) forcing your budgetary hand?