In my previous blog post, I observed healthcare’s vulnerability to advanced information security threats and cited highly reputable sources reporting that in 2015, over 1 in 3 United States citizens had their personal information breached through a medical or healthcare business. And this escalation of breaches and threats are occurring at the very time when the healthcare industry is consolidating, looking to reduce overall cost structures, particularly in areas not directly related to patient care. This means fewer dollars per patient related to safeguarding protected health information. In fact, according to a Booz | Allen | Hamilton Security Survey in 2015, the greatest information security workforce shortages are in healthcare and education. This is a dangerous recipe for each of us as patients and for the industry at large.
So what is the healthcare industry to do ? Realistically, banks and financial services companies will continue to easily outbid healthcare for information security talent. Even when an information security professional joins a healthcare company, we intuitively know they may well leave at any time to today’s high bidder.
Increasingly, Managed Privacy Services (MPS) and Managed Security Services are being used by leading care providers to protect patient information held in Electronic Health Records, healthcare applications and other systems. Managed Services providers can employ top privacy, compliance and information security talent because they provide a career path. Healthcare companies using these services realize they are unable to scale their privacy and security staff and look to the outside from a trusted source for help. The MPS teams work closely with the staff of the care provider to evaluate potential incidents, providing core healthcare teams tremendous leverage.
FairWarning’s Managed Privacy Services division has grown 100 % + for three consecutive years for simple reasons. We can employ best of class talent in 1) Advanced Threat Detection, 2) EHR audit data, 3) Governance and 4) Product usage for a dramatically lower price and higher reliability than a care provider can possibly achieve.
FairWarning Managed Privacy Services personnel are organized into teams so that an expert in each of the above areas participates in the safeguarding of a care providers Electronic Health Record as well as other applications which contain protected health information. Threats to PHI have evolved to include identity theft, IRS Tax fraud, medical identity theft and now nation-state espionage. No CEO and Board wants to answer to the press regarding medical identity theft involving their patients, but today’s game changer is that CEOs and Boards increasingly have the responsibility to respond to nation-state attacks involving their patients in which another country steals vital information about a patient that may be in a position of Federal employee, Federal contractor, diplomatic services, key person in a technology company or privy to industrial secrets. Nation-states are putting together dossiers of exactly these kinds of individuals in order to compromise the United States.
FairWarning MPS teams runs advanced visualization, statistics and trending reports to identity data signals that identify advanced threats such as:
- Compromised User Credentials
- Identity Theft
- Medical Identity Theft
- General Misuses of PHI
Care providers have a legal, ethical and moral obligation to also ensure patients are not subject to the age-old “snooping” problems and that needs to be carried out. But yesterday’s snooping problems are a pittance compared to modern information security crimes. In some cases, healthcare providers use their own team to conduct traditional snooping but look to an expert firm for monitoring for advanced threats.
Managed Privacy Services and Managed Security Services is a trend that will continue in healthcare.