A large hospital group with 60,000 users experiences a data breach.
Patient records are offered for sale on the “Dark Web” and the provider has to track down the source of the breach. Management at the provider starts an investigation, which requires a team of staff to review potentially hundreds of different applications and the access rights of countless vendors and other third parties.
Traditionally, health care data breaches and the ensuing investigations were managed reactively. For example, an outside agent accesses information in a criminal manner, offers it for sale and the company finds out about the issue from the authorities. Or maybe their internal IT discovers irregularities, but it’s well after the theft occurs, so the company has to piece together what happened.
An industry shift from a reactive to proactive approach is key to reducing breaches.
Contrast the challenges facing health care providers with banking institutions.
With a bank, there is typically a core application that manages transactions between both the customer and the bank. There might be some other related applications, but the main application provides structure and accountability to various processes. In a health care setting, such as a larger hospital group, there could be hundreds of applications in use simultaneously. Each one might have different data set standards, and there may be little to no interconnectedness between the solutions.