According to IBM’s Cost of a Data Breach Report released today, the average healthcare data breach has reached $10.93 million which is an 8% jump from a year ago, when the average cost topped $10 million for the first time.
For the 13th year in a row, the healthcare industry has suffered more expensive data breaches than any other sector. By comparison, the average cost of a data breach across all industries is less than half at $4.45 million.
“We’re seeing a very big increase for healthcare organizations, probably because they’re really in the crosshairs of attackers. And there is no relenting so far,” said Limor Kessem, a senior cybersecurity consultant for IBM Security.
Meanwhile, healthcare organizations have trailed other industries in their cybersecurity defenses as health systems have had trouble attracting top cybersecurity talent, because other industries pay better.
“Security folks are going to work for places where they could get the bigger paycheck, and it’s not always going to be a healthcare organization,” Kessem says. “It’s a tough industry to get very skilled staff.”
I have three comments on this. The first is from Carol Volk, EVP, BullWall:
“Work smarter, not harder. There is good affordable automation available (and coming) in the cybersecurity field. Even the best cybersecurity teams get overwhelmed by too many alerts, so there is a serious effort to automate the filtering of those “alerts” to just those requiring immediate human interaction, effectively slowing down the alert pace to a manageable, human speed. This is why the automation of detection and containment of attacks is more and more the focus. The attack is slowed or stopped before data can be affected, allowing defenders time to respond. The application of AI is expected to greatly accelerate this effort of determining what must be reviewed by humans for response.”
The second is from Emily Phelps, Director, Cyware:
“Healthcare will always be an attractive target for threat actors because of the valuable data they collect and store. Adversaries don’t only outnumber available cybersecurity pros; they collaborate effectively too. To mitigate the risks, healthcare organizations should leverage automation tools that enable lean security teams to efficiently address threats; they should ensure they invest in regular security awareness training so employees are armed to recognize and avoid common threat tactics such as phishing attacks; and they should consider partner with security providers that can act as an extension of their teams, gaining expertise that is more difficult to resource and retain internally.”
And the last is from Stephen Gates, Principal Security SME, Horizon3.ai:
“The healthcare industry is being impacted by an enormous threat landscape with vast numbers of threat actors who are looking to breach organizations’ networks, steal their data, hold them for ransom, and potentially destroy their businesses. The defensive technologies they have in place are proving to be insufficient in blocking today’s attacks. Continuously assessing your network attack surface, finding your weaknesses, remediating them immediately, and verifying that your remediations worked is the best way organizations can stay ahead of attackers. Consider attacking yourself daily, then fixing what matters most.”
The challenges with securing the healthcare space need to be fixed, and that needs to happen now. Whether that’s through automation, people, or both, the status quo cannot be allowed to continue.
Like this:
Like Loading...
Related
This entry was posted on July 24, 2023 at 6:20 pm and is filed under Commentary with tags IBM. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Healthcare Breach Costs Reaches $11M With The Sector Having Trouble Attracting Talent Says IBM
According to IBM’s Cost of a Data Breach Report released today, the average healthcare data breach has reached $10.93 million which is an 8% jump from a year ago, when the average cost topped $10 million for the first time.
For the 13th year in a row, the healthcare industry has suffered more expensive data breaches than any other sector. By comparison, the average cost of a data breach across all industries is less than half at $4.45 million.
“We’re seeing a very big increase for healthcare organizations, probably because they’re really in the crosshairs of attackers. And there is no relenting so far,” said Limor Kessem, a senior cybersecurity consultant for IBM Security.
Meanwhile, healthcare organizations have trailed other industries in their cybersecurity defenses as health systems have had trouble attracting top cybersecurity talent, because other industries pay better.
“Security folks are going to work for places where they could get the bigger paycheck, and it’s not always going to be a healthcare organization,” Kessem says. “It’s a tough industry to get very skilled staff.”
I have three comments on this. The first is from Carol Volk, EVP, BullWall:
“Work smarter, not harder. There is good affordable automation available (and coming) in the cybersecurity field. Even the best cybersecurity teams get overwhelmed by too many alerts, so there is a serious effort to automate the filtering of those “alerts” to just those requiring immediate human interaction, effectively slowing down the alert pace to a manageable, human speed. This is why the automation of detection and containment of attacks is more and more the focus. The attack is slowed or stopped before data can be affected, allowing defenders time to respond. The application of AI is expected to greatly accelerate this effort of determining what must be reviewed by humans for response.”
The second is from Emily Phelps, Director, Cyware:
“Healthcare will always be an attractive target for threat actors because of the valuable data they collect and store. Adversaries don’t only outnumber available cybersecurity pros; they collaborate effectively too. To mitigate the risks, healthcare organizations should leverage automation tools that enable lean security teams to efficiently address threats; they should ensure they invest in regular security awareness training so employees are armed to recognize and avoid common threat tactics such as phishing attacks; and they should consider partner with security providers that can act as an extension of their teams, gaining expertise that is more difficult to resource and retain internally.”
And the last is from Stephen Gates, Principal Security SME, Horizon3.ai:
“The healthcare industry is being impacted by an enormous threat landscape with vast numbers of threat actors who are looking to breach organizations’ networks, steal their data, hold them for ransom, and potentially destroy their businesses. The defensive technologies they have in place are proving to be insufficient in blocking today’s attacks. Continuously assessing your network attack surface, finding your weaknesses, remediating them immediately, and verifying that your remediations worked is the best way organizations can stay ahead of attackers. Consider attacking yourself daily, then fixing what matters most.”
The challenges with securing the healthcare space need to be fixed, and that needs to happen now. Whether that’s through automation, people, or both, the status quo cannot be allowed to continue.
Share this:
Like this:
Related
This entry was posted on July 24, 2023 at 6:20 pm and is filed under Commentary with tags IBM. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.