The Cyber Theft Threat in Healthcare and how Service Providers can Transform Risk to Reward
You went to the hospital to get your appendix out and one week later your identity was taken from you as well. How did this happen? In their 2017 Data Breach survey, Verizon found that ransomware has jumped up from the 22nd most common type of malware in 2014 to the 5th most common. The report also discovered that 72% of all healthcare attacks in 2016 were ransomware and the only industry targeted more than health care is financial services.
Small hospitals, doctor’s offices, and clinics do a great job at making us well, which is their primary focus. Cyber-attacks on electronic health records have historically not been top of mind. Although the black market value of a health record is decreasing as compared to other stolen assets such as credit cards or social security numbers, it is still considered more profitable for the cyber-criminal. Healthcare entities have taken small steps in protecting sensitive data, but attacks continue to get more and more complex and can initiate from both the outside and inside of an organization. Just as small enterprises everywhere are searching for ways to shore up their protection and avoid business disruptions, healthcare organizations have an obligation to protect their business and their patients’ sensitive information. Hospitals and doctors’ offices need help keeping their data secure.
While that is concerning enough, the medical scare also goes a level further and could become a matter of life and death. What would happen if someone hacked into your pacemaker or insulin pump? Cybersecurity expert Josh Corman, in a recent ABC news article, shared findings from a yearlong investigation citing that “about 85 percent or more of the hospitals don’t have a single qualified security person on staff.” Add that to the fact that the operating computer is using an old, unsupported system like Windows XP and you have a lethal combination. The threat is so real that former Vice President Dick Cheney revealed on CBS’s “60 Minutes” in 2013 that he had the wireless capability on his pacemaker turned off.
Good help can be hard to find, especially when it comes to experts in the complex field of cybersecurity. Carriers who already are experienced (either by themselves or with partners) in protecting their infrastructure and offering services to small and medium business can benefit from new revenue streams by offering security solutions to the healthcare sector.
A Prime Opportunity for the Service Provider – How to get started with MSSP
There are three major ways a Service Provider can get into the business of selling an MSSP service:
- White label an existing service. This is the least risky of the options, and requires no upfront capital. It’s also the fastest way to bring a service to the market. The carrier gets to focus on sales, marketing, and back-office support, but delegates the security expertise and the technology to a partner. This can be sold as a part of connectivity or compute/storage services as part of a high-value bundle.
- Build your own service. This takes the most time, capital, and resources, but also offers the highest margins and overall NPV. If you have an in-house IT team that can operate and manage a network security solution, you can maximize your return on investment.
- Get the best of both worlds. A third option is to start with a white-labeled service before transitioning to managing it in-house. You forego large capital expenditures up front so you can focus on marketing and selling the service while building back-office operations and expertise. You’ll be able to quickly serve customers and gauge enthusiasm while planning to migrate operations in house over time to recognize the large profit streams in the later years.
This is the third in a series of papers from Radware on the topic of the Compelling ROI for Service Providers offering Security Services.
Read “Cyber Economics: Validating DDoS Managed Service Delivery Models” to learn more.
Louis Scialabba is Director of Carrier Solutions Marketing for Radware and is responsible for leading network security and application delivery marketing initiatives for wireless, wireline and cloud service providers. Mr. Scialabba has 21 years of experience in the communications and networking industry in a variety of roles, including Solutions Marketing, Sales, Business Development, Product Line Management, and Engineering. Prior to joining Radware, Mr. Scialabba spent much of his early career at Tellabs, where he was Director of Mobile Routing Technology Planning for the 8600, 8800, and 9200 product lines. He later became the Head of North America Marketing for Aviat Networks. Mr. Scialabba earned a Bachelor of Science degree in Computer Engineering from the University of Illinois and a Master of Business Administration degree from St. Xavier University in Chicago.