The Cyber Theft Threat in Healthcare and how Service Providers can Transform Risk to Reward
You went to the hospital to get your appendix out and one week later your identity was taken from you as well. How did this happen? In their 2017 Data Breach survey, Verizon found that ransomware has jumped up from the 22nd most common type of malware in 2014 to the 5th most common. The report also discovered that 72% of all healthcare attacks in 2016 were ransomware and the only industry targeted more than health care is financial services.
Small hospitals, doctor’s offices, and clinics do a great job at making us well, which is their primary focus. Cyber-attacks on electronic health records have historically not been top of mind. Although the black market value of a health record is decreasing as compared to other stolen assets such as credit cards or social security numbers, it is still considered more profitable for the cyber-criminal. Healthcare entities have taken small steps in protecting sensitive data, but attacks continue to get more and more complex and can initiate from both the outside and inside of an organization. Just as small enterprises everywhere are searching for ways to shore up their protection and avoid business disruptions, healthcare organizations have an obligation to protect their business and their patients’ sensitive information. Hospitals and doctors’ offices need help keeping their data secure.
While that is concerning enough, the medical scare also goes a level further and could become a matter of life and death. What would happen if someone hacked into your pacemaker or insulin pump? Cybersecurity expert Josh Corman, in a recent ABC news article, shared findings from a yearlong investigation citing that “about 85 percent or more of the hospitals don’t have a single qualified security person on staff.” Add that to the fact that the operating computer is using an old, unsupported system like Windows XP and you have a lethal combination. The threat is so real that former Vice President Dick Cheney revealed on CBS’s “60 Minutes” in 2013 that he had the wireless capability on his pacemaker turned off.
Good help can be hard to find, especially when it comes to experts in the complex field of cybersecurity. Carriers who already are experienced (either by themselves or with partners) in protecting their infrastructure and offering services to small and medium business can benefit from new revenue streams by offering security solutions to the healthcare sector.
A Prime Opportunity for the Service Provider – How to get started with MSSP
There are three major ways a Service Provider can get into the business of selling an MSSP service:
- White label an existing service. This is the least risky of the options, and requires no upfront capital. It’s also the fastest way to bring a service to the market. The carrier gets to focus on sales, marketing, and back-office support, but delegates the security expertise and the technology to a partner. This can be sold as a part of connectivity or compute/storage services as part of a high-value bundle.
- Build your own service. This takes the most time, capital, and resources, but also offers the highest margins and overall NPV. If you have an in-house IT team that can operate and manage a network security solution, you can maximize your return on investment.
- Get the best of both worlds. A third option is to start with a white-labeled service before transitioning to managing it in-house. You forego large capital expenditures up front so you can focus on marketing and selling the service while building back-office operations and expertise. You’ll be able to quickly serve customers and gauge enthusiasm while planning to migrate operations in house over time to recognize the large profit streams in the later years.
This is the third in a series of papers from Radware on the topic of the Compelling ROI for Service Providers offering Security Services.