VMware has announced a collaboration with Intel Health and Life Sciences to help global healthcare organizations better understand the current state of their security readiness.
Joining Intel’s Healthcare Security Readiness Program, VMware now offers a new complimentary service that enables healthcare IT teams to gain valuable insight into their security posture compared to the industry when it comes to breach risk mitigation. The new initiative also enables organizations to identify safeguard solutions that can be implemented to further reduce risk and improve their security posture.
In May 2016, the Ponemon Institute’s Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data revealed that data breaches in healthcare were consistently high in terms of volume, frequency, impact, and cost over the past six years. The report noted that upwards of 90 percent of healthcare organizations experienced a data breach in the past two years, and nearly half had more than five data breaches in the same period.
The report further suggests that estimates for the cost of breaches in healthcare could exceed USD $6 billion, with the average cost of data breaches estimated at more than $2.2 million while average cost to business associates in the study is more than $1 million. The report identified ransomware, malware, and denial-of-service (DOS) attacks as the top cyber threats facing healthcare organizations.
As a participant in Intel’s Healthcare Security Readiness Program, VMware offers healthcare organizations a one-hour, complimentary, confidential engagement with a security assessor to measure their organization’s technical security priorities and safeguards using a unique healthcare security maturity model. To date the model has been used by more than 60 healthcare organizations across nine countries to create a baseline against which participating organizations can measure their technical readiness across 42 security capabilities. The model also looks at administrative controls such as policies, incident response plans and business continuity/disaster recovery capabilities.
“Today’s hackers operate as professional organizations, meaning they do a lot of planning and diligence before executing attacks. This means healthcare organizations must be equally proactive and thoughtful in how we assess the security of our organizations,” said Hussein Syed, chief information security officer at RWJBaranbas Health in New Jersey. “This healthcare security readiness program gives healthcare organizations access to a wealth of actionable information, at no cost, and with very little investment of time or resources.”
Participating healthcare organizations will receive a report summarizing the findings, including their maturity level, how they compare with the rest of the healthcare industry, any gaps in their security and a multi-year plan to improve their infrastructure and security preparedness. This report can also help organizations identify where addressing a gap may also help them achieve compliance with privacy and security regulations, data protection laws and standards specific to the healthcare industry. These include the Health Information Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS), and the General Data Protection Regulation (GDPR), among others.
“VMware’s mission is to transform the cost, quality and delivery of patient care, and cyber threats are Public Enemy Number One in achieving this objective for our customers,” said Frank Nydam, vice president of healthcare, VMware. “With the free Healthcare Security Readiness Program, our goal is to empower our customers with the information they need to tighten their security controls and identify potential security blind spots in a way that is neither time nor cost intensive.”
“Many breaches including ransomware and cybercrime hacking are opportunistic, often affecting healthcare organizations that are least prepared,” said Jennifer Esposito, general manager of Global Health and Life Sciences at Intel Corporation. “Results of this program to date show a widespread of readiness for healthcare organizations across different types of breaches. Cybercrime hacking readiness results show the least prepared healthcare organization having only 25 percent of relevant security capabilities, while the most prepared has 88 percent. The average cybercrime hacking readiness to date is 59 percent, showing that the healthcare industry as a whole has much room for improvement in security and risk mitigation.”
VMware and Intel will showcase this program at the 2017 HIMSS Annual Conference & Exhibition, February 19–23, 2017 in Orlando, Fla
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]