Healthcare security is still pretty abysmal, but companies that are investing in it are starting to see a return on investment and have a competitive advantage.
Ben Johnson, chief security strategist at Carbon Black, told Infosecurity that US healthcare providers offer security as a sign of a competitive advantage in the USA, and those providers are perceived to be better if they talk up their security.
“It is not that mature, but it is becoming a big topic for CISOs and CIOs to know that the people that they do business with are relatively secure,” he said.
Johnson said that the two main problems with healthcare are a fear of anything connected to a human and you install software on it, then it will affect the person.
“But the problem is that they are not ready to try and secure the systems,” he said. “They try to do an update, but they are concerned that an attacker may be able to get to it.”
He said that the second is that there is so much consolidation and acquisitions, especially in the USA, that there are completely different IT systems which are integrated and different variants of IT systems, and with so much diversity it is difficult to manage.
“It is like your goalkeeper is also playing cricket and playing basketball,” he said. “We see more teeth in the US for breaches, but there is definitely a different view of security culture.”
David Flower, EMEA vice president and managing director of Carbon Black, commented that insurers are putting elements of this into their premiums. Healthcare security took a major hit 12 months ago when Premera and Anthem suffered major breaches of customer data.