Creating a balanced approach to cybersecurity in health care is especially challenging due to limited budgets and resources. There is a consistent theme in initial meetings with hospital security teams: How do we do more with less? At the same time, teams recognize that cyberattacks are becoming more sophisticated and increasing at an unprecedented rate. The consequences of this combination can be devastating from an operational and patient care standpoint.
How can you address these challenges? First, you need to evaluate the maturity of your security operations center (SOC) to identify and prioritize areas of opportunity that can help you detect and respond to cyberthreats faster.
Cybersecurity Challenges for Health Care SOCs
Let’s take a deeper dive into the challenges surrounding the cybersecurity industry.
First, Cybercrime-as-a-Service (CaaS) is estimated to generate more than $1 trillion in annual revenue. Research also demonstrates that the longer an attacker remains undetected within an organization, the more damaging and expensive that incident becomes. While mean time to detect (MTTD) rates have been improving, there is still a long way to go. A 2018 report by Mandiant indicates that threat actors were present on victims’ networks for a median of 101 days before being detected.
In addition to threats, your health care organization also faces the challenge of compliance with evolving standards for cybersecurity, data protection, and privacy. This includes complying with mandates such as the Health Information Technology for Economic and Clinical Health (HITECH) Act, the Payment Card Industry (PCI) Data Security Standard, and the Health Insurance Portability and Accountability Act (HIPAA) of 1996.
Coupled with the growth of new technology paradigms, including public and private cloud infrastructure, software as a service (SaaS), bring your own device (BYOD), mobile computing and the Internet of Things (IoT), the task of creating an effective SOC can be daunting.
Shift From Prevention to Detection
So, where do you begin?
Legacy approaches to addressing the cybersecurity challenge have been prevention-centric, focused on access control and blocking known threats. While this is important and necessary to thwart traditional known attacks, this approach alone is not effective.
Legacy solutions are ineffective at preventing emerging and advanced threats, stopping socially engineered attacks, and containing insider threats. To effectively evaluate the maturity of your SOC today, you must shift your focus to detecting and neutralizing threat actors as quickly as possible. This will help you reduce the business impact on your hospital or health system.
Today, your focus on cyberthreats should expand from simple prevention to acknowledging the reality that attacks will occur. You can mitigate the risks by improving your MTTD and your mean time to respond (MTTR). For example, research by the Aberdeen Group determined that decreasing the dwell time of a threat actor to seven days and one day, respectively, lowers the business impact significantly.
Assess Your Security Operations Maturity
Understanding the current maturity of your organization’s security operations can help you prioritize how to take steps to improve the efficiency and effectiveness of your security operations. Recognizing this, LogRhythm has developed a Security Operations Maturity Model (SOMM) to help you assess your organization’s current maturity and plan for improvements over time.
LogRhythm’s SOMM provides a logical progression of technology and process improvements. When followed, this model will help you accelerate reductions in MTTD and MTTR.
As the maturity improves, your hospital or health system will realize improved effectiveness resulting in faster MTTD and MTTR. These reductions in MTTD and MTTR significantly decrease the risk of your organization experiencing high-impact cybersecurity incidents.
The following figure provides an illustrative example of MTTD and MTTR reductions as maturity improves.
In addition to the resources referenced in this post, you can also use LogRhythm as a resource to provide an outside assessment of the current maturity stage of your security operations. Contact us to schedule an initial discovery call and review questions regarding the maturity of your health system’s security operations.