A new report shows healthcare taking the dubious honor of first place among all industries for 2015 data security incidents.
With more and more patient information being stored electronically, and medical records commanding ten times the amount paid for credit card numbers on the cyber black market, healthcare organizations have become primary targets, driving home the need for more stringent and sophisticated data security.
The second annual Baker Hostetler Data Security Incident Response Report analyzed the lessons learned from more than 300 data security incidents in 2015.
For the second year in a row, healthcare led all affected industries with 23 percent of the breach count. Rounding out the top three were financial services (18 percent) and education (16 percent).
The law firm’s report looks at causes of incidents, industries most affected, and what happens after a security incident is detected – from containment, to notification, to regulatory investigations and even lawsuits. Researchers found that companies, especially in the healthcare industry, need to be more “compromise ready.”
“Compromise ready” is defined as a company that has preventative and detective security capabilities, procedures for gathering threat information, staff training and awareness, proactive security assessments, vendor oversight, updated incident response plans, regulatory understanding, and cyber liability insurance.
SLPowers specializes in helping organizations develop capabilities in six of those critical areas. In fact, we are sponsoring two luncheons this week that will focus on incident readiness.
Dr. Jerry Dawkins is one of the nation’s foremost information security gurus. He is the author of numerous publications on network security and attack modeling, and is a regular presenter at national and international IT security conferences. Dr. Dawkins is an active Subject Matter Expert within the Department of Homeland Security’s Inter Agency Board, and remains deeply involved in the information sharing initiatives supporting the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF).
Join us for lunch, and Dr. Dawkins will guide you through a real-world incident response scenario that is sure to open your eyes.
- Are you prepared to spin up an investigation team with genuine capabilities at a moment’s notice?
- Have you been collecting event logs? Time to dive in.
- Are you prepared to go broad in identifying compromised systems? (Many companies stop when the first such system has been isolated.)
- How quickly can you restore your data in a functional and protected state?
- Do you have third-party cybersecurity specialists in the bullpen? How well do they know your systems? How quickly can they respond?
- Once all of this is underway, how will you keep senior management and the feds updated?
- Oh, and let’s not forget the breach notification plan. A quick letter that begins, “We regret to inform you . . .” is not nearly good enough.
Trust us: You don’t want to improvise an incident response plan during a crisis.
Image Source: Baker Hostetler