Wade Baker is an information security leader with a passion for figuring things out and making things work at all layers. He has a particular penchant for analyzing and sharing info/intel to support better decisions, products and practice. His ongoing quest is better information for better information security.
He is responsible for leading cybersecurity product strategy, research and intelligence at Verizon Enterprise Solutions. He also oversees ICSA Labs, an independent division of Verizon focused on security product assurance and Health IT testing and certification. Baker is best known for creating and leading Verizon’s Data Breach Investigations Report series.
The threat landscape is always evolving. Data has changed the way healthcare does business. Innovations in mobility, cloud and machine-to-machine (M2M) technology has allowed organizations to expand their scope of services, reach underserved populations and improve coordination of care, but they’ve also created a host of new security concerns — changing the nature of the threats organizations face and how they need to protect against them and how you protect against them.
Q: How is the evolving cyber threat landscape affecting healthcare?
A: From research used to produce the Verizon Data Breach Investigations Report, we’ve identified three main areas of concern for healthcare organizations: physical theft/loss, insider misuse and miscellaneous errors.
Forty-six percent of the security incidents we analyzed resulted from the loss of sensitive information assets such as laptops, hard drives and paper files. While this may seem to be less of a cyber crime than most other attacks, the key is knowing how to reduce the impact to your patients and your organization when things do go missing.
A further 15 percent of incidents were attributed to insider and privilege misuse, typically leveraging the corporate network. And another 12 percent were the result of simple mistakes that compromise security, like posting private data to public websites, sending information to the wrong recipient and failing to properly dispose of documents.
Q: What steps can you take to mitigate your risk and protect your assets?
A: The primary root cause of incidents resulting in a loss of sensitive information assets is carelessness of one degree or another. Accidents happen. People lose stuff. People steal stuff. And that’s never going to change. But there are a few things you can do to mitigate that risk. Encrypt devices; yes, the asset is still missing, but encryption will save a lot of worry. Keep devices with you; encourage employees to keep sensitive devices in their possession and in sight at all times. Back them up; regular, and preferably automatic, backups can salvage irrecoverable work, get you productive again on a new device and establish what data has been lost. Lock it down; secure equipment to immovable fixtures or create a separate, secure area where the data can be housed.
Q: How can you reduce the impact of cyber attacks?
A: It’s a fact all businesses must face: Cyber attacks happen. And they happen often, threatening data of all types. Anticipating when an incident might occur and assessing whether you’re prepared to defend against it can make all the difference. To do this effectively, your incident response plan is essential. Can you stop a breach before it impacts your business? There’s only one way to be certain; periodic testing to verify your plan is well coordinated and effective. It’s no longer safe to assume. You’ve got to know your plan works. If you are in any doubt, then talk to one of our Verizon Security experts who can help run simulated executive data breach scenarios to test and assess your incident response plan and give you that peace of mind.
Q: How can Verizon assist?
A: The best healthcare should be affordable and accessible to everyone. But with skyrocketing costs, disparate information systems and ever-changing regulations, that’s easier said than done. Healthcare providers are continually looking for ways to improve patient care. And so are we. We work with the best minds in the industry, using the latest technologies to develop solutions that address difficult challenges like protecting patient data. Our proven, secure and affordable tactics connect clinicians with patients, providing real-time access to care from virtually anywhere.
