Healthcare providers obtain and maintain vast quantities of personally identifiable information (PII) as well as protected health information (PHI). Having access to both PHI and PII comes with a long list of responsibilities and regulations to secure that information. Unlike other industries, healthcare providers must offer the right access to that information to ensure that they make the right decisions for treating the patient.
Access and retention of that information means that hospitals and other health care providers are at an elevated risk for potential cybersecurity attacks. Attacks that range from classic trojans to gain access, destructive malware to destroy access and, increasingly, ransomware to prevent access to patient information.
The Health Insurance Portability and Accountability Act (aka HIPAA), the U.S. law of limiting access to patent information, provides the guidelines and rules around access. Yet HIPAA also enforces costly penalties for providers whose networks or data stores are breached.
When breaches do occur, they can hurt both the financial stability and perception of the provider. In October 2018, Anthem was fined $16 million in a record HIPAA settlement for a data breach that occurred in 2015. Anthem was held responsible for not protecting the PHI and PII information of close to 76 million patients.
Recently, a hospital that engages with about 200,000 patients annually sought to augment its existing security team. It needed a better solution to reduce false a large volume of positives, increase security and pass compliance-required penetration testing.
The security team deployed BluVector® Cortex™ as a managed service to provide it with an AI-driven network security platform to detect fileless and file-based threats. The solution helped the team reduce the volume of false positives, enhanced its capabilities to detect threats and extended its operational capabilities with a 24×7 management team of highly skilled threat analysts.
By adding BluVector as a managed service, the hospital enabled its existing security team to focus on what matters most – responding to legitimate security attacks and ensuring the security of the information within its networks. It also accomplished three notable successes when facing its greatest challenges:
- The hospital passed its compliance-required penetration testing
- The hospital maintained 24×7 security without requiring additional personnel, resulting in a higher level of cyber-readiness for less cost
- In the first 30 days, BluVector discovered existing compromised hosts and detected multiple file-based attacks that were quickly highlighted for resolution