If there is a need for security program simplification, what’s driving that need?

The digital revolution has ushered in an understandably zealous focus on the need for security protocols to safeguard the proliferation of data, access points and devices that were unimaginable just a decade ago. As is often the case, security has had to play catch up to the new technologies. With new threats seemingly coming from every direction, the strategy has been to invest in an increasingly sophisticated set of defensive security technologies. A lot of money ― by both customers and venture capitalists ― has been thrown at the 1,000-plus security technologies in an attempt to defend against every imaginable threat. This has resulted in what I like to call a “Frankenstack” of solutions and protocols that have added more complexity to an already complex security environment without a clear connection to how these technologies are actually reducing risk. Despite significant investment, executives are still left asking: Have these investments actually reduced the risk of a cyberattack?

Where is healthcare delivery uniquely challenged with security?

Obviously, healthcare has regulatory compliance pressures that some other sectors don’t have, but there is also an interesting shift occurring in this space. There is an increasing focus on customer experience beyond the care encounter ― a new demand for digital dexterity across the organization to address how patients experience the healthcare brand at every touchpoint, from appointment scheduling to in-room services to how the patient experiences an organization’s website. Such an expanded digital focus means greater access and opportunity, but it also widens the threat landscape, which only adds to the headache of managing enterprisewide security.

And then there’s IoT. A proliferation of Internet-of-Things devices and capabilities brings a whole new set of security challenges, and healthcare organizations are playing catch up in this area. Automation doesn’t eliminate risk. Anywhere data is exchanged across the network of IoT sensors and systems, there is a risk for breach and access to critical data, which just widens your overall threat exposure.

It should also be mentioned that the security posture and threat picture vary greatly depending on the organization. The view and posture of a pharma company will be different from those of a payer organization or an integrated healthcare system.

Verizon just released its 2018 PHI Report. What does it reveal about breach trends in healthcare?

The most significant finding was that paper records are still a vulnerability for healthcare, with misdelivery, improper disposal and physical loss of records cited as the top three errors found among the 450+ breach incidents identified as specifically healthcare-related in our 2017 Data Breach Investigations Report. This just speaks to the need for healthcare systems to continue to push for enterprisewide digitization and, even more importantly, toward full integration and interoperability so that there are no “paper” workarounds for systems that can’t exchange information digitally.

How can Verizon help a healthcare enterprise simplify its approach to security?

Verizon is about to launch a cyber-risk reporting capability that will link security investment to risk mitigation. We see a real need to support enterprise businesses beyond check-box compliance to actually removing risk. What an enterprise really needs to know is where its specific vulnerabilities are ― the ones unique to its business. Our risk report capability will provide the enterprise with a risk profile based on both an outside-in and inside-out posture assessment. Having that view into its risk picture will enable the business to make more targeted investments in its security program that can help mitigate risk and deliver ROI.

A significant value of the risk report is that we don’t lead with technology. We’re looking to support enterprise by linking the findings of their risk report to best-of-breed technology and service recommendations that are unique to their risk profile and to their operation. We believe this is the best way to help businesses wade through the maze of security program decisions and build the right program.

Did you know? Verizon has a full suite of managed and professional security services and has been identified by Gartner Magic Quadrant, IDC and Forrester Wave as a leader in managed security services, digital forensics and incident response, respectively.

“There is an increasing focus on customer experience beyond the care encounter ― a new demand for digital dexterity across the organization to address how patients experience the healthcare brand at every touchpoint.”

 - JOHN LOVELAND, VERIZON ENTERPRISE SOLUTIONS

Visit us at booth #3243

About Verizon Enterprise Solutions

Verizon Enterprise Solutions helps clients improve customer experience, drive growth and business performance and manage risk. With industry-specific solutions provided over the company’s secure mobility, cloud, strategic networking, Internet of Things and advanced communications platforms, Verizon Enterprise Solutions helps open new opportunities around the world for innovation, investment and business transformation. Visit www.verizonenterprise.com to learn more.