Healthcares Response to Security Events

Response time is important no matter the context. Trauma response time could mean life or death. The response time in the stock market could be the difference in a company’s fiscal quarter. Response time is the difference between a sale and no sale. Response time simply put, is the key to success. Some of us may have been genetically cursed with sausage fingers. However, other individuals were blessed with very nimble and accurate fingers. It now takes a hacker less time than ever before to getting access to a targets network. For that reason, response time has never been of greater importance – especially for healthcare.  

Let’s start with the worst-case scenario – your organization gets targeted by a nation state. That sucks. According to an article published by CPO Magazine backed by research from leading cybersecurity firm CrowdStrike, Russia has the fastest ‘breakout time’ (time to get access) – which is astounding – with only 19 minutes. North Korea takes second place at about 2.3 hours, followed by China at 4 hours. CrowdStrike noted that it takes the average independent cyber-criminal about 9.5 hours, with the best of the best being able to gain illicit access to a targets network anywhere in between the 2-4-hour range.  

Granted a large majority of us aren’t going to be considered “big game” to the hunters (nation states) of the cyber-criminal world. However, response time is crucial because even though those times might seem like there is nothing we can do, those times only portray the time it takes to get access – not full control. Infact, numerous studies have shown trends that show a company’s data isn’t exfiltrated until days after the initial breach. In an article posted by Varonis, backed by research from IBM, it takes companies about 197 days to identify and another 69 days to contain a breach. For companies who can contain a breach in under 30 days, they can expect about $1M+ in savings, compared to those who don’t. With the average health record selling for anywhere between $250-$1000 it’s easy to see how quickly a hacker could quickly do catastrophic damage to a healthcare system.  

Imagine what it would be like to know in under a minute that an incident has occurred and within 15 minutes, be talking on the phone with a team member to carry out a plan of action. Within a couple of days at worst, the incident would have been managed, detected, and responded to well beyond the 250+ day current average. Now imagine hearing that it isn’t going to totally disrupt the budget the financial team set in place. Those are all in practice today with the clients of Steel Patriot Partners. We bring solutions, especially for the healthcare industry, that make cybersecurity, compliance, and financial headaches a thing of the past.  

If you are wondering on where to start the conversation, simply reach out to one of our security experts at your convenience. Our passion extends far beyond cybersecurity. The empowerment that comes from education, the unity in securing our digital community, and the partnerships we form as a result are what truly drive us. Cyber security, compliance, MDR, or any other topic regarding the protection of your patient/client data doesn’t have to be as elusive as it’s often cracked up to be. Just give us a follow on social media (FacebookTwitterLinkedIn), send us an email, give us a call at 703-297-4405 or contact us directly! Regardless of the method you choose, we look forward to hearing from you and – as always, we appreciate your time for reading this content! Stay blessed and stay secure!