2 Minute Drill: Challenges with Cyber Insurance and Third-Party Data Breaches in Healthcare
Episode 41 •
3rd July 2024 • This Week Health: Newsroom • This Week Health
00:00:00
Transcripts
This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.
Hey everyone, I'm Drex, and this is the Two Minute Drill, where we do at least three stories, at least two times a week, all part of one great community, the 229 Cyber and Risk community, here at This Week Health. Today's Two Minute Drill is brought to you by Healthcare's cybersecurity partner, Fortified Health Security, with a 98 percent client retention rate and three consecutive Best in Class awards.
Fortified's exclusive focus on healthcare cybersecurity makes them the go to partner for healthcare organizations wanting to strengthen their cybersecurity posture. Find out more at fortifiedhealthsecurity. com. Thanks for joining me today. Here's some stuff you might want to know about. Cyber insurance is one way organizations try to protect themselves from ransomware and other cyber attacks.
And there's a story in Healthcare Brew that digs into the challenges of getting that kind of insurance. Underwriters have a lot more questions for health systems because of our collective somewhat poor record. And as many of you know, the state of your program can dictate whether or not you can get insurance at all.
And even when it's offered, it's more expensive than in the past. And the price you pay is also usually dictated, at least somewhat, by how well you answer a giant list of questions about how your security program operates. In my discussion with CISOs and CIOs, it's an organization's combination of weak IS governance and an unwillingness, or sometimes lack of resources, to consistently modernize network and other equipment.
and application sprawl, along with several other issues that create more complicated environments, and more complicated environments by their nature are more difficult to secure and more difficult to operate, and all of that can lead to more expensive, more unaffordable, or even unoffered cyber liability insurance.
If you want to do this well, you'll have to make some hard decisions about prioritization. Basically, you can't say yes to everything. That means you'll have to forego some of the cool or sexy tech to better shore up your information services foundations. That's the right decision. TechTarget reports that more than a third of all third party data breaches affect healthcare, making our industry number one by a lot for that metric.
While it's obvious, researchers point out that keeping track of all third party partners with access to health system data is a critical first step. to reducing third party risk. If you don't know about it, you can't protect yourself from it. It's a real challenge, I think, in all of our organizations. See my earlier comments about reducing complexity, leading with strong governance.
And in a lot of places, it still feels like it's the IT Wild West out there. So if you're the CEO or the board, it's a good time for you to pin on your Sheriff's badge and help your teams do the right thing. And if it felt like GPT 4. 0 just got here while version 5 is in the works, you all know I love a good analogy and engineers have described GPT 3 as toddler level intelligence and GPT 4 as a smart high schooler.
but won't be delivered until:
or advisory solutions delivered through Central Command, a first of its kind platform that simplifies cybersecurity management and provides the visibility you need to mature your program. Learn more at FortifiedHealthSecurity. com. That's it for today's Two Minute Drill. I really appreciate you being here.
Stay a little paranoid, and I'll see you around campus.