Innovations in Securing Healthcare Data
Co-written with David Houlding, Director, Business Strategy, HLS
As an industry, healthcare organizations are operating in an increasingly complex environment. In addition to Covid-19 which is still reverberating throughout the world, providers are also dealing with the “great resignation” of thousands of healthcare workers, and a significant rise in cybersecurity attacks. The increase in security breaches and attacks is due, in part, to the expansion of the attack surface and the strain infrastructure that many providers maintain.
In addition to breaches, advanced persistent threats, IoMT attacks, ransomware, identity theft, web-based attacks, DDoS, and many more security threats compound this challenge. Concurrently, the IT landscape is rapidly changing with digital transformation and migration to the cloud, also including hybrid and multi-cloud complexities and system vulnerabilities that must be addressed. Organizations handling sensitive patient information worldwide must also comply with a myriad of regulations, data protection laws, and privacy and security standards that are continuously changing across regions and countries worldwide.
Additionally, according to a Ponemon Institute study, cited by the HHS, the average cost of a breach for a healthcare organization is approximately $8 million (in 2019), and trending upwards, while another study concluded that a total breach cost can exceed $400 per patient record exposed, elevating the importance of establishing strong risk management practices.
Microsoft, with a leading privacy, security, compliance, and worldwide presence, a strong healthcare enterprise focus, and a thriving healthcare security and compliance partner ecosystem is working with healthcare organizations to proactively alleviate these concerns and break the log-jam, paving the way for increased adoption of cloud by healthcare worldwide, and realization of the benefits to healthcare and patients. This is part of Microsoft’s commitment to privacy, security, and compliance, underscored by the company’s $20B investment in cybersecurity R&D over the next five years to continue responding to high customer demand of its Security products, currently a $15B annual business, the fastest growing business division.
Microsoft is also working with security innovators, who are extending the capabilities of our tools in response to the specific threats that healthcare organizations face. The goal of cybersecurity is to predict, prevent, detect, and respond to attacks. Noname, Illusive, Infinipoint and Cynerio are leading, early-stage companies at the forefront of innovation, and are approaching cybersecurity from different angles.
Noname’s platform identifies cyberattacks on APIs automatically and brings deep API traffic insights to existing API gateways and server-based API environments, using AI models specifically tailored for API security. In modern healthcare applications, the backend, which is often based on APIs, acts more like a direct proxy to the data. A flawed API can lead to sensitive data exposure, account takeover and even denial of service (DoS). But Noname’s approach protects APIs in real-time and detects vulnerabilities and misconfigurations before they are exploited. The Noname API Security Platform is an out-of-band solution that doesn’t require agents or network modifications, and offers deeper visibility and security than API gateways, load balancers, and web application firewalls (WAFs). (Curious about how they got their name? Read the story behind their unique name.)
lllusive continuously discovers and automatically mitigates privileged identity risks that are exploited in ransomware and other cyberattacks. Despite best-practice investments to protect identities, including deployment of PAM and MFA, 1 in 6 enterprise endpoints holds exploitable identity risks.
Illusive makes it easy for security teams to get visibility into the vulnerable identities sprawled across an organization’s endpoints and servers, then eliminate them or deploy deception-based detection techniques as a compensating control to stop attackers. Illusive has participated in more than 140 successful red team exercises.
Founded by experts in military intelligence, Illusive’s technology is trusted by large, global financial, retailer, services organizations, and pharmaceutical companies.
Infinipoint pioneers the first Device-Identity-as-a-Service (DIaaS) solution, addressing zero trust device access and enabling enterprises of all sizes to automate cyber hygiene and increase visibility across their entire IT estate. Infinipoint is a unique solution that provides single sign-on (SSO) authorization integrated with risk-based policies and one-click remediation for non-compliant and vulnerable devices.
Cynerio helps healthcare systems secure the millions of IoT, IoMT and OT devices found throughout their environments. Our platform identifies device- and network-based risks, and then provides effective mitigation and remediation actions based on the NIST Zero Trust framework. Cynerio’s dedicated focus on healthcare environments minimizes noise, provides actionable insights, and enables effective and rapid risk reduction in even the most overburdened healthcare environments.
Want to learn more? Join us for this webinar Securing Healthcare Data: Reducing Vulnerability and Costs to hear from these security innovators extending the built-in security features of Azure. This session will also be recorded and available for on-demand viewing.
To learn more about what Microsoft has to offer startups in the healthcare space and other industries, sign up for Microsoft for Startups Founders Hub today.