Oct 21 2022

How Managed Detection and Response Services Enhance Patient Data Protection Efforts

MDR services can relieve some of your healthcare organization’s cybersecurity burden, but not all vendors offer the same benefits.

As the volume of patient data being generated worldwide has skyrocketed, the threat landscape has expanded along with it. Many healthcare organizations struggle to develop and maintain a security strategy that can compete with the continually evolving tactics of threat actors.

The healthcare industry has had the highest average cost of a data breach for 12 consecutive years, according to IBM’s Cost of a Data Breach Report 2022. Bad actors are increasing the frequency and sophistication of their cyberattacks as the amount of data collected in healthcare continues to grow, creating a difficult security landscape for the industry. The average cost of a data breach in healthcare has risen 41.6 percent since IBM’s 2020 report, to $10.1 million. The number of data breaches affecting 500 or more people that were reported to the U.S. Department of Health and Human Service’s Office for Civil Rights increased 45 percent from 2019 to 2020.

Managed detection and response providers can help implement a security posture that minimizes downtime and provides more thorough recovery in the event of an attack. But with so many players offering MDR services, it can be difficult to know where to start.

Dominick Daidone, cybersecurity practice lead at CDW, says healthcare organizations considering the use of an MDR vendor should begin by asking themselves: Does my team have the skill set to deal with the day-to-day tasks that MDR and endpoint detection and response (EDR) provide?

“Is my organization ready to handle an incident at any time of the day, or 24/7 monitoring?” he says. “Do I always have somebody ready to actively respond to an incident?”

LEARN: How organizations are improving their security stances with the help of MDR services.

Evaluating MDR Vendors Is Critical

Choosing an MDR vendor requires assessing both your internal skills and the security needs that your organization can’t meet on its own. It’s also important to recognize that not all providers offer the same kind of service.

“Depending on the vendor or the partner, some will offer full soup-to-nuts, hands-on-keyboard service when it comes to remediation. Others will take the form of guidance,” says Michael Cappiello, senior inside solution architect at CDW.

“Some customers may simply want to concentrate on EDR and the endpoint itself, versus those who may want to expand into network cloud. And some customers want to have a service that doesn’t really care what you’re feeding it, as long as they can take that data and just make sense of it,” Cappiello says. It all depends on the needs of the organization.

Daidone suggests that an assessment of a healthcare organization’s internal situation in addition to an evaluation of potential vendors will help clarify MDR choices. “First, assess your own organization. Next, evaluate the vendor organizations and MDR capabilities out there,” he says. “And then see how it fits internally.”

Supply Chain Security Adds a New Wrinkle

Sometimes a healthcare organization will be vulnerable to infiltration even when doing its best to protect itself, due to a security gap somewhere in its supply chain. For this reason, it’s important for any organization to always be aware of the cybersecurity policies implemented by partners and vendors.

Cappiello says it can open an organization up to attack when other companies in its ecosystem aren’t continuously assessing their own security.

“It’s much easier to either move toward social engineering or move toward existing exploits, simply because customers are not diligent about hardening their systems,” he says. “Sometimes it’s new stuff, and sometimes it’s just really old stuff. And if it’s not kept buttoned up, then that’s where we see some of these exploits that are coming out of the woodwork that had possibly been around for a while. And believe it or not, we still do get customers that are not diligent in that regard.”

DIVE DEEPER: What is MDR, and how does it benefit healthcare organizations?

“Third-party risk is something I’m seeing a lot of. I think that many of the organizations we talked to don’t have meaningful ways to evaluate these types of risks,” Daidone adds.  “You may have the best defenses in the world, but if you have some bad people, or trust in people who have very bad privacy practices, you could become a target through some of those third-party vendors.”

Cappiello says larger organizations are just beginning to get a handle on dealing with third-party risk. “How can I figure out if someone I’m working with is taking security seriously?” he says. “Sure, there are forms and you can ask for this information, but what’s your confidence level there? Is there a way to evaluate that actively or passively, and from what you can see in front of the firewall, or if you can get a view?”

Working Within a Framework Can Better Protect Patient Data

Both Daidone and Cappiello highlight the importance of using a framework for detection and response. “I can’t tell you how many customers have homegrown security programs that aren’t evaluated against a framework that are just blatantly missing huge areas,” Daidone says.

He recommends performing a gap analysis to help an organization determine the strengths and weaknesses of its security efforts. “I think a gap analysis is really good because it helps an organization figure out the latticework and, internally, identify the technology needed to help address that,” Daidone says.

“Latticework refers to the tools and rationalization assessments, or how to map your tools back to certain frameworks; for example, do I know that Tanium meets Control 1 and 2 of the CIS Top 18?” he explains. He notes that if healthcare organizations want to map their tools against a framework, they can rely on trusted partners such as Focal Point, a CDW company, to provide the necessary workforce training and development.

Keep this page bookmarked to keep up with all of HealthTech’s Cybersecurity Awareness Month coverage, including more on managed detection and response.

gorodenkoff/Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT