klas research the state of cybersecurity in healthcare · 2021. 1. 21. · klas insights assist...
Post on 08-Mar-2021
3 Views
Preview:
TRANSCRIPT
KLAS ResearchThe State of Cybersecurity in Healthcare
Garrett Hall, Research Director
2
KLAS Mission: To improve healthcare technology delivery by
honestly, accurately, and impartially measuring
vendor performance for our provider partners.
Our Promise to You… and Healthcare Providers
•Straight Customer Feedback•Actionable Findings•Experience-Based Recommendations
KLAS Influence
© Copyright KLAS 2016 3
3,100
Research focus is on the customer experience.
Healthcare customer executives (VP & C-Level) who actively participate by sharing their experience and benefit from accessing KLAS data/reports.
KLAS is entirely dedicated to improving healthcare, including the provider market, payer market, and the emerging “payvider” market.
Vendors receive guidance.
KLAS insights assist organizations.
4,500
25,000+
750
Healthcare organizations worldwide represented in the KLAS data through the participation of their employees each year who share their voice/experience.
Interviews conducted each year. 95%+ are person-to-person interviews with current customers.
Healthcare IT products and services measured by KLAS.
400 Vendors measured and highlighted in KLAS Reports.
27,839 Downloads of KLAS specialty reports published last year by healthcare customers. Average of 400-500 healthcare customer downloads per report.
28 Members of the KLAS Advisory BoardCLICK HERE to see complete list of Advisory Board Members
Click to edit Master title style
4
A Sobering Statistic
© Copyright KLAS 2017
Click to edit Master title style
5
Who Owns Cybersecurity Today?
© Copyright KLAS 2017
Click to edit Master title style
6© Copyright KLAS 2017
7© Copyright KLAS 2017
8© Copyright KLAS 2016
Click to edit Master title style
9
How Do You Detect and Respond to Attacks?
© Copyright KLAS 2016
10© Copyright KLAS 2016
11© Copyright KLAS 2016
“We try to do external risk assessments monthly. We try to focus on a security-risk-analysis procedure, which allows us to do some penetration testing within the environment to make sure that we can determine any of our current leaks and any additional ports that are currently shut down. I have also hired an ethical hacker to start focusing a lot on the overall process of trying to penetrate our system. I need to know how people are coming in so that we can close any openings as soon as possible.”
“We had a breach about a year ago, so we got the results from the HIPAA security assessment and are now starting to do a risk assessment or prioritization based on the risk to figure out which things we need to start working on first.”
Click to edit Master title style
12
What are Providers Focused On?
© Copyright KLAS 2017
Technologies Provided by Two Most Impactful Security Vendors
Click to edit Master title style
13© Copyright KLAS 2017
Click to edit Master title style
14© Copyright KLAS 2017
Click to edit Master title style
15© Copyright KLAS 2017
Click to edit Master title style
16© Copyright KLAS 2017
Click to edit Master title style
17© Copyright KLAS 2017
Click to edit Master title style
18© Copyright KLAS 2017
Click to edit Master title style
19© Copyright KLAS 2017
Click to edit Master title style
20© Copyright KLAS 2017
Click to edit Master title style
Garrett R. Hall
garrett.hall@klasresearch.com
801-404-5428
21
Contact Info
© Copyright KLAS 2017
4 Critical Componentsfor DLP SuccessBrian Mullins
VP Product Marketing
Digital Guardian
“DLP is one of the most powerful and important tools in our modern security arsenal, and anything with that kind of versatility and wide range of integration points can be a problem if you fail to appropriately plan.”
- Rich Mogull, Analyst & CEO,Securosis
23
#1 - DLP as a Program
24
People
+
Process
+PROVEN METHODOLOGY
Technology
#2 – Proven Implementation Methodology
25
Understand BuildEnforce & Educate
UNDERSTAND
▪ Where PHI is located throughout the enterprise
▪ When PHI is at risk
BUILD
▪ Smart polices & controls
▪ Enterprise wide knowledge how business operates
ENFORCE
▪ Start with monitor only, then move to enforce
EDUCATE
▪ Real-time prompts increase employee awareness and educate users on proper usage
Assess & Improve
ASSESS
▪ Identify policy gaps
IMPROVE
▪ Refine policy
▪ Add additional DLP components
#3 – Implement One Step at Time
26
1
2
3
4
DATA DISCOVERY
NETWORK DLP
CLOUD DLP
ENDPOINT DLP
#4 - Consider DLP MSP
“We think this skill deficit helps explain the growing popularity of Managed Security Service Providers (MSSPs), an attractive option to enterprises looking to modernize their approach to security. According to Gartner, the MSSP space is an $8B market growing at 15%. MSSPs differ from security consulting practices in that they offer shared security services to multiple clients”.
Joel P. Fishbein, Jr. | Software and Cloud TechnologyBTIG Industry Report: Cyber Security Landscape 2016 and Beyond
27
Reduced PHI data
loss risk by 82%
The Power of Real-time Education
Q&A
Confidential
top related