Sensitive healthcare data is a prime target - how do you secure it?

If you’re in healthcare—whether you’re a physician, nurse, assistant, or administrator— patients are always your top priority. The fallout from a cyberattack can have a major impact on healthcare organizations from top to bottom, even affecting patient volumes and outcomes. 

Healthcare is one of the most prominent targets for bad actors. Stakes are high, sensitive data is exploding, and teams may not know where to start when it comes to protecting their data. Read below for ideas on where to begin to achieve cyber resilience in healthcare.

Holistic Defense Strategies for Healthcare Organizations 

Steve Stone, Head of Rubrik Zero Labs, spoke at Infosecurity Europe, Europe’s leading annual cybersecurity event, about the massive task at hand for healthcare organizations attempting to keep their sensitive data secure. 

According to Rubrik Zero Labs research, healthcare organizations secure 22% more data than the global average. On top of that, a typical healthcare organization saw their data estate grow by 27%—faster than the global average of 23%. 

When it comes to sensitive data specifically, healthcare organizations have about 50% more sensitive data than the typical non-healthcare organization. While the growth of all data for healthcare organizations is pretty comparable to the typical non-healthcare organization, Steve also highlighted that sensitive healthcare data is growing at five times the global average. So what can healthcare organizations do to keep their data safe?

Steve continued by emphasizing the urgency of a holistic defensive strategy, advocating for seamless protection across hybrid environments encompassing on-premises, cloud, and SaaS platforms. The necessity of comprehensive visibility into data assets was underscored as a precondition for effective cybersecurity, illustrating the principle that informed defense is predicated on profound data understanding.

Steve also highlighted the alarming frequency of cyber incidents in 2023, reinforcing the necessity for continuous vigilance and adaptive cybersecurity practices.

Steve's session serves as a wake-up call for organizations, specifically those in healthcare, to elevate their cybersecurity readiness, presenting an integrated approach that knits rigorous risk assessment with strategic defensive frameworks. For more insights on building a path towards cyber resilience, check out the latest report from Rubrik Zero Labs: “The State of Data Security: Measuring Your Data’s Risk.”

St. Luke’s Commits to Protecting Patient Data and a Pursuit of Resilience 

St. Luke's University Health Network is a non-profit providing healthcare for more than 80,000 patients, managing 340,000 ER visits annually across 14 campuses and 300 outpatient clinics.

After running cyberattack simulations, St Luke’s discovered it would take months to recover and cost millions of dollars if they were hit with ransomware – not to mention the severe impact on patient care.

To overcome this risk, they pursued a strategy of cyber resilience. Since moving from its legacy vendor to Rubrik, St. Luke’s has seen a 73% total cost of ownership (TCO) savings over three years. Even more importantly, its sensitive data is much safer.

“Cyber resilience to St. Luke's is absolutely crucial to ensure that we have the right security foundation. Moving to a system like Rubrik that was much more dynamic and integrated with our environment was essential for us.” – David Finkelstein, CISO, St. Luke’s

The Fatal Consequences of a Ransomware Attack

Hannah Neprash, associate professor at the University of Minnesota School of Public Health, was featured on Data Security Decoded and shared interesting insights on the impacts of cybercrime on patients. A big part of Hannah’s research includes dissecting data to see how healthcare organizations are affected by ransomware, data breaches, and other cyber incidents. 

Hannah starts off by noting that her research began without a comprehensive data set detailing the effects of ransomware attacks on healthcare organizations, meaning that she and her team had to start from scratch. For over a year, her team collected every report they could on healthcare organizations going through cyber incidents. Her team then set out to discover how these attacks were affecting not just the organizations, but patients themselves. 

The results were striking. The team found that when a ransomware attack hits a hospital, emergency department volume drops by about 40%, and inpatient admissions drop by about 20%. And for the patients who are already in the hospital, unfortunately, they are more likely to not walk out of that hospital alive. She also continues by noting the hospital affected may not be the only victim, as spillover effects can cause patient volume to spike at nearby hospitals.

‘Cyber safety is patient safety.’ - Hannah Neprash

Steve also shared some findings from the latest Rubrik Zero Labs report, noting that, on average, organizations lose about 20% of their sensitive data during a cyberattack. The conversation then pivots towards how the loss of patient data can have a major impact on both organizations and patients themselves. 

While busy physicians and other healthcare leaders are focusing on their patients and their practices, cybersecurity will continue to become a larger priority for all involved. For more, listen to the entire conversation on Data Security Decoded.

Rubrik named the Healthcare and Life Sciences 2024 Microsoft Partner of the Year

In healthcare, every second can mean the difference between life and death. That’s why helping healthcare organizations ensure their data is protected and available isn’t just a technical challenge for us—it’s a mission. 

This is why we’re thrilled that Rubrik has been recognized as Microsoft’s Healthcare and Life Sciences Partner of the Year for 2024. This accolade underscores our unmatched commitment to protecting patient data while enabling seamless operations for healthcare organizations. 

Our collaboration with Microsoft has resulted in innovative solutions that empower healthcare organizations, elevating patient care standards through technological excellence, as well as streamlined cyber investigation and recovery processes.

Learn more about how Microsoft and Rubrik can help your healthcare organization achieve complete cyber resilience in this blog from our own Mike Tornincasa.

Rick Bryant on TechStrong TV: With the threat of cyberattacks looming, how do healthcare organizations win back patient trust?

Rick Bryant, Healthcare Chief Technology Officer at Rubrik, joined Techstrong TV and host Michael Vizard to break down how cyberattacks against healthcare organizations are starting to impact patient confidence and what organizations can do to win that trust back by planning ahead.

Rick started by stating that even with 30 years of healthcare experience, he has never seen an environment like the one we see today, where attackers are not just seeking monetary gain, but seeking chaos as well. Rick continued by mentioning that if a hospital is possibly under an attack, patients might be skeptical to receive preventative care at that hospital, negatively affecting future healthcare outcomes. Rick went on to point out that many attackers are even focusing on logging in, rather than hacking in, something that can be deterred with a consistent security model focused on good hygiene.

"Hope is not a strategy." - Rick Bryant, Healthcare CTO, Rubrik

Rick also discussed how security is a team sport that requires all departments to work together to build a resilient strategy ahead of time. Once that plan is in place, the organization as a whole will build confidence towards knowing they can beat bad actors if an attack were to take place.

To watch the full conversation from Techstrong TV, click here.

Hungry for more Cyber Resilience Content?

Check out some of these highly recommended reads from Rubrik here:

📚 Cyber Leaders With Tight Budgets Still Must Secure AI, Cloud (Read it here)

📚 Rubrik Co-Founder Bipul Sinha on How He Got From Rural India to an IPO (Read it here)

📚 Enhancing your Clean Room with Rubrik Security Cloud and Cyber Recovery (Read it here)

📚 Rubrik Announces Integration With Microsoft Information Protection (MIP) Sensitivity Labels (Read it here)

👀 How businesses are changing their mindset to make sound digital investments, feat. Abhilash Purushothaman (Watch it here)

Rubrik is on a mission to secure the world’s data. With Zero Trust Data Security™, we help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, secures data across enterprise, cloud, and SaaS applications. We help organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked.

Subscribe to Data Security Digest as your destination for all things Zero Trust Data Security.