Protecting Sensitive and Regulated Data in University and Government Healthcare Systems Requires a Unified Approach

July 18, 2022
Download Case Study

{{consumer="/components/cta/consumer"}}

Cyberattacks targeting university and government healthcare facilities are on the rise. In the first four months of 2021, the U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center tracked a total of 82 ransomware incidents targeting the healthcare sector, with nearly 60% of them affecting the U.S. market. 

The impact has been devastating. Large hospitals report an average shutdown time of 6.2 hours at a cost of $21,500 per hour, while midsize hospitals averaged nearly 10 hours of downtime at more than double the cost or $45,700 per hour, according to a report by Philips and CyberMDX.

Cyber criminals inside and out understand that universities and healthcare organizations handle, process and store large volumes of protected health information (PHI), personally identifiable information (PII) and intellectual property (IP). To ensure that they are protected against intrusion, compromise, disruption and data exfiltration, hospital systems need to rethink the way they deploy cybersecurity.

Growing attack surfaces, loss of visibility

University and government healthcare systems no longer have the luxury of managing bounded network infrastructures where applications, data and devices all reside within a well-defined perimeter. The rise in telehealth, cloud computing, electronic health records, Internet of Things (IoT) devices and wearables has created new risks and data protection requirements. 

Data now resides in countless apps, both on-premises and in the cloud. And with healthcare providers and staff working from anywhere, and patients requesting access at any time from everywhere, unmanaged devices and networks are being used to handle PHI, PII and IP. This has simultaneously opened new entry points for attacks and severely hindered perimeter-based security’s effectiveness, taking away the visibility and controls these healthcare networks used to have.

Inadequate security tools

To fulfill new data protection requirements, university and government healthcare institutions need cybersecurity that works no matter where data goes — especially as people work from anywhere using unmanaged devices and networks. Legacy security solutions are tied to perimeters where data and users no longer reside exclusively, so they offer limited visibility into and control over cloud-centric activities. 

Some organizations have begun implementing cloud-delivered security, but these solutions often are deployed in isolation. Siloed solutions lead to security gaps and operational inefficiencies as administrators must switch between various consoles to coordinate information and analyze results. Without a change in strategy, university and government healthcare systems will continue to face consequences from ransomware attacks like these:

  • In December 2021, a ransomware attack at the Maryland Department of Health crippled its systems and forced many of its services offline for at least three months. 
  • In August 2021, a ransomware attack prompted the emergency room at Memorial Health System in Marietta, Ohio to divert patients to other facilities. The hospital chain exposed over 200,000 patients’ PPI and was forced to shut down IT systems and cancel emergent surgeries. 
  • In October 2020, the University of Vermont (UVM) incurred costs upwards of $63 million when a ransomware attack forced its systems offline, including ones in the UVM Medical Center. 

A unified approach to data protection

To effectively secure sensitive and regulated data, university and federal healthcare institutions need to move beyond perimeter-based tools. 

The Lookout Security Platform eliminates the need for a patchwork of technologies by converging the capabilities that used to reside on premises in the cloud. The platform provides end-to-end data protection and visibility — from the users’ behavior, the endpoint they use, to the data they seek to access. 

With a unified solution, these institutions get comprehensive and consistent insight and control across their entire system within a single pane of glass — reducing the risk and impact of ransomware and other cyber threats, and protecting PHI, PII and IP.

To find out more about why the Lookout Security Platform is the best cybersecurity solution for university and federal healthcare facilities, visit https://www.lookout.com/solutions/pubsechealth.

Discover how Lookout can protect your data