If you’re keeping score, 2018 healthcare data breaches have passed 6.1 million so far. The Office for Civil Rights updated their ‘the wall of shame,’ last month with a new member—UnityPoint Health—when 1.4 million records were reported compromised on July 30. The investigation for PHI violations is ongoing.
Yes, cybercriminals want to get their mitts on protected health information (PHI). We all know this. But PHI’s guardians—providers, payers, clearinghouses, and their business associates—are doing battle on an attack surface with unfamiliar enemies using exotic weapons.
Cybercriminals have not fabricated new tactics, techniques, and procedures (TTPs); hoping through a vulnerable endpoint on your way to a network data repository is nothing new. Trouble is that the flank continues to be exposed and fragile. Not by malice or conscious neglect, but because when you’re in the throes of transforming care delivery, connecting patients, providers, and payers and adroitly adopting new technologies, errors happen.
As I’ve written about before, workforce mobility muddies the waters and IT teams have a difficult time just seeing where PHI is, let alone the potential risk to its myriad resting places. We know what happens next: OCR agents darken your door, legal teams, courts, appeals, fines, and public disgrace. To better protect PHI, IT leaders are taking various steps. When surveying the menu of options, it’s vital to assess the probability of success and withstanding attempts to break the bank on boondoggles that may seem promising but return little on the investment. It would be prudent to have the mindset of Gene Kranz, retired NASA Flight Director: “Failure is not an option”.
Today, data has been shattered, with tiny shards taking up residency on endpoints that span the globe; making endpoint security more relevant than ever.
How valuable is the effort? Forrester recently conducted a Total Economic Impact (TEI) study to show Absolute’s economic impact to drive security and financial success. To better understand the benefits, costs, and risks associated with this investment, Forrester interviewed Absolute customers. Their insights were compiled and calculated in the Healthcare Edition of the 2018 Forrester Total Economic Impact™ Study.
Healthcare organizations identified the following investment drivers:
When implementing Absolute, success followed:
According to the report, “before using Absolute, healthcare providers often had issues when devices left the network. Prior solutions were unable to provide endpoint visibility and control, which resulted in compliance failures. In some cases, these devices disappeared altogether, making endpoint security a difficult task. Evaluating security posture and proving compliance was a lengthy and difficult process, which led to missed business opportunities and corporate data exposure that prompted regulatory ramifications. By adopting Absolute, the interviewed organizations gained a centralized platform that more effectively assessed and secured a wide range of endpoints.”
With real-world data from healthcare organizations in hand, Forrester concluded that Absolute has a three-year financial impact of $3.5 million in present value (PV). With PV costs of $1.4 million, the resulting net present value (NPV) is $2.1 million; a return-on-investment (ROI) of 146%.
One Absolute customer, an IT security leader, told Forrester “I think it [Absolute] is data protection assurance and satisfies compliance standards. I can sleep at night..."
To learn more about how an Absolute investment today can create future opportunities for healthcare organizations, download the 2018 Forrester TEI for Healthcare Spotlight.