Let’s face it: it is a matter of when your company is going to get hit by digital attackers and how hard, not if. This causes a lot of pain and overall damage, both of which are not good for business. Cyber attacks are at the forefront of news headlines and are plaguing C-Level executives’ thoughts; unfortunately, these attacks are going to get more and more complex and impactful.

When the smoke clears from a successful digital attack or data breach, who is to blame? The company? The vendor? A third-party vendor? Who is going to assume the liability and take the heat for this one?

One would recommend looking at the basic fundamentals. Just look at Equifax and how addressing a basic patch management process could have addressed the root cause. The same happened to the Women’s Health Care Group of Pennsylvania. Both of the provided examples clearly demonstrate that a lack of security controls compounds the severity of a breach when there’s no one to seemingly blame or to take responsibility for their actions.

Cyber attacks, if not adequately protected against, will come out of the shadow and grab a hold of the company’s backbone. And as businesses in healthcare grow more and more dependent upon technology, the concern and costs surrounding cyber attacks will get bigger and bigger.

If a firewall company might make a faulty system that inadvertently damages other organizations, does it mean that the provider company or the company that bought it to ensure its functionally is at fault? Or, are we just out of luck, and we have to let the chips fall where they may?

The fact of the matter is that it’s not a black and white answer; it is a multilayered answer with complex codependency of safety, privacy, and overall (Read more...)