Sai Balasubramanian, M.D., J.D., McKinsey healthcare strategist, management professional, physician, speaker, and writer for Forbes recently published a great article: ‘Healthcare Cybersecurity Specialists Will Face Unprecedented Demand In The Coming Years’. His article does a great job of highlighting why cybersecurity in healthcare is so challenging, underscoring a core reason: Healthcare is different.
“The world of healthcare entails a unique array of cybersecurity concerns, given the nature of the industry” – Sai Balasubramanian
Acknowledging Healthcare’s Uniqueness
The phrase, ‘healthcare is different’, is something that will resonate with many of my colleagues in the technology industry….and you know who you are. You have labored, year after year, to advocate and build vertical programs and solutions inside of large horizontally focused tech companies with the goal of bringing your technology or even a piece of it to bear on a challenge in healthcare and to do something above and beyond. You fight every day for the possibility to participate in the mission of healthcare as a career. I was fortunate enough to accomplish this during my career at VMware.
Do you remember what turned out to be one of the most time consuming and frustrating activities? Endlessly explaining why healthcare is different! Why we needed the product to do “x” just a little differently, or to work/invest in different partners with completely unfamiliar names. We did this to a never-ending list of key stakeholders from product, sales, marketing to senior management over and over again.
Remember some of the things they said?
- “Healthcare is too complicated, too unique. We cannot change our product!?”
- “Does this mean we would need to become HIPPA compliant!?” – (deep breath everyone. I spelled HIPAA wrong on purpose.)
- “We love the whole helping people aspect, which makes for great marketing, but it’s just too expensive.” – (Queue the marketing investment in a single F1 logo for the price of an entire vertical program)
What did I learn? That they in fact – were right. There I said it. So did Sai in his article. Healthcare is, in fact, different.
After nearly $28 billion dollars spent on cybersecurity solutions in U.S, in five years, Healthcare patient data/records continue to be stolen/extorted at a rate that is beginning to finally catch the ire of the public, politicians, and it’s making headlines on a weekly basis.
Build for Healthcare, Not Around It.
This is why David Ting founded Tausight, and why I joined him. After serving on the Human Services Health Care Industry Cybersecurity Task Force, David realized that one of the key reasons cybersecurity solutions struggle in healthcare is because they were not designed for healthcare in the first place. Existing solutions were not designed to see the very data they were trying to protect. Healthcare had to leverage hand-me-down solutions from other industries. Most designed to see/detect/protect data, like SSN, credit card numbers etc. Clearly protecting this data is important, but they are relatively easy to detect because they are easy to spot through legacy pattern recognition systems. (RegEx>DLP etc).
But what about protected health information (PHI)? Sai articulately points out:
- Health records intrinsically deal with the most vulnerable details about people.
- Healthcare is one of the fastest and highest producers of data, meaning that the volume of information that requires protection is unfathomably high.
- There are no low-yield vs. high-yield breaches; rather, all breaches have the potential to be catastrophic with regards to patient privacy and identity.
This data that must be shared but also must be accounted for and secured, yet is being stolen/extorted on a daily basis. PHI exposure increased 11-fold according to the Journal of the American Medical Association from 2016-2021.
Why? PHI is not a single data type, like a credit card number. PHI comprises 18 unique identifiers including, but not limited to personally identifiable information (PII), diagnosis codes, physician notes, images, IP addresses, biometric, mrn’s, insurance data and more. PHI is very unique. As unique as every person, because that’s what it is. It is your most sensitive data.
Herein lies the challenge that Tausight set out to solve. Build a solution FOR healthcare.
- A solution that can natively see and understand healthcare’s unique and sensitive data.
- Do so with powerful federated edge based AI/ML and exploit the growing built-in ML capabilities of hardware.
- Intel’s CEO Pat Gelsinger said on their Q2 2023 earnings call “ build AI into every product we build”.
- Make it simple and easy:
- Enable already staffed and operationalized solutions, like EDR, ITSM automation, SIEM/SOARS, and storage/data protection to consume and take action on our data/insights.
- Therein making the organization’s existing investment and solutions “Healthcare Aware” and even more valuable to their customers.
Why Tausight?
Healthcare is different so we designed, built and are delivering a solution for healthcare. We are directly addressing a critical cybersecurity gap that is negatively impacting nearly 40 million U.S. patients each year… (you, me, friends and family). Once again Sai, points out:
- There are no low-yield vs. high-yield breaches; rather, all breaches have the potential to be catastrophic with regards to patient privacy and identity.
We built Tausight to provide organizations native visibility to sensitive PHI data and to work with and enhance existing, operationalized cybersecurity solutions to help make them “Healthcare Aware”. Be on the lookout for an exciting partnership announcement and integration with a leading global cybersecurity company.
Healthcare is indeed different. That’s why we built Tausight. We believe we will help usher in a new era of security/privacy of patient data. That is our mission.
Contact us to learn more about how Tausight can help discover dangerous shadow PHI and reduce the impact a data breach has on your hospital or health system.
Frank Nydam
CEO
Tausight
