A spate of high-profile, high-impact cyber breaches at several of the largest financial institutions in the United States has brought attention to a point that cybersecurity professionals have long taken as an article of faith: boards of directors need to take an active role in the management of cyber risk. Yet, there are several factors that tend to prevent effective engagement in cybersecurity risk at the board level.
As stated in a recent issue of the FDIC's Supervisory Insights, the risks presented by cyber attacks have become "one of the most critical challenges [in the last decade] facing the financial services sector due to the frequency and increasing sophistication of cyber attacks." In just a year's time, from 2014 to 2015, security incidents increased 38 percent.
Healthcare providers hold a special place in today's society. Most people count healthcare workers among the most admirable of professional jobs, and nearly everyone has to trust a healthcare professional with their lives or the lives of loved ones at some point. Nine out of every 10 American adults see doctor as a prestigious profession, for example, with older generations in particular holding it in high regard.
Regardless of how many security controls are placed on a network and the components that go into making a network operate, there will always be vulnerabilities in a connected world. So, what do you do in an environment that allows for such risk of compromise?
There is no more hedging on whether ransomware incidents should be identified and treated the same way as other data breaches under the Health Insurance Portability and Accountability Act (HIPAA). The United States Department of Health and Human Services Office for Civil Rights (OCR) has stated that ransomware attacks constitute a breach unless there is substantial evidence to the contrary.