KLAS ResearchThe State of Cybersecurity in Healthcare

Garrett Hall, Research Director

2

KLAS Mission: To improve healthcare technology delivery by

honestly, accurately, and impartially measuring

vendor performance for our provider partners.

Our Promise to You… and Healthcare Providers

•Straight Customer Feedback•Actionable Findings•Experience-Based Recommendations

KLAS Influence

© Copyright KLAS 2016 3

3,100

Research focus is on the customer experience.

Healthcare customer executives (VP & C-Level) who actively participate by sharing their experience and benefit from accessing KLAS data/reports.

KLAS is entirely dedicated to improving healthcare, including the provider market, payer market, and the emerging “payvider” market.

Vendors receive guidance.

KLAS insights assist organizations.

4,500

25,000+

750

Healthcare organizations worldwide represented in the KLAS data through the participation of their employees each year who share their voice/experience.

Interviews conducted each year. 95%+ are person-to-person interviews with current customers.

Healthcare IT products and services measured by KLAS.

400 Vendors measured and highlighted in KLAS Reports.

27,839 Downloads of KLAS specialty reports published last year by healthcare customers. Average of 400-500 healthcare customer downloads per report.

28 Members of the KLAS Advisory BoardCLICK HERE to see complete list of Advisory Board Members

Click to edit Master title style

4

A Sobering Statistic

© Copyright KLAS 2017

Click to edit Master title style

5

Who Owns Cybersecurity Today?

© Copyright KLAS 2017

Click to edit Master title style

6© Copyright KLAS 2017

7© Copyright KLAS 2017

8© Copyright KLAS 2016

Click to edit Master title style

9

How Do You Detect and Respond to Attacks?

© Copyright KLAS 2016

10© Copyright KLAS 2016

11© Copyright KLAS 2016

“We try to do external risk assessments monthly. We try to focus on a security-risk-analysis procedure, which allows us to do some penetration testing within the environment to make sure that we can determine any of our current leaks and any additional ports that are currently shut down. I have also hired an ethical hacker to start focusing a lot on the overall process of trying to penetrate our system. I need to know how people are coming in so that we can close any openings as soon as possible.”

“We had a breach about a year ago, so we got the results from the HIPAA security assessment and are now starting to do a risk assessment or prioritization based on the risk to figure out which things we need to start working on first.”

Click to edit Master title style

12

What are Providers Focused On?

© Copyright KLAS 2017

Technologies Provided by Two Most Impactful Security Vendors

Click to edit Master title style

13© Copyright KLAS 2017

Click to edit Master title style

14© Copyright KLAS 2017

Click to edit Master title style

15© Copyright KLAS 2017

Click to edit Master title style

16© Copyright KLAS 2017

Click to edit Master title style

17© Copyright KLAS 2017

Click to edit Master title style

18© Copyright KLAS 2017

Click to edit Master title style

19© Copyright KLAS 2017

Click to edit Master title style

20© Copyright KLAS 2017

Click to edit Master title style

Garrett R. Hall

garrett.hall@klasresearch.com

801-404-5428

21

Contact Info

© Copyright KLAS 2017

4 Critical Componentsfor DLP SuccessBrian Mullins

VP Product Marketing

Digital Guardian

“DLP is one of the most powerful and important tools in our modern security arsenal, and anything with that kind of versatility and wide range of integration points can be a problem if you fail to appropriately plan.”

- Rich Mogull, Analyst & CEO,Securosis

23

#1 - DLP as a Program

24

People

+

Process

+PROVEN METHODOLOGY

Technology

#2 – Proven Implementation Methodology

25

Understand BuildEnforce & Educate

UNDERSTAND

▪ Where PHI is located throughout the enterprise

▪ When PHI is at risk

BUILD

▪ Smart polices & controls

▪ Enterprise wide knowledge how business operates

ENFORCE

▪ Start with monitor only, then move to enforce

EDUCATE

▪ Real-time prompts increase employee awareness and educate users on proper usage

Assess & Improve

ASSESS

▪ Identify policy gaps

IMPROVE

▪ Refine policy

▪ Add additional DLP components

#3 – Implement One Step at Time

26

1

2

3

4

DATA DISCOVERY

NETWORK DLP

CLOUD DLP

ENDPOINT DLP

#4 - Consider DLP MSP

“We think this skill deficit helps explain the growing popularity of Managed Security Service Providers (MSSPs), an attractive option to enterprises looking to modernize their approach to security. According to Gartner, the MSSP space is an $8B market growing at 15%. MSSPs differ from security consulting practices in that they offer shared security services to multiple clients”.

Joel P. Fishbein, Jr. | Software and Cloud TechnologyBTIG Industry Report: Cyber Security Landscape 2016 and Beyond

27

Reduced PHI data

loss risk by 82%

The Power of Real-time Education

Q&A

Confidential