Securing data now means improving identity management

When he’s not starring on Shark Tank, Robert Herjavec is running a burgeoning data security company. And business is booming, especially in healthcare.

It’s well known that hackers are going for patients’ medical records and not credit card and Social Security numbers. The values on those have decreased to less than a dollar a number, while medical records have risen on the dark markets, Herjavec noted Tuesday at the InstaMed Healthcare Payments Summit in Philadelphia.

The risk for healthcare organizations goes beyond the damage to reputation and the direct cost of remediating the breaches, he says. The biggest fears he sees from healthcare organizations are the risks of running afoul of the Payment Card Industry Data Security Standard and the General Data Protection Regulation, says Herjavec, who heads Herjavec Group, a security solutions integrator that is one of Canada’s fastest growing technology companies.

robert1.jpg

“I estimate that 50 percent of the security industry (in healthcare) is being driven by compliance and governance” related to those data security standards. “With GDPR, if you’re not a good custodian of data and you’re doing business in Europe, you can be fined up to 6 percent of your global sales.” For example, Google was recently fined $57 million by France for failing to comply with its GDPR provisions.

Healthcare organizations’ risks are high because consumers expect them to protect their data—meanwhile, it’s difficult to expect consumers to take additional steps to protect their own information. “If your system requires the consumer to change their behavior for better security, they don’t care. But they expect you to do it.”

Hospitals struggle with “archaic infrastructure” and equipment using obsolete operating systems that no longer can be easily protected, Herjavec says.

Healthcare organizations are also struggling to provide adequate defense for growing amounts of data in the cloud. When providers operated data centers, it was easier to use a “castle approach” to wall off data, or throw up more defenses around it. Now, data is decentralized and difficult to protect in the cloud—ensuring security requires stronger identity management approaches to protect it.

“A lot of our focus is about identity management,” he says. “We work to validate and authenticate the user. We’re doing it to mitigate risk. We live in a world that now is fundamentally insecure.”

For reprint and licensing requests for this article, click here.