Cybersecurity and Obscurity

Security by Obscurity

by Charles Parker, II

During the budgeting cycle, departments may ask for increases in their respective budget, padding it or

to accommodate capital purchases. When the senior management does not recognize the importance of

security, the thought may float through their mind of what if we do nothing? After all, nothing has

happened.

Well, nothing has happened…yet. The healthcare industry is targeted for many reasons and there are

many options as to the individual targets, methods of attack, and other facets. A breach in this

environment is horrific operationally with systems shut down for days or weeks, ERs shut down, patient

data exfiltrated, etc. There is also the potential for patient mortality being directly attributable to the

breach. Financially this can be a nightmare as the healthcare provider has to quickly address the issues

and contract with a forensic firm to review the breach, what was accessed, and everything else with the

issue. This is not cheap.

By ignoring cybersecurity and thinking you can get through the next cycle without adequately addressing

this, the healthcare provider is doing everything they can to set themselves up for failure on the

business, functional, and patient care side.

About the Author

Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.