Speed Data: When Lives Depend on Strong Security With John Mason

Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.

John Mason is passionate about his role in securing private data because he knows the consequences of that data getting into the wrong hands can be a matter of life or death. The President of Tempo Technology Services shared examples of why strong cybersecurity in healthcare is so critical and how organizations can combat malicious actors.

While asserting a formidable security posture is important to any industry, maintaining strong cybersecurity in healthcare might be the most crucial area because lives depend on it, said John Mason, President of Tempo Technology Services.

“It is more than just a job,” he said.

We’re not dealing in technology and data around producing a widget; we’re actually dealing with patients’ lives. We have to get it right. We don’t have a choice not to.

Private healthcare data is some of the most important personally identifiable information there is. “We have control of people's most sensitive personal information,” John said. “For example, when any one of us goes to the doctor, there are things that our physician knows, our clinicians know, that most people maybe don’t know about us.

“When you expand that into the hospital world, people are at their worst moment. They're usually ill, they're wondering about their livelihood, whether they're going to live, whether they're going to be able to work, and we have control of some very important information that we just can't let people have.”

Getting paid for PII

Because this data is so sensitive, it is also incredibly lucrative to malicious actors.

“The data that we have is some of the most valuable data that people want to get hold of in the market,” John said. “An average patient's record is worth about $500 to $550 per record.”

“What they do is they take that data, they turn around, and they file false claims against the government to get paid for services that didn't happen. That's a multi-billion-dollar industry right now in healthcare; the number of false claims filed every year is in the multiple billions of dollars.”

A life or death battle

Protecting this data is getting harder every day, John said. “The sophistication of people coming after you is getting so much better. Thirty years ago, you worried about a small virus on your computer. Nowadays, it is so much more complex and sophisticated than that.”

In healthcare specifically, John said, “Bad actors can now get in your system and start having control of all those peripheral devices. An example of that might be an IV pump — you have an IV pump and all they have to do is push a button and they can inject you with something instantaneously versus a slow drip. They can kill people.”

Ransomware is another way attackers can impact day-to-day care. “They can harm a patient because a physician can’t get to the system to know what medications they are taking,” John said. “In many cases, ransomware isn’t about taking your data. It’s really about extracting a payment from you to give you your system back.”

But the key to protecting your organization and data is first locating your data, John said.

You have to have oversight as to where data resides. You have to know where the data is — and where the important data is — because all data is not equal.

“If we can see the data before it starts moving, we’re in a better place to try and shut it down and make sure we don’t lose it.”