Interviews

Healthcare Organizations has to be more diligent about fundamental operational security practices

RajatMohanty

Rajat Mohanty is a co-founder and the CEO of Paladion Networks, Asia’s leading pure-play information security provider. He is an alumnus of IIT Kharagpur and XLRI, he brings an analytical approach to business management.  He has a deep analytical mind to solve business problems. Since inception, he’s been steering Paladion’s exceptional growth story. Under his leadership, Paladion has expanded its business reach globally, across industries and has launched new offerings and brands which are hailed by many as “industry firsts”. He is a regular invitee speaker on information security at various forums including ISACA, NASSCOM, Computer Society of India and the Cyber security Conference. Rajat Mohanty, in conversation with Ekta Srivastava, Health Technology

Kindly elaborate more on the Paladion Global Security

Paladion is a specialized partner for information risk management providing end-to-end services and solutions in Asia, the U.S. and the Middle East. Paladion is rated as the largest pure-play Information Risk Management partner in Asia, and has been recognized and awarded by Gartner, Asian Banker and Red Herring, amongst others.

For over 15 years, Paladion has been actively managing information risks for over 700 customers. It provides a complete spectrum of information risk management comprising of security assurance, compliance, governance, monitoring, security analytics and security management services to large and medium-sized organizations. Paladion is also actively involved in several information risk management research forums and has authored many books on the same. Paladion is a global cyber security company majority of our work includes detecting attacks and detecting malicious activities in the corporate network and in their applications, which we do 24*7 from our global security operations center.

Recently, company had received funding of USD $10 million fund from Infosys Co-founder N.S. Raghavan’s Nadathur Holdings with the purpose of enhancing Paladion’s cyber security intelligence platform, for building a comprehensive cloud security services platform and global expansion of multiple Security Operation Centres (SOC).

What would be the expected growth from the new Global security operation center?

Now, this is almost a year since we came into the picture. Early this part of the year, we are going four times in the next three years.

What are the different products that Paladion offers?

Customers are the very source for Paladion’s passion in the Industry. Paladion co-developed products with customers based on their feedbacks in software user experience. The company has adopted a strategy of rapid release for development, releasing firmware updates as well as expanding their reach and service across the country, based on customer feedback.

Through our products like:

  • RisqVU Governance Risk & Compliance
  • RisqVU Active Detection & Response
  • RisqVU, Vulnerability Orchestrator
  • RisqVU Infrastructure Security & Telemetry
  • Cyber ActiveTM mode

What are the top crimes in healthcare that you have witnessed?

Today, more and more cyber crime is about stealing the data, and then using the data in the multiple ways in underground forum, whether it is a credit card data or health data. Primary

What types of attacks are most common?

Data breaches are most common, and they can occur in a few says. Either employees are stealing the data, such as pharmaceutical and prescription data, and selling it, or they’re selling identities so these crime drug rings can use them to go out and falsify other information. But it’s all about the data. What can they get access to and what can they sell? So primarily what we see are network intrusions, or employees being paid to provide access to networks and systems. Employees are helping the bad guys for profit, and we’re seeing more of that this year.

What makes healthcare data so wide open for cybercrime? Is this an issue that is worse than ever before?

Yes, in a few respects. There are complex analytics that we love about healthcare and cybercrime—particularly, how the crimes are being carried out and what they’re resulting in for the practices. Employee negligence and data theft are the two big reasons for it; people see healthcare as a serious treasure trove for personal identifiable information. For healthcare organizations, IT security is not often the first concern—I’m not saying that it is not paid attention to, but it is not a main priority. As such, people tend to have easier access to the data, including everyone down to the secretary who schedules appointments. Leaving data out, leaving laptops open, leaving medical equipment that stores patient data around are key problems. We see that more in healthcare than in any other industry.

What prevention methods can organizations take?

The best prevention method happens to be the least interesting. These organizations have to become more diligent about fundamental operational security practices. Who has access to the data? How is the data transferred around? Where are the vulnerable points? How do we make employees aware that these are the vulnerable stops? It’s a boring answer, but the reality is that companies don’t do a lot of education and training; If they start treating data security like it’s an infectious disease, (which it is), you will start to see a lot of this begin to go away.

Remember, healthcare organizations exist to help people; this is the mindset they have. As a result, I feel they are just not set up from the beginning to be disciplined about security and about watching over people. The last time I was at a hospital, I sat there waiting and watching as people got up and moved away from machines, moved away from equipment, left paperwork out, and left books out that had protocols for which systems to log into. Employees at a low level really don’t understand the risk because they’re not too affected, and corporations as a whole aren’t doing a good job in terms of IT spending, education, training, safeguard and controls. These prevention methods just don’t exist on the same level as in the technology industry or financial industry.

 

Don't be shellfish...Share on FacebookShare on Google+Share on LinkedInShare on StumbleUponPin on PinterestTweet about this on Twitter
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Most Popular

To Top