How ecosystems help mitigate current and future health care cyber risks

When it comes to cybersecurity, the baseline risk across industries is high. Especially in health care — the most attacked sector according to the annual report of the FBI’s Internet Crime Complaint Center’s Internet Crime Report 2022¹ the threat of cybercrime looms larger than most.

For too many health care organizations, falling victim to a cyber breach isn’t a question of if as much as a question of when.

One breach, countless implications

Cyber attacks can come from any number of sources, both internal and external. The effects can be insidious, no matter their inception. Millions of dollars in ransom to recover data. Professional and personal information published online without permission. The ensuing fines and inevitable lawsuits that follow.

The organizational, operational and reputational damage dealt from cyber attacks can be hard to nurse back to health, depending on the severity — sometimes carrying with it a lasting handicap.

I’ve found that in countering cyber attacks and other blights on businesses, ecosystems are an elixir of sorts. They work, and work well, because they bring together strengths that add up to more than the sum of their parts.

Ensuring a strategic, collaborative cybersecurity approach

Thinking about health care’s susceptibility, I’m reminded of a university-based health system client of mine. It needed to mitigate risk by sophisticating their standing against cyber threats.

Exacerbating the matter was insufficient IT staffing — a common issue I’ve found when addressing cybersecurity. My client specifically wanted visibility into its network, which included a mix of university and hospital data.

To provide that visibility, we knew a traditional, standalone solution wouldn’t really prepare our client for the future. What they needed was an ecosystem that aligned key elements — the EY team, an EY alliance partner, the client and their existing vendors — plus all the tech, systems and processes that support everything. Using this approach positioned the client to address their current position and future-fit them for cyber threats to come.

Based on the understanding that our teams had of the client, it made the most sense to include in this ecosystem an EY Alliance partner specializing in secure, digital infrastructure — for this engagement, Splunk made the most sense to complement the client’s existing partners.

A collaborative, calibrated approach

The important thing to consider with ecosystems is that they’re not a one-ecosystem-fits-all fix. Like each client — and each client’s problems — ecosystems are unique. I’ve found that the best-fit ecosystems are built on understanding: of the industry, of the client’s issues and of the client’s future aspirations. And that makes relationships all the more important.

Take my client, for instance. If my team and I didn’t know the client as well as we did, we couldn’t have helped it as much as we did. That’s because our deep understanding informed the ecosystem we orchestrated and applied to its particular situation. And that meant that the cybersecurity strategy programs we created and helped implement were that much more effective. It’s as simple as that.