What Scares Me About Healthcare & Electric Power Security

John B. Dickson | Information Week | October 28, 2014

Both industries share many of the same issues as enterprises. But they also have a risk profile that makes them singularly unprepared for sophisticated threats

One question, though, gets me on my soapbox real quick -- and that question is, “As a security guy, what industries scare you most?” I get that question more frequently than you might imagine and my answer is always the same -- the healthcare and electrical power industries. Here’s why:

In healthcare, the stakes are high -- the well-being of my family -- which is critically important to me. If a credit card company loses my data, I get a new card with free credit monitoring. If a healthcare provider loses my electronic patient information, I can’t get new information. That’s my stuff!

...The reason the security of our healthcare and electrical power industries scares me is not just the impact, but how consistently ill-prepared both industries are to defend against sophisticated attacks. I say this as a 20-year security consultant who has worked in four different companies and delivered hundreds of security assessments, penetration tests, and other projects...