Page 23 - Cyber Defense eMagazine June 2024
P. 23
The practice of law and medicine have in common several important features, in particular the doctor-
patient privilege and the attorney-client privilege. The goal of both of these is to ensure that proper care
can be provided, without fear of repercussion (whether disclosure publicly or introduced as evidence in
a lawsuit). If a patient or client cannot provide full details, their practitioners can’t provide proper service.
Often these details could be embarrassing, could lead an individual to believe the information could be
used against them in a different context, or an individual may not understand that what they see as a
trivial bit of information could be extremely important for their medical or legal professional.
This is where the tie-in to cybersecurity comes into play. Cyber criminals know that those in the medical
and legal professions house some of the most sensitive data, and that such information, if made public,
would have negative ramifications. Cyber criminals also know that, if hit with ransomware, these
professionals are likely to pay the ransom to ensure this information is not made public and/or that these
professionals can continue to provide uninterrupted service to a vulnerable audience.
PatientLock and JurisLock were developed specifically with the most vulnerable in mind. PatientLock and
JurisLock have bundled services specifically designed to harden a healthcare organization or law firm’s
cybersecurity posture through a fully managed suite of cybersecurity technology and compliance/advisory
services, designed to force-multiply IT resources and satisfy regulatory frameworks and rules like HIPAA,
PCI, NIST, ABA Formal Opinions, as well as cyber insurance requirements.
PatientLock’s and JurisLock’s Security Operations Centers (SOCs) are the same that provide service to
the DOD and the largest military-defense-contractors in the world, allowing clients to take advantage of
previously unattainable economies-of-scale. With 400+ cybersecurity professionals, PatientLock and
JurisLock eliminate the need to hire security staff and solve the talent issue by managing the security
technologies (MDR, XDR, MEDR, VUMA, EPS, etc.), monitoring for threats 24/7/365, and taking action
in real-time to address them.
In our experience, it's become clear that it's often the case that C-Suite executives just don't know what
they don't know (NOT a typo). Among other duties, a CISO's responsibilities include educating decision-
makers on cyber risks and risk management. Most small and medium-sized organizations don’t need or
can’t afford to hire a full-time CISO. PatientLock’s and JurisLock’s virtual vCISO program provides a
fractional CISO to exercise oversight of enterprise-wide cybersecurity and governance, while helping
achieve compliance for regulatory frameworks including NIST CSF and HIPAA Compliance, Security
Risk Assessments, HITRUST and SOC2 Readiness, GAP Assessments, and more.
We recognize that technology alone isn’t enough. Cyber insurance can also protect organizations against
many different risks associated with cyber incidents, especially since cyber incidents are often not
adequately covered, or covered at all, by D&O or E&O policies. Cyber insurance is designed to help an
organization mitigate exposure through risk transfer by offsetting costs associated with responding to an
incident like data and system recovery, business interruption, extortion expenses and claims and lawsuits
asserted by others directly affected by the incident. We see cyber insurance as a risk management
device similar to commercial property coverage for a fire in a restaurant’s kitchen. Even though
restaurants have sprinkler systems, extinguishers, fire alarms, etc., a restaurant would never forego
having property insurance because it mitigates the damage that the inevitable kitchen fire will cause.
Cyber Defense eMagazine – June 2024 Edition 23
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
