Increasing cybersecurity premiums
A 75% increase in annual premiums. That’s what Citizens Medical Center was told to expect with their next cyber insurance renewal if they didn’t strengthen their cybersecurity posture. While the amount itself was shocking, the increase itself was not. Premiums for cyber insurance coverage had risen steadily year after year, alongside a questionnaire that grew more cumbersome to complete.
Although Citizens Medical Center was contracted with Fortified Health Security for other managed services, including Risk Assessment (RA), Vulnerability Threat Management (VTM), and Penetration Testing, they realized the value that bolstering their cybersecurity with 24/7/365 managed Security Operations Center (SOC) would have on their organization.
Faced with the costly realities of cyber insurance and the rise of cyber attacks on healthcare, Russell Witte, Director of Information Technology, and his IT/Security team coordinated with Citizens’ CFO to explore what could be done to enhance their cybersecurity in fiscally responsible ways.
Securing SOC solutions
As Fortified was already providing Citizens with several essential cybersecurity services, Witte reached out to his contact to discuss their options.
After reviewing the cyber insurer’s questionnaire and conditions, and engaging in several scoping discussions, Fortified recommended that Citizens augment their cybersecurity program with:
- Security Information and Event Management (SIEM) services
- Managed Detection and Response (MDR) services
- Managed Connected Medical Device services
This cybersecurity roadmap was meticulously tailored for Citizens with the aim of reducing risks within their organization, while optimizing their long-term savings.
“SIEM would give us 24/7 security monitoring, MDR would allow us to proactively detect malicious activity and respond to critical threats, and Connected Medical Device services would help us close security gaps related to IoT (Internet of Things) and medical devices,” explained Witte. “Adding these services would strengthen our cybersecurity posture and support our commitment to protecting precious hospital data.”
When Witte and his team presented their recommendation to the CFO, they underscored not only the potential insurance savings but also the stronger security measures that would help Citizens safeguard against damaging data breaches, and loss of revenue due to downtime. The holistic financial benefits—coupled with the promise of reduced risk and potential savings on high cybersecurity premiums— secured the approval to move forward.
A partnership approach to implementation
After setting up their monitoring to ensure the SOC would work properly, Citizens coordinated with their Fortified team to align their SOC implementation with the hospital’s internal bandwidth.
“We had some internal limitations, including staffing constraints, that impacted how quickly we could get everything set up and rolled out. But instead of imposing a timeline and telling us what their schedule was, like other vendors typically do, Fortified remained flexible and understanding. They took the time to tailor our implementation timeline around what worked for us,” shared Witte.
While the Citizens team knew that their service implementation would take time, they also had a clear objective for when they wanted their SOC operational.
“We knew we’d receive our next cyber insurance questionnaire in nine months, along with that looming 75% increase, so that was the timeline we’d set for ourselves,” said Witte. “But to our relief and surprise, Fortified had everything up and running within 3-4 months. So, we ended up being ahead of schedule, and well-prepared for our cyber insurance renewal process.”
Significant cost savings, stronger cybersecurity
When Citizens cyber insurance renewal application arrived, the team was able to confidently answer all the questions in the insurer’s questionnaire, thanks to the new SOC solutions in place.
“It was a very different cyber insurance renewal experience for us compared to previous years,” said Witte. “What’s more, because we’d been able to answer the questions so thoroughly, the cyber insurer had minimal follow-up questions, which was something we hadn’t encountered before.”
Not only did Citizens meet the requirements for the new cybersecurity coverage, but they were able to do so without any increase in premiums. The savings were so significant, the CFO even spotlighted the IT/Security team at a company leadership meeting.
“This was a huge win for us. Even though there were costs associated with improving our cybersecurity posture, at the end of the day, we were still able to significantly reduce our spend by not having to pay such a high cyber insurance premium,” explained Witte. “I fully credit Fortified’s ingenuity and support for these savings, not to mention the peace of mind I now have that we’re doing right by our hospital and patients.”