Data breaches are a major problem in today’s society. With the innovation of ever-advancing technology, attackers are becoming smarter, increasing their ability to access data easier and easier than ever. No industry is more vulnerable to these attacks than the healthcare industry; In the last decade, 190 million customer records were exposed in healthcare data breaches alone.
The issue with healthcare data breaches is ensuring the safety of patient data. Patient data includes your social security number, lists of the current medications that you take, your entire medical history, your addresses, and more.
As it stands, 2019 may prove to be the worst in healthcare cybersecurity’s history; Almost 32 million patients records were breached in the first half of the year alone, more than double the records breached in all of 2018.
So how can we stop these attacks before they happen? How can our data be truly secure? I spoke with Arun K. Buduri, founder and president of two-time MassChallenge company and 2019 MassChallenge HealthTech Platinum winner cybersecurity technology startup Pixm, to get the answer.
Q: Who is Arun Buduri, and what is your role at Pixm?
Arun: I have been in the industry for almost two decades, beginning my career working in large companies and shifting to building startups since 2012. Pixm, now commercial in the market, is my third iteration and I serve as its founder and president. People who know me well describe me as innovative, and that’s what I love to do; I love to solve problems and build a business, which is exactly what I’m doing here.
Q: Why is cybersecurity such an important issue in today’s society?
Arun: By 2021, cybersecurity spending is going to reach $6 trillion in warfare damages. Cyber-attacks are the easiest way to knock companies and countries down, making it one of the top areas that need immense focus.
So, what does this mean for healthcare? Well, healthcare is the most expensive industry regarding data breaches. The cost of a stolen record in the healthcare sector is more than double the next highest-ranking industry (finance). On an average, a healthcare record is worth three times more than a record from any other sector. Current data values a single health record at $429, and that number continues to increase. Let’s say then that a hospital with 50,000 records suffers a cyber breach. At $429/record, that is an immediate loss of over $21 million from that single breach.
Q: How is Pixm innovating the healthcare system, with respect to cybersecurity?
Arun: Pixm is the world’s first device-based phishing prevention that shuts down phishing attacks at the point of click. Given that 93% of all data breaches occur because of phishing attacks, Pixm is truly bridging a significant gap in cybersecurity. The age-old technique to prevent phishing attacks is simple: “Don’t click.”
But in spite of extensive training, numbers suggest that more than 25% of the users still click and give away their passwords. Another widely common approach of blacklisting works to block phishing attacks once they have been flagged, but this is a reactive approach that only works after a data breach has likely already occurred.
What is missing is real-time prevention at the point of click. By filling this gap, Pixm is literally transforming the phishing landscape and changing the game by detecting attacks that even the highest quality competitors are simply missing.
Q: What has your experience been working with stakeholders on security and privacy?
Arun: Healthcare organizations definitely see that there is a major hole in the kind of security that is available in today’s market. While they recognize that there are different types of issues, they also see that the majority of issues starts with phishing. Our product and the value that it brings resonates with healthcare organizations especially as the best way to fill that hole.
That being said, the most effective approach will not be one of “rip and replace”. The best defense will have multiple solutions layered on top of one another as part of an overall defense in depth strategy. This is where it is going to be key for large organizations to adapt to this strategy, take on new cybersecurity solutions like Pixm, and make their organizations and the data they possess safe.
As part of the 2019 MassChallenge HealthTech Program, we had offers from 5 champions – OSF Healthcare, Cisco, GlaxoSmithKline, Brigham & Women’s Hospital, and Mass eHealth Institute. The Innovation and CISO Leadership team at OSF Healthcare have stayed ahead of the curve and shown great commitment to their Enterprise security, especially in rolling out phishing training as well as adopting a layered defense in depth strategy. OSF has already deployed a Pixm pilot within their Enterprise and looking to expand the pilot to multiple departments within the hospital network.
Q: What are your thoughts on the future of the industry in regard to cybersecurity?
Arun: With respect to talent—something that has historically been missing from the cybersecurity field—a lot of investment is being made by several universities to build a cybersecurity curriculum and bridge that gap.
Cybersecurity is among one of the few industries where costs of damages is so high and continues to increase. Technological advances, especially automation and cloud storage, makes the attackers’ jobs easier. In order to keep up with this, innovation will be critical as newer startups will be the trailblazers tackling these problems.
Q: What is one thing that everyone should know about cybersecurity?
Arun: Do not, do not, do not reuse passwords from your personal and work accounts! Attackers today are targeting users’ personal emails to gain access to their work information. Beyond that, pay attention to the training, learn how to spot an attack, and use Pixm!
Backed by former NSA leaders and well-known cybersecurity investors, Pixm is the world’s first device-based real-time phishing prevention to shut down phishing attacks at the point of click using AI computer vision. Pixm is not a rip-and-replace solution but a necessary added layer of defense running directly on devices and stopping phishing attacks not just in work email but also in personal emails and social apps.