The Maturity Paradigm

In healthcare we have an insatiable appetite to adopt new technology

Should we be worried

About state-sponsored attacks against hospitals?

Security and the Board Need to Speak the Same Language

How security leaders speak to thier C-Suite and Board can make all the difference

Who'd want to be a CISO?

Challenging job, but increasingly well paid

Medical Tourism - Growing in Popularity

Safe, fun, and much, MUCH more cost-effecitive

The Changing Face of the Security Leader

The role is changing, but what does the future hold?

Cyber Risk Insurance Won't Save Your Reputation

Be careful what you purchase and for what reason

2017: A Milestone Year for UAE

The American Hospital Dubai.
The American Hospital Dubai.
2017 was a watershed year for healthcare providers in the United Arab Emirates. Joint ventures with US, UK, European and other healthcare partners saw the start or completion of a number of large hospital construction projects, vastly expanding the number of beds and types of procedures that can be conducted throughout the emirate.

Partnerships with US-based Childrens' National Medical Center, The Cleveland Clinic, Johns Hopkins, MD Anderson, and the Mayo Clinic, have greatly helped improve care for UAE citizens, resident workers, and health tourists coming to the UAE for medical procedures.

Cleveland Clinic Abu Dhabi.
Cleveland Clinic Abu Dhabi.
In fact health tourism is a major area of growth for both Dubai and Abu Dhabi. During a recent visit to the emirate, I was told that health tourism is on track to seeing 500,000 overseas medical tourists by 2021. Judging by the prolific amount of hospital construction evidenced during my visit and the apparent brain-drain of top physicians and healthcare administrators being lured from the west, the UAE is on track to become a major medical tourism destination.

A number of successful organ transplants took place this year including the first full heart transplant at the Cleveland Clinic Abu Dhabi, the Basmah free cancer treatment initiative got underway and Dubai achieved mandatory health insurance for all its residents, as part of a UAE-wide initiative underway to health insure the entire country.

New Medcare Women and Children's Hospital in Dubai.
New Medcare Women and Children's Hospital in Dubai.
New hospital facilities ready to go.
UAE is a major Health Tourism destination.
UAE is a major Health Tourism destination.

Health Tourism. Cleveland Clinic Abu Dhabi.
Cleveland Clinic Abu Dhabi.
The deployment of UAE's electronic medical record system continues to help improve patient outcomes and some 1.4m Dubai residents now have ‘smart’ medical records. On top of all this, plans were agreed for 2,000 more nurses, midwives and allied health professionals to be recruited by the Department of Health, Abu Dhabi.


Saudi German Hospital, Dubai.
Saudi German Hospital, Dubai.
But all is not well in paradise. 2016 and 2017 were also watershed years for cyber crime in the United Arab Emirates. Studies suggest that compared to the rest of the world, UAE and its larger neighbour Saudi Arabia, are being targeted for attack and that this is beginning to impact both oil-rich nations.

A recent study by the Ponemon Institute shows that the average cost of a data breach in Saudi Arabia and the UAE in 2017 was $4.94 million (Dh18.1 million), up 6.9 per cent since 2016. These breaches on average cost organisations $154.70 per lost or stolen record on average. On top of that, Saudi Arabia and the UAE are amongst the top spenders ($1.43 million) on post-data breach response.

The 2017 Cost of Data Breach report also revealed that malicious or criminal attacks are the most frequent cause of data breach in Saudi Arabia and the UAE. Fifty-nine per cent of incidents involved data theft or criminal misuse. These types of incidents cost companies $171.70 per compromised record, compared to $130.70 and $128.50 per compromised record as a result of a breach caused by system glitch or employee negligence, respectively.

The average cost of a data breach in Saudi Arabia and the UAE in 2017 was $4.94 million (Dh18.1 million)
Average cost of a data breach in UAE in 2017 was $4.94 million (Dh18.1 million)
Top factors that contributed to the increased cost of a data breach in Saudi Arabia and the UAE include compliance failures and the extensive use of mobile platforms.

Scott Manson, cybersecurity leader for the Middle East and Turkey at Cisco, said: "Cybersecurity is finally becoming a top-of-mind business objective for many with many organisations making the board hold accountability, which makes sense considering a large security breach/incident doesn't only affect finances and productivity, but can severely damage customers' trust towards the brand."

According to the study, how quickly an organisation can contain data breach incidents has a direct impact on financial consequences. Globally, the cost of a data breach was nearly $1 million lower on average for organisations that were able to contain a data breach in less than 30 days compared to those that took longer than that. On average, organisations in Saudi Arabia and the UAE took 245 days to identify a breach, and 80 additional days to contain a breach once discovered.

Most of the large recent security breaches in UAE have targeted financial institutions, but as banks continue to invest rapidly and heavily in security, so other UAE industries are becoming the focus of cyber criminals. That includes healthcare. With patient safety directly impacted by cybersecurity and system availability of critical treatment systems, hospitals have much more to lose in the event of a successful cyber attack. While none of the hospitals I recently visited had knowledge of a security breach, many executives acknowledged that it was only a question of time before their institution could be hit. While investment in UAE hospitals and clinics has been huge, most of the money to date, has been targeted at the direct delivery of clinical services to patients. Security and privacy have yet to catch up.

Health Tourism. Cleveland Clinic Abu Dhabi.
Cleveland Clinic Abu Dhabi.
Health Tourism. Cleveland Clinic Abu Dhabi.


As the healthcare industry in the UAE continues to develop and expand to a global provider of services to international patients, the emirate needs to invest heavily in cybersecurity and privacy capabilities to protect patient information and critical clinical information technology from cyber attack. Otherwise the huge investments in buildings, equipment and highly-skilled medical staff will all be for nothing.

Once those investments in cybersecurity controls and staff are in place, UAE will surely be on the top of many people's lists for elective medical procedures. After-all, who wouldn't want to recuperate in a luxury desert oasis!