Best Practices in Healthcare Information Security

This article is certainly on point and is full of great advice for any medical practice.  That said, the biggest challenge is the section focused on culture.  Culture in medical practices can be challenging because big egos are often involved.  Medical practices are comprised of highly educated and motivated professionals, often at the top of their respective fields which creates an environment where the need to turn to other professionals in other fields more difficult.  If I mastered all the aspects of my professional specialty, surely I can master the demands of IT and IT security.  Sound familiar?

https://www.tripwire.com/state-of-security/featured/best-practices-healthcare-information-security/

Healthcare challenges: Ransomware and the Internet of Things are the tip of the iceberg

This article does a wonderful job shining a light on the void that exists between true security and an understanding of what it takes to be more secure in the healthcare industry. I agree that risk management, a construct fairly familiar to healthcare providers, is a great starting point.

https://www.welivesecurity.com/2017/04/07/healthcare-challenges-ransomware-internet-things-tip-iceberg/

Despite Risk, Healthcare Prioritizes Compliance Over Data Security

The statistics in this article expose a very painful truth – Healthcare IT Security teams are understaffed, overworked, and heavily burdened by compliance requirements that do not necessarily strengthen overall IT security.  The axiom is true.  If you are secure, then you are generally compliant.  If you are compliant, you are not necessarily secure.

http://www.infosecurity-magazine.com/news/healthcare-prioritizes-compliance/

Medical data breach leads to a record cash settlement

I am not a fan of litigation for the sake of litigation.  This is not a case of a money grab.  The level of information left unsecure and publicly available is astonishing and this hospital has earned the right to be on the losing end of this legal battle.  Kudos to the patients that stood up and fought the good fight.  Hopefully this ruling becomes a deterrent for other organizations not taking IT security seriously.

http://www.welivesecurity.com/2016/04/13/medical-data-breach-leads-record-cash-settlement/

Cancer Clinic Warns 2.2 Million Patients Of Records Breach

The breach discussed in this article continues a disturbing trend in healthcare – the lack of proper care when it comes to Patient PII.  From the provider’s response it is clear that health records were the focus of their security efforts.  Once again, this demonstrates the proof of the axiom, Compliance does not equal security.

https://threatpost.com/cancer-clinic-warns-2-2-million-patients-of-records-breach/116668/