This article is certainly on point and is full of great advice for any medical practice. That said, the biggest challenge is the section focused on culture. Culture in medical practices can be challenging because big egos are often involved. Medical practices are comprised of highly educated and motivated professionals, often at the top of their respective fields which creates an environment where the need to turn to other professionals in other fields more difficult. If I mastered all the aspects of my professional specialty, surely I can master the demands of IT and IT security. Sound familiar?
This article does a wonderful job shining a light on the void that exists between true security and an understanding of what it takes to be more secure in the healthcare industry. I agree that risk management, a construct fairly familiar to healthcare providers, is a great starting point.
This is certainly a disturbing trend and points to where our focus should be as we enter 2017.
This is yet another substantial breach in the healthcare industry. Root cause does not appear to be understood at this time, but the size and scope is concerning regardless of attack vector.
For everyone in the Healthcare space, this is a good conversation with Don Kopanoff of Fortinet on cyber threats associated with Healthcare.
The statistics in this article expose a very painful truth – Healthcare IT Security teams are understaffed, overworked, and heavily burdened by compliance requirements that do not necessarily strengthen overall IT security. The axiom is true. If you are secure, then you are generally compliant. If you are compliant, you are not necessarily secure.
I am not a fan of litigation for the sake of litigation. This is not a case of a money grab. The level of information left unsecure and publicly available is astonishing and this hospital has earned the right to be on the losing end of this legal battle. Kudos to the patients that stood up and fought the good fight. Hopefully this ruling becomes a deterrent for other organizations not taking IT security seriously.
This is becoming a fairly disturbing trend. Please take note and review both your employee training procedures and your backup/recovery options.
The breach discussed in this article continues a disturbing trend in healthcare – the lack of proper care when it comes to Patient PII. From the provider’s response it is clear that health records were the focus of their security efforts. Once again, this demonstrates the proof of the axiom, Compliance does not equal security.
This article should make all of us cringe and speaks to the absolute importance of data security at both the logical and physical layer.