Skip to main content

Privacy & Security

Security
By Kat Jercich | 04:34 pm | June 10, 2020
Experts say the coronavirus pandemic acts like "blood in the water" for cybercriminals looking to exploit tech vulnerabilities.
Security
By Mike Miliard | 11:28 am | June 10, 2020
The tool, developed by scientists at UT Dallas and Vanderbilt, can help weigh the risks that a person might be identified when their health data is shared with researchers.
Security
By Kat Jercich | 03:32 pm | June 09, 2020
Experts say a functioning system should be based on understanding your workforce, your technology and your employee workload – and it should involve everyone in your organization.
Security
By Kat Jercich | 06:28 pm | June 05, 2020
The Exposure Notification Privacy Act requires public health officials to be involved with any exposure notification systems and prohibits commercial use of users' data.
By Mike Miliard | 12:14 pm | June 05, 2020
The group tells CMS and Congress that two-dozen "cumbersome" regulations, many related to telehealth, that were waived or relaxed in response to COVID-19 should stay that way.
Security
By Kat Jercich | 12:05 pm | June 05, 2020
Big transitions can present an opportunity to enact security improvements, but they can also make a complicated process even more complex.
SPONSORED
By HPE | HIMSS TV | 07:00 am | June 05, 2020
HP's Daniel Colling and Raja Bhadury detail moves to enhance the telemedicine experience while accelerating vaccination research and improving security in the battle against the pandemic.
By HIMSS TV | 12:10 pm | June 04, 2020
This week's top stories include shadow pharmacies peddling bogus coronavirus cures, HHS offering additional aid to hospitals and the challenges of integrating in-person care back into workflows.
By Kat Jercich | 01:13 pm | June 03, 2020
Over the past decade, workloads and data have moved increasingly into the cloud. For the healthcare industry, that means personal health information is stored in multiple environments – and so security should be able to respond to threats across those environments too. "As the IT estate continued to evolve, the traditional 'gate in castle' approach to security became less and less relevant," said Ryan Smith, VP of product at Armor Cloud Security, in a HIMSS20 Digital presentation.  "It was no longer sufficient enough to have a firewall on the outside perimeter," he said. "Instead, you had to begin focusing on the workload. When you think about security, you have to be thinking about how you're protecting that workload." During his talk, Maintaining Visibility and Security Across Hybrid Infrastructure Deployments in the Healthcare Industry, Smith explained that cloud-based security failures are nearly always the fault of the customer, rather than the security provider – and that in healthcare companies, orchestrating security teams is often "a very fragmented picture." This means, Smith said, that security in the cloud is not a technology problem, but an operations problem – and a cultural problem – for businesses. The defense of healthcare information, in particular, presents a number of unique challenges, including a murky understanding of cloud architecture and data landscapes, poor authentication, weak role-based controls, stubborn end-user adoption, and a lack of orchestration between point solutions.  Another hurdle, Smith said, involves furthering the understanding that regulatory constraints under HIPAA aren't always prescriptive.  "Compliance is built on a checklist of how we should maintain best practices," Smith said. "Compliance is more of a point-in-time snapshot. … Security never sleeps, while compliance is often a once-a-year activity." "Threat actors don't care if you're compliant," he pointed out. Plus, as Smith noted, compliance often results from security.  Security platforms should protect the data environment from both accidental and intentional threats, Smith said. He explained that tools focused on Cloud Security Posture Management, Cloud Workload Protection and Cloud Access Security Brokers can work together to address the all-around security needs of an organization. This is important, Smith said, because "healthcare data is gold to bad actors."  The financial impact of data breaches is often significant due to government fines, loss of customers or theft of intellectual property. "If you are subject to breach," Smith said, "there is tremendous impact to the business." .jumbotron{ background-image: url("/sites/hitn/files/u2556/HIMSSDigitalJumbo.jpg"); background-size: cover; color: white; } .jumbotron h2{ color: white; } HIMSS20 Digital Experience the education, innovation and collaboration of the HIMSS Global Health Conference & Exhibition… virtually. Kat Jercich is senior editor of Healthcare IT News. Twitter: @kjercich Healthcare IT News is a HIMSS Media publication.