Skip to main content

Privacy & Security

SPONSORED
By Caradigm | Caradigm | 02:35 pm | May 31, 2016
By Mike Willingham, Vice President of Quality Assurance and Regulatory Affairs, Caradigm The mandate for healthcare information security is clear. Our industry has to raise the bar. We are reminded of this by the constant stream of breaches affecting healthcare providers such as the recent incidents impacting 21st Century Oncology and Hollywood Presbyterian Medical Center. Industry reports like this one from the Ponemon Institute state that healthcare organizations face cyberattacks every month and are still struggling to find effective strategies to keep systems secure. One of the core vulnerabilities facing healthcare is identity and access risk as that most healthcare organizations have vulnerabilities, but don’t realize their security strategies are insufficient. With frequent industry consolidation and the emergence of population health, information security is becoming increasingly more challenging to manage. Data is now being shared from a multitude of applications with both employed and non-employed physicians. Managing this risk is further complicated because it has multiple layers. You have to consider elevated privileges, remote and mobile access, multi-factor authentication, and balance these concerns with providing efficient access. While single-sign on (SSO) tools are often looked upon as the first line of defense in controlling identity and access risk, providers need additional capabilities because the threat landscape has evolved. Providers need to assume that insiders and outsiders with malicious intent are attempting to gain unauthorized access. In order to reduce this risk, providers need greater visibility so that they can be more diligent. This entails a major shift in philosophy to a more proactive strategy that is constantly managing credentials and access rather than just reacting. The key to succeeding with this approach is to leverage automation. With the exploding number of applications and clinicians that must be managed, security teams must use tools that can automate manual security related processes. Here are a few examples of how automation can help manage risk: Provisioning and de-provisioning processes, which provides consistency in the process, saves IT many hours of work and prevents errors User, entitlements and behavior data can be brought together in a single view so you have all the information you need to take action A governance, risk and compliance (GRC) dashboard can be set up with analytics to monitor and proactively manage risk efficiently (e.g. an orphaned accounts report) Real-time alerting can identify a potential incident as it happens to minimize damage Remediation can be simplified so that access can be removed or suspended in just a couple of clicks Given the increased threats we face, healthcare needs to change its approach to security and privacy. Ultimately, the key is greater due diligence, day in and day out. If we use tools that help us accomplish this, then we give ourselves the best chance to win this battle.  
By Eric Bailey | 10:38 pm | May 28, 2016
Mohit Tiwari says it's not so much the quality of encryption technology that makes healthcare data vulnerable to cyberattacks, but user error and application security in the industry.
By Eric Bailey | 08:16 am | May 27, 2016
(SPONSORED) Venky Anant, Associate Partner at McKinsey & Company, discusses how the digitization of the healthcare industry has spawned the emergence of advanced cybersecurity threats to health systems and patient data.
By Eric Bailey | 10:58 pm | May 26, 2016
(SPONSORED) Robert Lord, Co-Founder and CEO of Protenus, details his company's innovative solutions for health data security and opines on the future of cyberattacks and how to prepare for them.
By Eric Bailey | 10:21 pm | May 26, 2016
(SPONSORED) "Aside from the DEA for E-prescribing of controlled substances, there really aren't any mandates around using anything stronger than a user name and password," says Michael Magrath. Recorded at the 2016 Privacy & Security Forum in Los Angeles.
By Eric Bailey | 05:20 pm | May 26, 2016
(SPONSORED) Adam Brand, Director of IT Security and Compliance at Protiviti, discusses how healthcare organizations can proactively fend off cyberattacks by "hunting for hackers."
By Eric Bailey | 01:42 pm | May 26, 2016
"It's the behavior of people that determine the ultimate cybersecurity of any organization," says Mansur Hasib in this clip from the 2016 Privacy & Security Forum in Los Angeles.
By Jessica Davis | 12:18 pm | May 26, 2016
The document outlines eight guidelines for achieving precision medicine principles, including a ‘participant-first’ system.
By Bernie Monegain | 12:02 pm | May 25, 2016
The chief information officer and CHIME board chair testified that it is vital for Health and Human Services to institute a coordinated plan for protecting data and systems against cyberattacks.  
By Bill Siwicki | 03:13 pm | May 24, 2016
With big issues on CISO plates, including malware, application security, cloud security and others, a new study from cybersecurity staffing firm SilverBull found that salaries are on the rise, with the highest up from $380,000 in January 2016.