http://healthitsecurity.com/2014/07/24/how-healthcare-can-learn-from-retails-it-security-mistakes/
By Patrick Ouellette
Health IT Security
July 24, 2014
There’s little doubt the healthcare industry’s perception of security and
compliance has changed to a serious one within the past few years. While
regulatory demands and business needs are certainly strong drivers, what
should healthcare organizations be focusing on as cybersecurity threats
grow in stature?
Eric Cowperthwaite of Core Security and former CISO for Providence Health
discussed with HealthITSecurity.com how identifying risks early on can
help reduce exposures. The days of organizations that put effort into IT
security being only large hospital systems and other organizations that
had some sort of significant problem are certainly over. According to
Cowperthwaite, there are a few indicators within the past 12-18 months
that leads him to believe healthcare organizations, large and small,
across the country are focusing on information security.
“First is the amount of information security leaders hiring that’s being
done,” he said. “And the second piece of it is the number of organizations
that are sending their people to [security] conferences and training to
help them interact with products and services providers.”
Many of these changes have been driven by regulatory compliance, such as
HIPAA, HITECH and Meaningful Use, but Cowperthwaite said there are other
regulatory considerations, such as any hospital system being a tier 1 PCI
merchant. Beyond compliance, the reality these days is that these
organizations have a lot of data and there a lot of “bad actors” out there
who like to steal data. There are main areas of focus that organizations
should be beginning to worry about. First, Cowperthwaite said, though
everyone is concerned about PHI disclosures because of bad publicity and
potential fines, the other side of PHI disclosures is medical insurance
fraud.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
