http://healthitsecurity.com/2014/08/19/identifying-and-mitigating-healthcare-it-security-risks/
By Patrick Ouellette
Health IT Security
August 19, 2014
Being proactive in healthcare IT security means picking out risks before
incidents occur, not after the fact. But the challenge is that potential
risks are spread across a variety of areas within a healthcare
organization. Blair Smith, Ph.D. Dean, Informatics-Management-Technology
(IMT) at American Sentinel University, spoke with HealthITSecurity.com
about security considerations for healthcare organizations.
Smith was a professional IT consultant for a number of years and for the
last 15 years was with the University of Phoenix, including the last five
as the Dean of Information Systems prior to joining American Sentinel.
With heavy experience in disaster recovery planning and said he always
considered security a heavy risk area.
What are some major security risks within healthcare at the moment?
When I look at IT security for healthcare organizations, it’s not that
much different from what many other retail or manufacturing organizations
in that it’s a prominent topic. The key is to understand and identify
areas of risk and potential exposure, and it’s where the HIPAA rules for
risk assessment become very important. BYOD, for example, has its risks
and benefits but from an industry perspective, the access to data housed
[on the device] would be a concern.
Similarly, cloud security opens another external pathway for data to
possibly be exposed to a number of different risks such as inappropriate
data access and loss. As we use more mobile devices, whether it’s a smart
phone or tablet, those types of things really present a wide range of
issues for security personnel. And what we’re seeing today is more hackers
and outside threats bringing exposure and risks to organizations. For
example, there’s the subject of single sign on (SSO) and how to have
effective security controls while maintaining convenience. The idea is to
move beyond prevention security to proactive response technology. How do
we quickly mitigate and take care of any exposures.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
