Comments
Healthcare IT Security Worse Than Retail, Study Says
Newest First  |  Oldest First  |  Threaded View
Page 1 / 3   >   >>
SarahBeene
50%
50%
SarahBeene,
User Rank: Apprentice
6/10/2014 | 9:29:59 AM
Re: healthcare security
I'm well and truly on the encryption bandwagon! As the owner of a small practice, I am frantically aware of the complications and risks of handling patients PHI. I appreciate the volume of data we handle isn't as as high as the Standard & Poor 500 firms used by BitSight in their study, however studies like this always worry me. We want to be able to reassure our patients as I would hate to think they would hold details back out of worry, especially if it is detrimental to their health.

I have tried to eliminate as many manual processes as possible to keep everything water-tight, using cloud services like sfax as they have ensured HIPAA compliancy. Although as Michael Raggo has said, human error can cause breaches, and I doubt we'll ever be able to fully protect people from that. For now I'm going to keep encrypting all PHI, especially when shared with other departments!
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
6/9/2014 | 10:26:50 AM
Re: PHI Hack Coming to You Very Soon
You're exactly right: PHI will be hacked and the fact that the government is moving toward a centarlized database of healthcare records and the possible creation of a healthcare ID number should send alarm bells off. When you have studies demonstrating that healthcare, as an industry, is far less secure than the notably insecure retail market, we should be extremely worried. I don't think we're being alarmist when we say this will have much more dire implications than financial fraud.
asksqn
50%
50%
asksqn,
User Rank: Ninja
6/6/2014 | 6:10:42 PM
PHI Hack Coming to You Very Soon
Boyer believes the latest Target breach was a "watershed" event?  Evidently, he missed the other two breaches perpetrated inside of three years at Target in addition to the 867,292,654 (and counting) million records breached (that are known) compiled by the Privacy Rights Clearinghouse.  Hacked PHI isn't an IF as much as it is a WHEN, and, when it does happen, consumers can expect the same hemming/hawing and blowing off of the event by both industry as well the lapdog government that continues to look the other way.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
6/2/2014 | 4:04:55 PM
Re: Watch Out, Finance?
You raise great points, @AmandaInMotion, in that perhaps finance isn't a great bastion of security; it's just less bad than the other verticals in the study. After all, banks get hacked and as you say, the NSA has its fingers in just about every pie. 

Personally, I'm concerned about healthcare data and lack of privacy. Almost every day I get a press release touting the use of "anonymized" data by one company, research firm, or university -- and that's data coming from doctors, hospitals, insurance firms, or government. In other words, it's patient data but I don't recall ever agreeing (or disagreeing) to allowing my data to be used in this way. Nor do I know anything about the standards used or not used or what happens when some of these companies go out of business. When my daughter started middle school, I discovered there's a central database where schools can look up kids' vaccinations. The IRS oversees health insurance coverage. And companies troll social media for mentions of individuals' medical complaints, treatments, and symptoms. 
AmandaInMotion
50%
50%
AmandaInMotion,
User Rank: Apprentice
6/2/2014 | 12:07:53 PM
Re: Watch Out, Finance?
I don't know that the establishment finance world is much more terribly secure. All of us are at risk of spying and hacking from both government and non-government actors alike. It's a little lengthy, but this video (https://www.youtube.com/watch?v=vtQ7LNeC8Cs) by Jacob Applebaum, writer at Der Spiegel, explains how the NSA has deliberately made the Internet a less secure place to be over the years. It blew my mind.

Allow me a moment to be trite and say, "It didn't have to be this way." I just think of all the people who need routine healthcare (http://tinyurl.com/oa65dqu) or the people headed into retirement. 

I gain hope, however, in believing that the system really will be so inefficient - like the disgraced VA hospitals - that private alternatives will pop up left and right. They'll have to, otherwise most of us will literally be left with Soviet-quality "health care".
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
5/30/2014 | 10:07:34 AM
Watch Out, Finance?
Do you think healthcare organizations will become more likely to try and recruit security professionals from finance? Or is healthcare too specialized, their budgets too tight (compared with finance) for this approach to work?
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
5/30/2014 | 10:05:02 AM
Re: Why ever store credit card numbers?
@Jon, I believe you're correct about those stolen CC numbers. This report didn't get into how healthcare data is being stolen. Information from HHS seems to indicate most is taken due to lack of encryption when hardware -- laptops, smartphones, etc. -- get stolen or lost. But this report suggests healthcare organizations WILL be attacked in a much more organized fashion. And if/when that happens, the general lack of preparedness will lead to a huge loss of personal health information, much bigger than anything we have yet seen from the world of retail.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
5/30/2014 | 10:01:51 AM
Re: healthcare security
How can vendors make their systems more secure, @moarsauce123? Do you think they should automatically encrypt all data, for example? Do you know of any vendors who are doing a better job than others?
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
5/30/2014 | 9:54:24 AM
Re: the unintentional insider threat
You are SO right, @Chris. Whenever I see reports or press releases on healthcare breaches or take a spin through HHS' Wall of Shame, I am (unsurprised but) stunned at the high percentage of breaches due to employee negligence, such as losing an unencrypted laptop. I don't know if it's laziness, lack of education, overly complex procedures that spawn workarounds, or a combination of factors that lead to these commonplace lapses but it's very disheartening. I think IT and security pros can help their organizations improve security by showing the direct result of lapses: Huge penalties and loss of public trust (and patients?) once these occur. Plus design security solutions that are as user-friendly as possible, while still safeguarding data. Tough but feasible.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
5/30/2014 | 9:49:37 AM
Re: healthcare security
I agree with you that security is NOT what healthcare providers typically are good at. It's one reason I, personally, think many should seriously consider cloud as an option. Now, that doesn't mean rushing out and choosing any old cloud provider. It requires due diligence, a strong SLA, a deep dive into a cloud service provider's security (physical and cyber), as well as a long look at the company's financial resources. But partnering with a firm that solely provides data services and security can make a lot of sense for healthcare organizations, especially those without the resources to hire the right number and type of internal staff and buy adequate tech of their own.
Page 1 / 3   >   >>


The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.