Comments
10 Ways To Strengthen Healthcare Security
Threaded  |  Newest First  |  Oldest First
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
8/26/2014 | 3:24:18 PM
Healthcare security
The only thing worse than hackers is a badly organised patient information management system. Not everytime are hackers responsible. When healthcare is being talked about, we are assuming that the hospital (or chain of hospitals) have a central server which allocates files to patient information. What happens mostly is that this kind of networking does not align up with efficient management and the patient information (and not the case file and treatments offered) stays in the system long after the patient has been discharged.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/26/2014 | 3:36:35 PM
Re: Healthcare security
That's a great point. Hackers are less likely to be the culprits. It's much more likely to be employees, accidentally or on purpose. And as we've seen from breaches in both healthcare and other industries, all too often they occur because simple steps are not taken. Automating processes really helps; it eliminates the need for someone to remember to do something, always a good thing! 
pcharles09
50%
50%
pcharles09,
User Rank: Ninja
8/27/2014 | 12:17:51 AM
Re: Healthcare security
@Alison,

More importatnly, automation prevents users from screwing things up or being too 'creative' with tasks.
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
8/27/2014 | 9:42:42 AM
Re: Healthcare security
Let's not forget the staggering 68% of incidents caused by outsiders!  That's quite a staggering statistic! This means there are lax controls around identity and access management.  Between this risk and Data Loss Prevention from loss/theft, it's easy to see that there are a lot of gaps in policies relating to how data is used, accessed and stored.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:38:19 PM
Re: Healthcare security
Absolutely! It's one reason a CSO is so important. They should either be strong in governance or, depending on the organization, work with lead counsel on these efforts to ensure data policies and guidance are strong -- and followed.
Henrisha
50%
50%
Henrisha,
User Rank: Strategist
8/27/2014 | 1:38:55 PM
Re: Healthcare security
True. Employees' inadvertent mistakes can often cause so much damage and problems. It's unfortunate but sometimes you have to remove and just take out the human factor, and you can see the number of errors go down with automation as well.
asksqn
50%
50%
asksqn,
User Rank: Ninja
8/26/2014 | 7:16:07 PM
So easy even a CEO can see it
Excerpt >>We do find that a number of healthcare organizations appoint people... whose training has been primarily in the domain role of healthcare or healthcare management...<<

/Excerpt

 

And there is the entire crux of the problem right there.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:34:25 PM
Re: So easy even a CEO can see it
Exactly! Surely you'd want a chief SECURITY officer to be expert in security. Healthcare experience will come. This exec certainly is motivated to learn the ins and outs of the business -- and even if someone knows one hospital, each facility has its own nuances and workflows anyway!
Henrisha
50%
50%
Henrisha,
User Rank: Strategist
8/27/2014 | 2:00:28 PM
Re: So easy even a CEO can see it
Regardless how many trainings and workshops you let people attend, some will still commit errors and mistakes nonetheless. It's part of being human but sometimes that can just throw the system.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 2:57:15 PM
Re: So easy even a CEO can see it
Oh, absolutely, Henrisha! We've all made silly mistakes, I'd bet. It's one reason automation and rules are so important. Forcing users to change their passwords every X months, for example, and forcing them to use eight characters, including at least one capital, one number, and one symbol could well eliminate the potential of duplicating another site's password. That's just one example of using technology to override our natural inclination to take the easy way out and use the same Password123 for every single site we visit!
progman2000
50%
50%
progman2000,
User Rank: Ninja
8/27/2014 | 7:19:57 AM
CSO?
Just what the business world needs, another C-level position that will make more money than me.  I can kind of see the logic but so many organizations are top heavy as it is, is concocting another high level position really the answer to this problem?  Most hospitals are spread razor thin as far as budget to begin with...
Alison_Diana
100%
0%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:37:03 PM
Re: CSO?
I can see why the thought of another c-level might appear unnecessary but who is responsible for security if not a CSO? The CIO? Well, the CIO already oversees everything IT -- and security isn't only tech-related. The CFO? Security should not be ruled by finance, otherwise money talks and security measures walk. The CEO? They have enough responsiblities already? And we know what happens when anything is ruled by committee! The problem with having a lower-level person rule security is it doesn't get enough visibility or leverage, and requests flounder. So I stick by that recommendation, a recommendation I picked up from many security professionals. And it's a great goal for security execs who aspire to the c-suite.
progman2000
50%
50%
progman2000,
User Rank: Ninja
8/28/2014 | 7:51:20 PM
Re: CSO?
Eh, I don't know, still sounds like CIO to me.  Although I will concede that certain industries probably warrant it (thinking Banking and Healthcare), although even then I still think it's someone who reports to the CIO.


Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.