Healthcare Data Breaches To Surge In 2014 - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Healthcare Data Breaches To Surge In 2014
Newest First  |  Oldest First  |  Threaded View
Sachin Kawalkar
Sachin Kawalkar,
User Rank: Apprentice
4/28/2014 | 3:32:58 AM
Re: Itís not if your systems will be breached, but when
 The primary control to be implemented is access to (PHI and PII ) Information on Need to know basis, Stringent Access control mechanism needs to be in place as even a single digit health information in very critical and lots of legal and regulatory compliance requirements are mandatory, fines, penalties if disclosed. Regular Audits and Risk assessments will help to analyze the flaws/ gaps in the current system and controls implemented. Key focus area is Disclosure of Information so related controls needs to be implemented to safeguard the same. Training and Awareness to same is required amongst users accessing the Information.
User Rank: Author
1/2/2014 | 1:08:05 PM
Re: The best defense is always a superior offense
Follow the money. Whether healthcare industry data is "the most vulnerable" relative to other industries' data depends on the money that data can generate for hackers (assuming comparable security systems). Is private medical information more vulnerable than credit card numbers? The recent Target breach suggests otherwise.
David F. Carr
David F. Carr,
User Rank: Author
1/2/2014 | 12:26:59 PM
Re: The best defense is always a superior offense
Do you believe healthcare is more vulnerable than any other industry? Or is this just the way the world is going?
User Rank: Ninja
12/30/2013 | 7:17:20 PM
The best defense is always a superior offense
First up, given Experian's less than comp!imentary track record pertaining to consumer privacy/security matters, I hardly agree that it is the best source to consult with for anything beyond cautionary tales of fail. Secondly, if companies would properly train employees handling sensitive data proactively instead of after security breaches occur, it would go a long way to prevent the ridiculous, comp!etely avoidable snafus that are part and parcel of the penny and pound foolish policies currently in place and espoused by the major corporations least expected.
User Rank: Apprentice
12/30/2013 | 11:46:14 AM
Healthcare Data Breaches To Surge In 2014
Creating a data security policy from cradle to grave(from acquisition to decommissioning) can help prevent many  data breaches.  There are opportunities during the life of the device that are high risk...For example, when a device is reissued to another employee; what happens to the current data on the device?  An E-Stewards or R2 certified ITAD (IT Asset Disposition) company can assist in putting these policies in place and provideing the  sevices to enforce them.  Depending on the size of the organization, you may also be able to facilitate the erasures yourself. 


Karen Fedder

Blancco US
Gary Scott
Gary Scott,
User Rank: Moderator
12/29/2013 | 3:14:40 AM
The "attack surface" is computer recycling
From my perspective, the "attack surface" - the part that poses the greatest opportunity for attack or error – is computer recycling.  Why?

Many employees charged with computer disposal approach the process as a recycling event; data destruction is viewed only as a function of electronic recycling.  The employee allows an electronic recycler to remove old computers from his/her custody with hard drives intact.  The promise is "full erasure" when they get back to their warehouse.  The hard drive will, most likely, be resold on the secondary market. 

If the computer disposal project is approached as a data destruction event, the employee has many questions to answer.  Should we erase, degauss or shred hard drives?  Do our computers have one or two hard drives?  Does our printer/copier have a hard drive? Onsite data destruction is the safest but, is offsite acceptable?

Staying compliant with HIPAA & HITECH is very difficult, especially if you don't understand how digital data is stored and properly destroyed...

Hire a NAID Certified vendor that will: 1) physically shred computer hard drives, 2) perform the service onsite (at your location), give you a Certificate of Destruction with a Serial Number report, and 3) show proof of Professional Liability Insurance specific to data destruction.  


Ulf Mattsson
Ulf Mattsson,
User Rank: Strategist
12/28/2013 | 10:16:16 AM
Itís not if your systems will be breached, but when
I agree that "The threat is out there, and the threat is going to get bigger," and "The point is to ensure that you're prepared and have a plan in place."

As the saying goes – it's not if your systems will be breached, but when. Every organization, especially those that handle sensitive data, should operate under the assumption that sooner or later, they will be breached. There are innumerable ways that data thieves can attack and penetrate your network.

The new best practices to protect sensitive data and the data flow throughout the enterprise are designed with this assumption in mind. They are about reducing risk of data loss, and responding quickly to attacks when they occur. I recently read an interesting report from the Aberdeen Group that revealed that "Over the last 12 months, tokenization users had 50% fewer security-related incidents(e.g., unauthorized access, data loss or data exposure than tokenization non-users". Nearly half of the respondents (47%) are currently using tokenization for something other than cardholder data. Aberdeen has also seen "a steady increase in enterprise use of tokenization as an alternative to encryption for protecting sensitive data". The name of the study is "Tokenization Gets Traction".

Ulf Mattsson, CTO Protegrity

State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
8 AI Trends in Today's Big Enterprise
Jessica Davis, Senior Editor, Enterprise Apps,  9/11/2019
IT Careers: 10 Places to Look for Great Developers
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/4/2019
Cloud 2.0: A New Era for Public Cloud
Crystal Bedell, Technology Writer,  9/1/2019
Register for InformationWeek Newsletters
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll