Blog Posts Tagged with "Healthcare"
Data Loss Doesn’t Always Mean Getting Hacked
February 03, 2012 Added by:Robert Siciliano
Recently UCLA announced 16,000 patients were potential victims of identity theft because a doctor’s home office was broken into and data stolen. Data breaches cost big bucks. Encryption in this scenario failed due to a password on a sticky note near the laptop...
Comments (0)
Social Engineering: Don't Talk to Strangers
January 29, 2012 Added by:Jim Palazzolo
Policy development must be constructed around conversations that will take place during an attack, and reinforced after the policy has been deployed. Re-training of individuals on security awareness will help to decrease the amount of risk involved in day-to-day operations...
Comments (0)
ISO 27001 and HITRUST for Healthcare Organizations
January 23, 2012 Added by:John Verry
HITRUST provides a prescriptive set of controls that are mapped and referenced to standards and regulations relevant to healthcare. The idea is to simplify the process of becoming largely compliant with relevant laws and regulations and mitigating most risks...
Comments (0)
Healthcare Data Interoperability Pain
January 18, 2012 Added by:Danny Lieberman
Imagine vendor-neutral, standard middleware for EHR applications that would expose data for patients and doctors using an encrypted Atom protocol – very simple, very easy to implement, easy to secure and with very clear privacy boundaries...
Comments (0)
Is Healthcare IT Security on Life Support?
January 13, 2012 Added by:Rafal Los
As costs pile up from beaches, innovation suffers. Ask someone who runs a hospital network - the true cost of innovation slow-down can be counted in lives. Maybe I'm being a little dramatic, but I suspect this is closer to reality than we'd like to admit to ourselves...
Comments (0)
Medical Device Security: Killed by Code
January 04, 2012 Added by:Danny Lieberman
I’ve been talking to our medical device customers about mobile security of implanted devices for over a year now. I think it’s only a question of time before we have a drive by execution of a politician with an ICD (implanted cardiac device)...
Comments (0)
Medical Device Security
December 27, 2011 Added by:Danny Lieberman
A threat analysis was performed on a medical device used in intensive care units. The analysis considers the security implications of deploying the devices inside a hospital network. Different stakeholders have different security and compliance concerns and therefore different agendas...
Comments (0)
HIPAA Security Rule Toolkit Available from NIST
December 21, 2011 Added by:Headlines
"The NIST HIPAA Security Toolkit Application is intended to help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment..."
Comments (1)
Are Your Health Records at Risk?
December 14, 2011 Added by:Christopher Burgess
Have we now arrived at the point in obtaining medical care that in addition to looking into the medical practitioner's experience and confirming they are compliant with HIPAA, that we now must review their data handling policies before choosing a health care provider?
Comments (0)
HIT Security: Conclusions in a Contradictory Report-Sandwich
December 02, 2011 Added by:Ed Moyle
The barometer that the Ponemon study uses (i.e. breach disclosures, breach impact) could actually be an indicator of better security instead of worse. It could be the case that breaches are on the rise because we're finding them more because not looking for them so violates federal law...
Comments (0)
HIPAA Tool Helps Organizations Meet Security Requirements
November 30, 2011 Added by:Headlines
A new tool, developed by the NIST is intended to be a resource that organizations can use to support their risk assessment processes by identifying areas where security safeguards may be needed to protect EPHI, or where existing security safeguards may need to be improved...
Comments (0)
Healthcare Data Breach Response Best Practices
October 30, 2011 Added by:Christine Arevalo
Taking a PHI inventory, establishing an Incident Response Plan, meeting patients' real needs, and looking for the positive aspects of a data breach can all reflect your culture of commitment and caring. And that's the best practice of all...
Comments (0)
HHS to Start Auditing For HIPAA Compliance
September 14, 2011 Added by:Emmett Jorgensen
Despite both HIPAA and the HiTECH Act, healthcare data breaches have been popping up regularly. A recent study found over 70% of hospitals had data breaches last year. This has generated concern over Healthcare’s adoption of security procedures and the overall effectiveness of HIPAA...
Comments (4)
Information Security as the Doctor of the Enterprise
September 05, 2011 Added by:Robb Reck
Aren’t we in information security playing exactly the same role in our organizations that our doctor’s play in our healthcare? We evaluate, diagnose, and treat our patients, just like our doctors do for us. But our evaluations are called risk assessments instead of checkups...
Comments (1)
Medical Device Security in a Hospital Network
July 28, 2011 Added by:Danny Lieberman
Developing for embedded Linux is not copy and paste from Windows. It requires expertise to setup the basic infrastructure. But, once that infrastructure is up, the medical device developer and it’s hospital customer can be confident that they are standing on a secure platform...
Comments (2)
Privacy and Security Policies: A HIPAA-HITECH Checklist
July 24, 2011 Added by:Jack Anderson
"An important component of preparing for a potential HIPAA compliance audit is to complete a walk-through to make sure privacy and security policies and procedures are practical and effective..."
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox