October 28, 2014 Added by:Patrick Oliver Graf
From October 2009 through the present day, one industry alone has reported 900 different breaches. And none of those 900 were limited in their scope – in each, at least 500 individuals were affected. Who knows how many other smaller breaches happened, without public knowledge.
June 05, 2014 Added by:InfosecIsland News
To prevent costly breaches such as this one from happening, Netwrix Corporation suggests the following best practices every health care organization or insurance provider should implement and maintain to ensure HIPAA compliance.
February 04, 2014 Added by:Anthony M. Freed
U.S. intelligence agencies warned the Department of Health and Human Services that the Healthcare.gov may have been compromised by contractors from Belarus who worked on developing code for the network who are suspected of inserting malicious code.
January 27, 2014 Added by:Robb Reck
There is a natural tendency to lump security and compliance together. Intuitively it just makes sense right? The biggest compliance frameworks like PCI, GLBA, SOX and HIPAA are all looking to ensure that our security is up to snuff. In fact, if we do security right, compliance should come naturally, with very little additional technical work.
June 26, 2013 Added by:Mike Lennon
The Iowa Department of Human Services on Wednesday warned former patients at the Mental Health Institute in Independence and others, about a possible breach of their confidential information due to a lost backup tape.
Healthcare Interrupted - Top Five Vulnerabilities Hackers Can Use Right Now To Shut Down Medical Devices
June 24, 2013 Added by:Matt Neely
By performing penetration tests on hospital networks and medical devices, security researchers have found that many commonly used devices are insecure and can be easily compromised.
May 10, 2013 Added by:Steve Ragan
Before malware could become a threat to medical devices, Adam Ely said attackers would have to write malware specifically targeted to these devices and organizations; or the devices would have to adopt a standard platforms and software.
February 01, 2013 Added by:Danny Lieberman
In our previous post on patient privacy, we noted that patient data loss is a lot like planes disappearing in the Bermuda Triangle – no one really knows where the planes disappeared to, since the people on the planes never return to tell the story...
January 31, 2013 Added by:Rafal Los
Before you tell me that risk classifications are important, water is wet, the sun is hot and ice is cold, I'd like to remind you how many enterprises still do it poorly. I almost wish it was a simple as data telling you it's critical or not, but let's face it the game is very rarely that simple...
January 28, 2013 Added by:Danny Lieberman
It is no accident that the largest healthcare organizations have the highest rate of patient-privacy breaches. The old saying – “the bigger they are, the harder they fall” is true, but more than that is happening when it comes to patient-privacy breaches in America as a whole...
January 22, 2013 Added by:Danny Lieberman
After the sanity check with the team that constructed the threat scenarios, you and your HIPAA consultant need to calculate your Value at Risk. Calculating VaR will help shed light on where to save money and where to spend money...
January 05, 2013 Added by:Danny Lieberman
Patient data loss is a lot like planes disappearing in the Bermuda Triangle – no one really knows where the planes disappeared to, since the people on the planes never came back to tell the story. The same way we talk about patient data loss and never really consider how you can “lose” patient data and whether it can be “returned”.
December 17, 2012 Added by:Randall Frietzsche
We need a well-conceived set of administrative and technical controls - our policy, while still acknowledging that every living creature on the planet is organically attached to a smart device, must dictate that the user will follow the policy at risk of termination...
November 08, 2012 Added by:Danny Lieberman
Many technology vendors tout the idea of self management, and the advantages of mobile healthcare apps, virtual visits, tablets and e-detailing but in fact, a face-to-face relationship with a doctor is more powerful than a digital relationship alone. We don’t need Sherry Turkle to tell us that...
October 16, 2012 Added by:Danny Lieberman
If pharmaceutical companies can access data from patients, then they can design and manufacture better products. This is good for patient health but problematic for current regulation of patient privacy. There is no such thing as patient privacy once big commercial ventures like large pharmas get involved...
October 10, 2012 Added by:Danny Lieberman
For small to mid-size hospitals, nursing homes, medical device, healthcare IT vendors will have a much simpler audit and will be primarily interested in how cheaply the audit can be done and how much they can save using the technique of multiple threat analysis...
Why You Shouldn’t Use the OWASP Top 10 as ... Jessica Barden on 11-21-2014
Security or Checking a Box?... Fadvad FAscvax on 11-21-2014
Why Are We Failing at Software Security?... waqas nayyer on 11-21-2014