Because so many healthcare organizations are growing through mergers and acquisitions at a time when cyber threats are multiplying, effective access control is becoming increasingly important - and more complex, says Joe Meyer of the security consulting firm NCC Group.
Balancing the need to prevent unauthorized access to patient data with the desire of clinicians to have easy access to records means that multifactor authentication must be carefully implemented, Meyer says in an interview at the HIMSS17 conference in Orlando. Many physicians may need access to data at multiple facilities where they treat patients, he notes.
Often after a merger, a thorough assessment of the access controls and other breach-prevention technologies being used at the individual entities is lacking, the consultant says. "There needs to be better due diligence" to help ensure that security controls are properly implemented in all newly acquired facilities, he stresses.
In the interview (see audio link below photo), Meyer also discusses:
- Evolving types of attacks involving ransomware and other kinds of extortion;
- Access challenges involving medical devices, patient portals and electronic health records;
- The most important steps that healthcare entities can take to improve their overall data security.
Meyer is director of risk management and governance, North America, at NCC Group. Previously, he was a director of security risk consulting firm Coalfire's healthcare practice in the Northeast, a senior manager of consulting services at Solutionary, and held information security officer and director roles at West Corporation, Pfizer and AT&T Local Services.