"If you're not doing the right things on managing vulnerabilities, it doesn't really matter what other kinds of sophisticated things you do - that's the baseline for security," says BeyondTrust's Marc Maiffret.
Business associate agreements should not be a dumping ground for healthcare entities to make demands on their vendors with provisions that go beyond specific HIPAA privacy and security regulations, says attorney Gerry Hinkley.
As 10 regional health information exchanges in New York become interconnected into a statewide network, consistency in core privacy and security policies is proving essential, says David Whitlinger, executive director of the statewide initiative.
A George Mason University research fellow says the cybersecurity framework, issued earlier this year by the National Institute of Standards and Technology, is likely to cause more problems than it solves.
Verizon's latest annual breach report shows that Web application attacks increased more than malware-fueled point-of-sale intrusions in 2013, says analyst Dave Ostertag, who provides an overview of the report's findings.
Although access to electronic health information is expanding to more users, including patients, many healthcare organizations are still reluctant to use advanced methods of authentication, says Jeff Cobb, CISO at Capella HealthCare.