It's impractical for organizations to ban staff members from using personally owned devices for work or to avoid having a formal BYOD policy, says Peter Swire, a former presidential adviser on privacy issues.
Intermountain Healthcare deserves praise for its gutsy leadership on information security. It's calling attention to the value of thorough risk assessments, acknowledging its need to improve security and developing best practices to share.
Collecting massive amounts of data on individuals, whether in the government or private sector, has become the norm in our society. It's not quite Orwellian, but it's a situation we might have to learn to live with.
As they develop mitigation strategies, organizations must keep in mind that all cyber-attacks, ranging from DDoS to phishing, ultimately aim to compromise data - and they virtually all are advanced and persistent.
With promises of ramped up HIPAA enforcement by federal regulators, and changes in the breach notification rule under the HIPAA Omnibus Rule, it's time for organizations to get serious about insider risks.
What can U.S. and European organizations learn from Asia-Pac about advanced mobile tech and increasing cyberthreats? That's a question I hope to answer while in Singapore for RSA Conference Asia Pacific 2013.
Healthcare organizations need to assess and mitigate security risks for medical devices just as diligently as they do for other information technology, says Sharon Finney, data security leader at 44-hospital Adventist Health System.
Attacks aimed at mobile devices are progressing much more rapidly than any attacks ever waged against PCs. Organizations are in danger if they don't pay attention, says anti-phishing expert Dave Jevans.
As CIOs are asked to assemble more data to demonstrate their organization is providing high-quality care at a lower cost, their role in ensuring privacy and security is evolving, says technology specialist Harry Greenspun, M.D.
Encryption is an important breach prevention tool. But to make the right decisions about how to apply encryption, healthcare organizations should take four specific steps, says security expert Feisal Nanji.
A new advisory panel will help federal regulators craft a risk-based regulatory framework aimed at ensuring patient safety as the use of EHRs, wireless medical devices and other health IT continues to expand.