Although there's plenty of talk about cybersecurity threats involving devious international hackers, the real threat to the security of healthcare information, I believe, is staff members who aren't paying enough attention to the little details. The Gartner Group's John Pescatore said it well in a recent interview:...
A risk analysis should not be an annual event, but rather an ongoing process that's revisited whenever a healthcare organization adds or changes any application. That's the advice of Kenneth Bradberry, vice president and chief technology officer at ACS, a consulting firm recently acquired by Xerox.
Ghosts of Crimes Past and Present Will Haunt the Future of Banking Institutions and Customers
"The more things change, the more things stay the same." This old saying holds true when it comes to the different types of fraud hitting financial institutions.
In 2009, institutions were hit from every angle with...
Faced with the threat of much stiffer penalties for data security violations and ramped-up enforcement at the federal and state levels, many hospitals are just starting to pay serious attention to security, contends security consultant Kate Borten. But they must go far beyond investing in new technologies to develop...
How do CIOs at community hospitals, which have limited resources, address data security challenges, such as compliance with the privacy and security provisions of the HITECH Act?
Charles Christian, CIO at Good Samaritan Hospital in Vincennes, Ind., also serves as the defacto chief security officer, dividing up...
The number of identity fraud victims increased 12 percent to 11.1 million people in 2009 -- the second consecutive annual increase. At the same time, the total amount of fraud also increased by 12.5 percent to $54 billion.
These are the headlines of the newly-released 2010 Identity Fraud Study by Javelin Strategy &...
Hospitals and other healthcare organizations need to identify data security breaches "in a much more systematic way" to help ensure the privacy of personal information. That's the advice of Lisa Gallagher, senior director for privacy and security at the Healthcare Information and Management Systems...
In 10 years as a security compliance officer, Christopher Paidhrin has seen his role broaden as information security has become an even higher priority at Southwest Washington Medical Center in Vancouver, Wash.
Today, Paidhrin is more involved in policy development. He's also pushing to improve awareness of the...
The recent news that Nexus One smartphone owners were unable to send or receive data is just a precursor to what security experts say is the next big threat to mobile phones and services - mobile malware.
According to Dr. Markus Jakobsson, a noted security expert in the field of phishing and crimeware, mobile...
Khalid Kark, vice president at Forrester Research, recently wrote an in-depth report on healthcare information security in which he described five key principles.
In an interview, Kark discusses each principle, including:
Take a risk-based approach and look beyond regulatory compliance, focusing instead on...
(Part two of a four-part series)
The HITECH Act provides strong new incentives for healthcare organizations to create comprehensive data security plans and train their staffs on how to keep personal health information secure.
Every IT vulnerability survey of the past 10 years has had the same item at the top of the list: internal personnel our so-called trusted workers. Billions of dollars, countless vulnerability assessments, thousands of innovative security solutions later, and we still haven't moved the trusted worker off the top of the...
Completing security risk assessments for a long list of applications and providing information security training to its entire staff are two of the top priorities for 2010 at Johns Hopkins Medicine, one of the nation's largest academic medical centers.
In an interview, Stephanie Reel, vice president for information...
Hospitals and physician group practices that want to get incentive payments from Medicare and Medicaid for using electronic health records must use software that meets new federal "certification" standards. And those pending standards require the software to offer encryption and an access control mechanism.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.