2017 is here, and, like any new year, promises both opportunities and challenges. The question is, what will we do with it? Will it be a year of great progress, one of marking time, or worse yet one of falling further behind? Meeting the cybersecurity challenges of the future is a job for leaders. There should be no doubt that healthcare institutions are under attack on a regular basis now from external threats, while continuing to face the insidious abuse of insiders. As the old saying goes, “they have it coming and going.”
Based on recent news and the headline of this article, you are likely expecting this will be a discussion of the irresponsible actions of the MedSec and Muddy Waters organizations that outed St. Jude Medical by disclosing vulnerabilities in the medical devices they make. Certainly this is not something I condone or support as the right path to an acceptable end, as it raised fears in the people using those devices, gave the criminal element harmful information and quite possibly
Let’s look seriously and objectively at the dangers inherent in maintaining current systems of user privileging Sam was just another network engineer assigned to the server team at the hospital. Each engineer had two sets of credentials, one with and one without elevated privileges, and they had all been told not to use the one with privileges when just accessing the network or routine services such as email. But Sam always liked to do things his own way, and saw
The modern healthcare ecosystem is all about data and what we can do with it, which is why Data Loss Prevention (DLP) tools should be on everyone’s list of priority solutions to implement. I used to say that DLP solutions paid for themselves based on their ability to control exfiltration, and therefore reduce the risk of breaches, but these solutions are becoming far more important than that. DLP tools have the ability to help users take control of information and
Last week, the Brookings Institute published a very well-written report that accurately illustrated the current threat environment and identified the specific issues that seem to continue to plague healthcare in its efforts to fight cyber incidents. The shame of it was there was no ‘new’ news. In fact, this week seemed like deja vu as Larry Ponemon published his sixth annual report on healthcare cybersecurity, which unfortunately, reflected a lot of the same issues as last years, or even the last
When I was a kid just about everyone had a sandbox, and if you didn’t, you wanted a friend who did. Sandboxes were great terrain to fight your toy soldiers on and for building off-road tracks for your Matchbox cars. That of course is not the sandbox I’m talking about today, but the analogy with respect to having one – or wanting one – could very well be one in the same.
I’ve not spoken to a single security professional, meaning someone who carries the experience, training and certifications to be called a CISO, who believes that they can adequately protect the healthcare organization they serve by simply being compliant with HIPAA. It’s time we let the air out of that balloon. The last couple of years, and in particular last year, showed everyone that data security in healthcare was no longer for the faint of heart. Securing healthcare today is the
Written by Mac McMillan, FHIMSS, CISM | February 15, 2013 The final statement in the Attestation that Healthcare providers have to sign says it all. “I certify that the foregoing information is true, accurate and complete. I understand the Medicare/Medicaid EHR incentive program payment I requested will be paid from Federal Funds, that by filing this attention I am a claim for Federal Funds, and the use of any false claims, statements, or documents, or the concealment of a material fact