Some of you may be becoming numb to the reports of data breaches that seem to hit the headlines almost every week now. Are we developing a mindset that these breaches are just going to happen and that they are just part of business in the digital age? Boy, I sure hope not! Because I care about my personal data, the data of my family members and really everyone’s data. I fear the day that we become accepting of breaches as a business norm.
I read a lot of articles everyday from a variety of sources – blogs, industry press, etc. I really appreciated Matthew Schwartz’s article in Information Week covering lessons learned from the Zappos breach this week. It was nice to see an acknowledgement of the preparations and risk management steps that were in place, as well as the opportunities for improvement that exist for Zappos going forward. It was also really nice to a simple, straightforward presentation and discussion of the points. At CynergisTek, it is a core value to make security “accessible” to our clients, to relate security efforts to the business and to the people that make that business run. For us, we are usually talking about hospitals, clinicians and the critical support staff that, 24 x 7 x 365, make healthcare happen. Anyone can read Matt’s article, learn from it, and take something away from it, as an individual or as an organization.
Some of our healthcare clients might challenge the fact that Zappos or Amazon are a relevant reference point for them, that the business of retail is nothing like the business of healthcare. For me, it always comes back to the ultimate arbiter – the denominator that is THE DATA and our responsibility for it. I would argue that our industry assumes the stewardship for a much more significant amount of sensitive data than retail so the call to action or the sense of urgency to establish the technical safeguards and processes is even greater.
I don’t want to sound like a broken record, but there are things, even smaller things, that healthcare can do, which is why I really had an affinity for this article. There are absolute takeaways for our industry here so read it. Benchmark your current safeguards and processes against some of the positive attributes of Zappos’ program and response. Then, make a plan to make ONE aspect of your breach risk mitigation program better.
We say it all the time in healthcare…”An ounce of prevention…” We need take a healthy slurp of our own koolaid!
Enough of my musings, read Matt’s article here: