John LeBrecht, deltarisk.com, December 7, 2017
Managing risk across an organization requires a lot of different things: setting strategy, determining tolerance, defining metrics. These are critical in your overall risk management efforts, and even more so in information security. But where do you begin? There’s no denying it can feel like a daunting task. It’s hard to make sure that information is available when needed while keeping it safe from people who want to steal or destroy it. However, it’s easier if you use a methodical and easy-to-follow system.
Elizabeth Snell, healthitsecurity.com, January 2, 2018
Without the right healthcare cybersecurity roles being filled at covered entities, it can be more difficult for organizations to ensure that sensitive data remains secure. Along with CISOs, privacy officers, and compliance officers, entities must ensure that all staff members are properly trained in the latest cybersecurity trends. A recent survey indicates though that healthcare might not be putting enough of a focus on cybersecurity needs.
Bernie Monegain, healthcareitnews.com, December 26, 2017
When it comes to technology investments, health systems executives are looking for projects with a high impact. That means cybersecurity is at the top of their to-do lists. Health systems are more likely to invest in proven solutions that offer immediate impact on clear and present dangers such as cybersecurity threats, rather than investing in newer technology, such as artificial intelligence and wearables, new survey shows.
Jessica Davis, healthcareitnews.com, December 20, 2017
The U.S. Department of Health and Human Services security controls need improvement, and there are flaws in its configuration management and access controls, according to a new Office of the Inspector General report. The report was restricted and did not list specific flaws, but it’s just the latest in a series of reports that highlight the agency’s flawed security.
Meg Bryant, helpnetsecurity.com, December 20, 2017
Providers have also been slow to adopt cybersecurity best practices, the survey shows, with more than half (54%) of respondents conceding they don’t routinely conduct risk assessments. Despite a growing number of cyberattacks on hospitals and health systems, 92% of healthcare leaders said cybersecurity and the threat of a breach is not a major focus with their board of directors. And just a fraction said funds are being budgeted for cybersecurity in 2018.
Ken Terry, medscape.com, December 12, 2017
More than four in five US physicians (83%) have experienced some form of a cyber attack, according to new research released today by the American Medical Association (AMA) and Accenture. Fifty-five percent of the 1300 physicians who responded to the AMA/Accenture survey were very or extremely concerned about future cyberattacks in their practice. Physicians were most concerned that future attacks could interrupt their clinical practices (74%), compromise the security of patient records (74%), or affect patient safety (53%).
Luis Castillo, forbes.com, December 28, 2017
It is universally acknowledged that frequent hand washing can prevent the spread of infections — and yet, there are health care workers who don’t wash their hands. The use of motorcycle helmets can dramatically reduce the chances of head trauma during accidents, but over 25% of people don’t wear one while riding. This same pattern emerges when it comes to cybersecurity in the health care space. Health care organizations can take several straightforward measures to preserve cybersecurity, but hospitals and health systems do not always follow these protocols.
Lauen McKenna, deltarisk.com, December 14, 2017
Cloud security is a hot topic lately, and for good reason. As more businesses have migrated to the cloud, there have been more data breaches. In our recent webinar, Flying Blind: 2017 Cloud Configurations Gone Wrong, cloud security experts John Hawley and Mike Piscopo detailed several of the worst misconfiguration disasters we’ve seen this year. Among the data breach incidents we covered in our webinar, there were several in the Amazon Web Services (AWS) Cloud.
Elizabeth Snell, healthitsecurity.com, December 27, 2017
Following recent research showing that 83 percent of physicians report they have experienced a cybersecurity attack, AHIMA released a healthcare cybersecurity action plan to assist entities in preparing for potential threats.
Implementing an information governance program will be critical, AHIMA stressed. A holistic approach to data security can greatly assist organizations of all sizes work toward keeping sensitive information secure.