![]() But two of the most important aspects of good security are fairly inexpensive: risk assessment and employee training.” “Combine this with budgetary constraints, and the situation can start to look dire for healthcare IT. Security is not simple, and it’s hard for folks who are technically inclined,” Myers tells HMT. “I don’t believe they’ve failed as much as they are poorly understood and implemented by many health IT organizations. Lysa Myers, Security Researcher, ESET North America, refrains from blaming federal regulations exclusively. Reviews are mixed on whether to attribute the breaches to the inability of HIPAA and HITECH to protect against them, the inability of healthcare organizations to defend against them by implementing necessary software improvements, or the inability of controlling human behaviors – such as the loss or theft of computer devices, unauthorized access to data, improper disposal of records, or hacking – or even some combination of the above. Looking back at the proliferation of healthcare organization data breaches within the last 18 months raises questions about probable causes. In this first installment of a multi-part series on the state of healthcare data security measures, Health Management Technology focuses on the effects of HIPAA and HITECH on the process of preventing and protecting from IT breaches. How much help have HIPAA and HITECH really provided for healthcare organizations against hacksters and hacktivists? Or is it unfair to point a finger at federal regulations alone? Some activists argue that HIPAA and HITECH focus more on getting patients to give their consent for healthcare organizations to share their information in a secure environment rather than on the security measures themselves, making the issue more of a matter of trust in the system than on the systems in place. Wasn’t the Health Insurance Portability and Accountability Act of 1996 and its privacy rule, along with the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH), supposed to deflect and repel this? In fact, “more than 50 percent of the 2014 totals were caused by hacking attacks, including a 4.5 million patient record breach” at a Tennessee hospital group, the report stated.Īlmost concurrent with Redspin’s study, Lockheed Martin commissioned its own cybersecurity survey that found a majority of IT leaders, including healthcare organization professionals, by and large feel “ill-equipped to handle escalating cyber threats.” In fact, Lockheed Martin found that on average about a third of business and government IT respondents “relied on their intuition or logical deduction rather than data or intelligence” to assess their security levels and justify their beliefs, according to the study.įurther, more than half of Lockheed Martin’s survey respondents felt that “malicious insiders” and more than one-third felt that “negligent insiders” represented the greatest perceived cyber threats revealing “the most significant network vulnerability facing their organization.” Last year alone, healthcare organizations reported 164 PHI breaches to the Department of Health and Human Services Office of Civil Rights, which involved nearly 9 million patient records and represented a 25 percent increase over 2013 statistics, according to Redspin. During that five-year period, which stopped short of Anthem’s IT intrusion, “more than 40 million Americans suffered a breach of their personal health information,” Redspin reported.Apparently, the allure to poke through seemingly impenetrable firewalls and generate revenue from the illegally accessed and collected data outpaces regulations, sophisticated software products, and staff self-control there to stop it. Redspin, which provides “penetration testing and healthcare IT security assessment services,” released its 2014 Breach Report: Protected Health Information (PHI) in late February that outlined and analyzed healthcare data breaches from 2009 through 2014. ![]() ![]() Witness January’s intrusion into health insurer Anthem’s information technology systems, where “hacksters” reportedly gained access to 80 million company records.Īpparently, the allure to poke through seemingly impenetrable firewalls and generate revenue from the illegally accessed and collected data outpaces regulations, sophisticated software products, and staff self-control there to stop it. Somehow, and for some reason, healthcare organizations represent an attractive target for cyber attackers hell-bent on demonstrating their hacking cleverness and creativity. Lysa Myers, Security Researcher, ESET North America Rob Sadowski, Director Technology Solutions, RSA Asaf Cidon, CEO and Co-Founder, Sookasa David Holtzman, J.D., CIPP, Vice President, Compliance, CynergisTek Art Gross, CEO, HIPAA Secure Now!, ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |