Do you talk to your neighbor? This is a question which should be asked of every CISO within the healthcare community (and for those entities which don’t have a CISO, ask the question of the individual to whom you have entrusted the architecture or support of your network).
No longer is it an option to ‘go it alone.’ Your IT team may indeed by the brightest, most creative and energetic team on the face of the earth, but they aren’t experiencing everything. Learning from the experiences of others is key. Keeping abreast of the changing land upon which your infrastructure is built is a requisite.
Accountability in the Healthcare Industry
In the United States, the Health Insurance Portability & Accountability Act of 1996 (HIPAA) rules and regulations, accompanied by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 lay down the bare minimum in security and privacy expectations. These are table stakes to handle patient information.
And in 2017, the US Department of Health and Human Service (HHS), Office for Civil Rights (OCR) has shown that HIPAA has teeth. But before we get into how big a bite the OCR may take out of your hide if you have a breach and are found to be out of compliance, let’s take a brief look at what’s happening around us right now.
When Obsolete Systems Lead to Breaches
Ask yourself this: have you discussed internally the ramifications of running your practice or hospital with machines and operating systems which long ago reached their end of life (EOL)? Amazing as it may sound, there remain thousands of Windows XP systems in use, yet XP reached EOL more than three years ago – April 8, 2014, to be exact.
On Friday, 12 May 2017, the UK National (Read more...)
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Christopher Burgess. Read the original post at: https://threatmatrix.cylance.com/en_us/home/learning-from-others-and-ourselves.html