This month’s theme is security strategy & operations. Some questions include: what makes a good cybersecurity strategy? What policies and procedures should you have in place to ensure your employees, customers and sensitive data remain safe?
If you believe John Trinckes in How Healthcare Data Privacy Is Almost Dead … and What Can Be Done to Revive It! (Auerbach Publications 978-1498783958), the healthcare industry is running on the information security equivalent of life support.
Perhaps no other industry has so much highly personal data than the healthcare sector. And it’s likely that no other sector has been as derelict in protecting that data. The sector has had over a billion medical records exposed via more than 5,000 data breaches. Trinckes writes that he thinks the healthcare industry is about 10-15 years behind other industries when it comes to information security, data protection and privacy.
In the book, Trinckes deals with the many problems that healthcare organization deal with around data protection. Much of it is since organizations in the sector simply lack the budget, resources and staff to ensure their information security requirements are met.
Trinckes does a superb job of stating what the problem are in the industry. He collects an abundant amount of sources around data breaches and how the healthcare industry is severely lacking when it comes to information security. In each area, he is proscriptive about what the industry needs to do to fix itself. But he does not give enough attention to the many details that need to be done to do that.
For those looking to understand the depth of the information security problems within the healthcare industry, Trinckes makes that eminently clear. The book is a good launching pad for those in the healthcare industry to finally get their hands onto those issues called information security and privacy.
This is a Security Bloggers Network syndicated blog post authored by Ben Rothke. Read the original post at: RSA Conference Blog