HIMSS 2018 – Take Aways

I attended the national HIMSS 2018 conference in Las Vegas a few weeks ago.  43,000+ roaming loose in Vegas, primarily in a few hotels and the Sands Expo Center.  It was mayhem.  I attended the Cyber Security Symposium all day Monday.  Six sessions focused on cyber security and best practices.  I then attended the keynote speech by Eric Schmidt, the CEO of Alphabet, the parent company of Google. Tuesday was primarily more sessions and a few minutes out in the expo "acres" wandering around trying to ...

Cloud or Not-to-Cloud; The Allscripts Breach

Allscripts’ Electronic Health Records service was the first major cloud-based EHR to be significantly disrupted by a ransomware attack.  Close to 1,500 practices were affected by the EHR outage for about a week; essentially shutting down those practices.  Allscripts was hit by the SamSam virus which was launched in December 2016, crippling two of their North Carolina data centers.  Angry customers voiced their displeasure on social media and a class-action lawsuit has been filed. Hackers have been r ...

Why your Meaningful Use SRA is not enough

Many covered entities had a high level Security Risk Analysis (SRA) performed to "check the box" for meeting the Meaningful Use requirement.  The HHS OCR has now performed enough audits, however, to know that a risk assessment isn't enough - Covered Entities need to take corrective action. With MACRA and HIPAA both requiring an SRA and HIPAA requiring a prioritized list of risks, corrective action plans, and a risk management process, it's time to have a proper risk assessment performed and take cor ...