Are you Cyber Confident?

In our conversations with healthcare practice managers and CIOs - whether at small-to-medium practices, dental offices, outpatient facilities, or hospitals - we've found that few leaders feel confident in their organization's ability to protect against and respond to cyber threats. Managers of smaller organizations have told us "It's like a monster out there just waiting to get us, and there's nothing we can do about it."  Even CIOs at larger organizations who feel confident about having the right technolo ...

HIMSS 2018 – Take Aways

I attended the national HIMSS 2018 conference in Las Vegas a few weeks ago.  43,000+ roaming loose in Vegas, primarily in a few hotels and the Sands Expo Center.  It was mayhem.  I attended the Cyber Security Symposium all day Monday.  Six sessions focused on cyber security and best practices.  I then attended the keynote speech by Eric Schmidt, the CEO of Alphabet, the parent company of Google. Tuesday was primarily more sessions and a few minutes out in the expo "acres" wandering around trying to ...

Overcoming Organizational Roadblocks to Cyber Security 

In many organizations, cyber security is perceived as one of those “important-but-not-urgent” issues that keep getting put off in deference to the pressing issues of the day – insurance denials, staffing, readmissions, patient no-shows, supply shortages…the list goes on.  It’s not that organizational leaders are doing nothing. In most organizations, the basic pieces, such as a HIPAA-compliant EHR, firewall, anti-virus software, and staff training, are all in place. It is these very safeguards ...

Cybersecurity and The Endless List of Compliance

I recently wrote about insurance companies raising the bar on business to protect their valuable data to acquire cyber liability insurance.  But, it's not just insurance companies that are raising the bar. Governments around the globe are now requiring all types of companies to be compliant with some type of standard to better protect the data they possess.  What many people don't realize is these standards are all based on the protection of personal/private/confidential/sensitive/valuable informatio ...

Internet of Medical Things:  Real Security Threat or Hype?

For decades, healthcare medical devices functioned as freestanding tools. Glucometers, lasers, infusion pumps, pressure monitors, neonatal incubators, heart monitors – each serving its unique function independently of the others. With the widespread implementation of electronic health records (EHRs), however, and the push for increased digitization of health information, these devices have increasingly been networked into the patient information ecosystem.  They now transmit PHI between a myriad of syste ...

HIPAA Compliance is a Business Decision

A couple of weeks ago, I was talking with a technology vendor who is starting to move into the healthcare space. Their technology isn’t used in the creation or manipulation of patients’ protected health information (PHI), but they do store information on behalf of healthcare organizations that could potentially include PHI. They wanted to know, “Are we required to comply with HIPAA?” Technically – yes. On the other hand, there are hundreds of healthcare organizations and healthcare vendors who act ...

The Most Common Mistakes in Cybersecurity are Preventable

Many of the issues we see in cybersecurity, whether you are in healthcare, retail, finance, etc., are by and large preventable. It is not about having a big budget or a large team of experts. No, some of it is just common sense. It is not unlike driving a car. When driving a car you take several basic, yet important, steps to try and lower your risk of an accident. You look both ways at a stop sign, you drive safely to avoid losing control, you keep your car in working condition, and just in case you are in ...

The Equifax Data Breach – What You should do to Protect Yourself!

Stealing headlines from Hurricane Irma was the revelation that Equifax experienced a major data breach during the summer.  Equifax is one of the “big three” credit monitoring services and therefore the data they collect on each of us is broad and deep.  They estimate that data for 143 million people -  nearly half the population of the United States – has been stolen! What does this breach mean for you?  Your financial history and ability to buy a home, new car, or even get healthcare could ...

Thank Goodness! NIST says, “No more difficult passwords!”

Just when you thought all hope was lost of remembering your 16 character password with upper and lower case letters, numbers, and special characters; NIST comes to the rescue. That's right!  The National Institute of Standards and Technology wrote a brief addendum to SP 800-53 which simplifies Strength of Memorized Secrets.  You and I refer to those "secrets" as passwords.  It's a light read, only 50 or 60 pages.  I don't really know because I didn't want to print it and kill four trees.  Anyway, the ...

Cybersecurity: It’s a healthcare risk issue

Wannacry may be the best thing that has happened to the healthcare industry in a long time. It brought to light just how terrible a job the industry does in protecting patients from identity theft.  That's what it means to lose a patient's protected health information or PHI. PHI is now a currency on the black market.  It is worth over a 100 times the value of a credit card record.  If you're a covered entity (healthcare plan, healthcare clearing house, or healthcare provider) or a business associate ...

1 2 3 4