Healthcare

Business partners, outsourcers, service providers or consultants — companies regularly make use of outside resources to handle business functions. In our 24/7, always-online business environment, these outside resources are often granted access to internal IT, whether through minimal access via an externally-available email account, though a vendor portal, or via a VPN tunnel. Such access granted to outsiders effectively extend an organization’s security “attack surface.” How well is that...

The Health and Human Service (HHS) Department’s Office for Civil Rights (OCR) recently settled with two organizations for a combined $1,975,220 penalty after their unencrypted computers were stolen. As the two most recent data breach settlements, this sends a strong message about the importance of endpoint security in healthcare. Concentra Health Services (Concentra) has agreed to pay OCR $1,725,220 to settle potential violations following the theft of an unencrypted laptop...

For small to medium sized healthcare organizations, the US Department of Health & Human Services (HHS) Office for Civil Rights (OCR) just teamed up with the Office of the National Coordinator for Health Information Technology (ONC) to create new security risk assessment (SRA) tool to help with HIPAA compliance. HIPAA requires that covered entities conduct a risk assessment of their healthcare organizations, something that smaller organizations struggle to do....

Following the breach at Medicentres, where a stolen laptop of a Medicentres IT consultant led to the breach affecting 620,000 patients, there has been a renewed discussion on the importance of endpoint security in healthcare. The stolen Medicentres laptop contained the unencrypted personal health information of 620,000 Albertans, including names, dates of birth, health card numbers, billing codes and diagnostic codes. The laptop was stolen in September, 2013 and...

According to the fourth annual Patient Privacy and Data Security report compiled by Ponemon, data breaches in 2013 went down slightly, but the real change comes in the 100% increase (over 2010) in attacks on healthcare systems. Given the rise in the value of healthcare data to criminals, with a $50 street value for medical identities (over $1 for a SSN), it is not surprising that criminals are being...