10 Ways To Strengthen Healthcare Security - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Healthcare // Security & Privacy
News
8/26/2014
10:06 AM
Alison Diana
Alison Diana
Slideshows

10 Ways To Strengthen Healthcare Security

As recent hacks show, keeping a healthcare organization safe from security threats takes planning, technical expertise, and business knowledge. Has your team taken these 10 steps?
1 of 11

1 of 11
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
progman2000
50%
50%
progman2000,
User Rank: Ninja
8/28/2014 | 7:51:20 PM
Re: CSO?
Eh, I don't know, still sounds like CIO to me.  Although I will concede that certain industries probably warrant it (thinking Banking and Healthcare), although even then I still think it's someone who reports to the CIO.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 2:57:15 PM
Re: So easy even a CEO can see it
Oh, absolutely, Henrisha! We've all made silly mistakes, I'd bet. It's one reason automation and rules are so important. Forcing users to change their passwords every X months, for example, and forcing them to use eight characters, including at least one capital, one number, and one symbol could well eliminate the potential of duplicating another site's password. That's just one example of using technology to override our natural inclination to take the easy way out and use the same Password123 for every single site we visit!
Henrisha
50%
50%
Henrisha,
User Rank: Strategist
8/27/2014 | 2:00:28 PM
Re: So easy even a CEO can see it
Regardless how many trainings and workshops you let people attend, some will still commit errors and mistakes nonetheless. It's part of being human but sometimes that can just throw the system.
Henrisha
50%
50%
Henrisha,
User Rank: Strategist
8/27/2014 | 1:38:55 PM
Re: Healthcare security
True. Employees' inadvertent mistakes can often cause so much damage and problems. It's unfortunate but sometimes you have to remove and just take out the human factor, and you can see the number of errors go down with automation as well.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:38:19 PM
Re: Healthcare security
Absolutely! It's one reason a CSO is so important. They should either be strong in governance or, depending on the organization, work with lead counsel on these efforts to ensure data policies and guidance are strong -- and followed.
Alison_Diana
100%
0%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:37:03 PM
Re: CSO?
I can see why the thought of another c-level might appear unnecessary but who is responsible for security if not a CSO? The CIO? Well, the CIO already oversees everything IT -- and security isn't only tech-related. The CFO? Security should not be ruled by finance, otherwise money talks and security measures walk. The CEO? They have enough responsiblities already? And we know what happens when anything is ruled by committee! The problem with having a lower-level person rule security is it doesn't get enough visibility or leverage, and requests flounder. So I stick by that recommendation, a recommendation I picked up from many security professionals. And it's a great goal for security execs who aspire to the c-suite.
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
8/27/2014 | 12:34:25 PM
Re: So easy even a CEO can see it
Exactly! Surely you'd want a chief SECURITY officer to be expert in security. Healthcare experience will come. This exec certainly is motivated to learn the ins and outs of the business -- and even if someone knows one hospital, each facility has its own nuances and workflows anyway!
Stratustician
50%
50%
Stratustician,
User Rank: Ninja
8/27/2014 | 9:42:42 AM
Re: Healthcare security
Let's not forget the staggering 68% of incidents caused by outsiders!  That's quite a staggering statistic! This means there are lax controls around identity and access management.  Between this risk and Data Loss Prevention from loss/theft, it's easy to see that there are a lot of gaps in policies relating to how data is used, accessed and stored.
progman2000
50%
50%
progman2000,
User Rank: Ninja
8/27/2014 | 7:19:57 AM
CSO?
Just what the business world needs, another C-level position that will make more money than me.  I can kind of see the logic but so many organizations are top heavy as it is, is concocting another high level position really the answer to this problem?  Most hospitals are spread razor thin as far as budget to begin with...
pcharles09
50%
50%
pcharles09,
User Rank: Ninja
8/27/2014 | 12:17:51 AM
Re: Healthcare security
@Alison,

More importatnly, automation prevents users from screwing things up or being too 'creative' with tasks.
Page 1 / 2   >   >>
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll