5,400 More: Providence Breach Highlights the Poor State of Data Security

5,400 More: Providence Breach Highlights the Poor State of Data Security

Providence Health and Services, an Oregon-based healthcare clinic, recently notified nearly 5,400 current and former patients that their medical data may have been exposed. A former employee reportedly accessed the medical records without “any apparent business need” between July 2012 and April 2016, according to a Providence media advisor. Affected information included demographic details, medical treatments, and possibly insurance data and Social Security numbers.

Providence_Health_&_Services_logo

The employee has since been fired in accordance with a corrective action plan, with the clinic noting that it didn’t believe any sensitive information was further viewed or disclosed.

Damage Control

Providence’s breach highlights one of the biggest problems plaguing healthcare as a whole—threat detection. With private information being transferred across multiple EMRs, external hard drives, and mobile devices daily, it’s becoming increasingly difficult for clinics to monitor all channels on which sensitive data travels. Add in human error and the complications that arise when data is handled by large teams of providers, and you have a security system that is vulnerable inside and out.

Breaches like the one recently reported in Providence can take months to detect, and in some cases, they may even take years. Unless a breach is detected immediately, unauthorized users have plenty of time to copy, transfer, or sell privileged information.

As part of its corrective action strategy, Providence is offering 24 months of free credit monitoring for all affected patients. Although damage control tactics like these are necessary after any instance of data loss, they do little to assuage the fears of patients worried about future information exposure. By the time the breach has occurred, it’s already too late.

A Measured Response

Knowing how to appropriately respond to breaches is the responsibility of all organizations handling sensitive data. In Providence’s case, the clinic didn’t believe that the data was exposed beyond the initial breach, and tailored its outreach accordingly.

The confusion following breaches makes large-scale damage control strategies difficult to apply at the drop of a hat, making it essential for breach response protocols to be in place before the damage is done. When strategies for breach prevention are incorporated into clinic policy through mandatory employee training, threat classification, and agile threat response, better security comes as a matter of course. To prevent breaches like the one affecting Providence, healthcare organizations need to build security into their infrastructure from the ground up.

Desh Urs iBridge LLCWritten by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge NewsletterUnderground eBook CTA

More Data Vendors Means More Data Risk, says EMC

More Data Vendors Means More Data Risk, says EMC

The future is hard to predict, and a new survey by EMC shows that the IT industry is ill-equipped to take on the challenge. According to the Global Data Protection Index, a survey of 2,200 IT professionals and decision makers across 18 countries, businesses are not prepared to tackle the emerging road blocks of data security.More Data Vendors Means More Data Risk, says EMC

Key statistics from the report include:

  • 18 percent of survey respondents predicted that their organization’s data security infrastructure could support future business challenges.
  • 10 percent said the opposite—their organizations were unprepared to handle emerging issues.
  • 34 percent admitted that their organizations could handle “some” future challenges.

The report also detailed the costs associated with unplanned system downtime. On average, a business can expect to lose $550,000 and 22 hours of employee labor during each down period. In addition, the losses compound as more data vendors are involved—businesses with four or more data vendors had to wait an average of 37 hours before all processes were restored.

Complex Data Environments

Why do multiple vendors make things so complicated? According to Michael Wilke, EMC senior director of marketing, Core Technologies, it all comes back to data. He explained that each vendor has its own strategies for deploying solutions and data protection, and as the number of vendors increases, the data environment becomes less transparent and harder to manage.

“Monitoring complex data protection environments becomes extremely difficult, making failed backups harder to detect and rectify,” he said.

Moreover, these backups are necessary for data security—EMC’s report found that hardware failure was the biggest cause of unplanned system downtime, followed by power loss, software failure, and external breaches. As EMC revealed, this downtime can significantly affect a businesses’ productivity and financial security, making it essential that organizations relying on multiple vendors have security solutions in place.

The Cloud Solution

Despite how unprepared many businesses seem, all hope isn’t lost. According to the research, cloud technology was a common and well-regarded solution for data protection. Of those surveyed, the majority utilized cloud recovery in some form:

  • 45 percent used cloud services for archiving and long-term data retention.
  • 33 percent used cloud services as a mobile device backup.
  • 21 percent relied on cloud technology for disaster recovery.

Though most businesses these days rely on the versatility of multiple data vendors, this flexibility comes at a cost. Each data vendor involved places the organization at greater liability. Moving forward, Businesses need to understand the risks inherent to sharing sensitive information, even with reputable data vendors, and try to prevent downtime, create backups, and utilize cloud storage should a problem occur.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge Newsletter10 Legal eBook CTA

Why We Need to Redefine eDiscovery and Information Governance

Why We Need to Redefine eDiscovery and Information Governance

The relationship between information governance and eDiscovery has been poorly defined in the legal world. Typically, legal firms view eDiscovery as a byproduct of forcible legal action; an individual process only addressed when a party “legally anticipates litigation.”

However, the mindset of viewing eDiscovery in a bubble separate from information governance costs businesses big in the way of inefficiency, over-collection, and disjointed organizational goals.

Defining the Relationship

Past models, such as the EDRM model, have been used to define the relationship between eDiscovery and information governance. EDRM represents information governance as a discipline that feeds into the eDiscovery process—a feature inherently misaligned with the mission of information governance.

The more recent IGRM model comes closer by including legal, compliance, IT, and business perspectives in the equation, but fails to show the full life cycle of information governance and its relationship to eDiscovery. Joining the two by presenting IGRM as the “other half” of the EDRM coin provides a clearer picture of process complexities, but still falls short by depicting eDiscovery as a natural progression of information life cycle.

Big Data Information Life Cycles

To truly define the relationship between information governance and eDiscovery, businesses must use technology to make sense of the noise and offer a clearer view of data life cycles. Organizations must first use this technology to help distinguish which data is transient and which data is necessary for business decision-making.

Why We Need to Redefine eDiscovery and Information Governance

Fortunately, data analytics and machine learning technology have progressed far enough to enhance efficiency of information governance processes, including categorization, improving access to data, and supporting data destruction under retention policies.

These analytic reviews should begin early in the information life cycle. As soon as information is created or received, analytics can automatically classify documents into categories based on content and prepare them for future analytic processing, even at scale. However, analytic technology alone can’t solve every business’s information woes. Analytics can’t be applied en masse to random data sets; processes for applying technology must be efficient and scalable to remain financially viable.

Above all, the long-term impacts of these analytics tools must be assessed, both on the business and individual user levels. Data security and privacy should remain a priority throughout these processes too—sacrificing security for the sake of efficiency is not a viable solution. With new models being devised and new technologies to apply, legal firms are in a good position to tackle the broader problem facing discovery: how to define the relationship between information governance and discovery in a way that leads to better efficiency throughout the data life cycle.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge Newsletter10 Legal eBook CTA

Data Security or Data Privacy? The Challenges of Regulating Personal Data

Data Security or Data Privacy? The Challenges of Regulating Personal Data

Data is a company’s greatest asset, but it can also be an Achilles’ heel when regulatory compliance isn’t met.

Though policies for data security are rising due to the increased prevalence of cybercrime, laws dictating how companies can control user data are less regulated. Policies surrounding data privacy have traditionally been under-prioritized, with many legal firms not understanding the distinctions between data security and data privacy. Matters are compounded further when regional variances in data policy come into play.

Defining Data

How data is handled depends on how it is defined—law denotes a distinction between what is considered “sensitive” data and “personal” data.

Personal data is defined as any information that can identify an individual directly or indirectly. Sensitive information is a subset of personal data, defined as information that can only be taken and collected locally if mandated by law. Personal data is more tightly regulated and the focus of most privacy legislature.

Privacy Regulations

Keeping compliant with personal data privacy regulations becomes a significant challenge when international business enters the picture. Legal requirements protect personal data from being collected, used, processed, shared, or transferred in specific global and regional jurisdictions.

Data Security or Data Privacy? The Challenges of Regulating Personal Data

“…If you run legal operations of a company in the U.S., it does not mean you have the right to access data in a foreign jurisdiction.” Said Sheila Fitzpatrick, data privacy expert working with the US government and council of the European Union.

The problem stems from the complexity of data management in each region—local jurisdictions have their own laws that must be adhered to, no matter where the business is conducted. According to Fitzpatrick, transparency is key:

“You need to collect data that you absolutely have to have to run the business … you need to understand what you are using that data for. You need to be very clear about why you are collecting that data and what you plan to do with that data. There is no implied consent.”

Data privacy is subject to several other unique regulations too, chief among them the “Right to be Forgotten” mandate. Part of this legislation denotes how companies have an eventual legal obligation to delete user data unless it has a legal hold protecting it.

Although data security is well-established, data privacy is still undervalued in the legal world. The increasing globalization of e-discovery and the legal world will require more regulations concerning cross-border e-discovery, data ownership, and how to ensure both information security and data privacy for all users.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge Newsletter10 Legal eBook CTA

Privacy Survey Highlights the Poor State of Data Security

Privacy Survey Highlights the Poor State of Data Security

Risk management remains a priority for legal firms across the world, but new research is showing just how unprepared many industries are to take on the challenge.

Privacy Survey Highlights the Poor State of Data Security

Guidance Software performed a data risk and privacy survey on a variety of industries, including government firms, IT industries, and financial services. The respondents, primarily security executives and security analysts, shed light on the current state of information security and how they felt security should be handled moving forward:

  • 48 percent reported feeling unprepared to identify and protect sensitive information from data breaches, mishandled devices, or human error.
  • Despite this lack of confidence, 46 percent believe that protecting sensitive data is a top priority.

How data security should be handled was addressed.

  • 69 percent feel that it’s important to systematically delete obsolete or outdated information.
  • 55 percent are most worried about private or sensitive data residing on servers or endpoints.
  • Over 37 percent feel that a risk management solution for regulatory and policy compliance is important for data security.

Security Solutions

With so many respondents reporting discontent with the current state of data security, it makes sense that legal firms are hungry for solutions.

Risk management software lets organizations understand the flow of sensitive data, from the time of creation to its eventual endpoint throughout the workflows of each industry. These workflows include file creation, email sharing, transmission to multiple devices, and storage in databases. Without dedicated data management software, each of these points of contact creates multiple vulnerabilities that can be exploited.

Enterprise software protects data throughout every step of its use and ensures that information practices comply with external regulatory bodies, such as HIPAA.

Building a Culture of Security

Software data security through risk management platforms is the first step of total information governance. To ensure true data security, the most significant security variable present in any enterprise must be addressed—employees.

According to IBM’s 2014 Cyber Security Intelligence Index, 95 percent of all security incidents involve human error. Legal firms must mitigate employee mishandling of information by creating protocols governing data use. Across email, mobile device communications, and file transfers on external storage systems, employees must follow defined rules that dictate how they handle sensitive data.

The effort required to implement these protocols will be substantial at first, but security practices can be refined over time to better align with the workflows of each organization. This will ensure that efficiency isn’t lost while trying to secure data. When legal firms have a strong culture of security backed by risk management software solutions, data breaches and information loss will become concerns of the past.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge NewsletterUnderground eBook CTA

6 Considerations for Your Email Security Solution

6 Considerations for Your Email Security Solution

With email still holding a prominent place in the world of communication, businesses can’t afford to take email security lightly. Basic encryption is essential, but the wealth of services available for email security offer a wide range of benefits beyond basic features.

6 Considerations for Your Email Security Solution

Keep these six considerations in mind before purchasing email security software:

1. Outlook Encryption

Microsoft Outlook includes a basic encryption feature, but most businesses find this security method to be onerous. Both parties must have the public key certificate to encrypt and decrypt messages, which is time-consuming when applied to large enterprises.

2. Recipient and File Parameters

For maximum efficiency, your email security software shouldn’t require the recipient to download their own version of your software. In addition, the chosen solution must accommodate the largest files your enterprise may send. Both will help reduce the chance that users will be forced to choose less secure transfer methods to work around software limitations.

3. Security Features

The goal of all encryption software is security, but not all email security solutions are created equal.

Although software that includes multiple verification methods, policy-based encryption, and SSA 16 Type II certifications are the standard, you must ensure the included features offer protection for both emails in motion and emails at rest. Email providers should encrypt emails to keep them secure if an interception occurs during transfer. On the storage side, solutions should offer storage in company-owned infrastructure that limits access to encryption keys.

4. The User Experience

While quality email solutions must first and foremost secure data, they must also prioritize the user experience.

On the sender side, the encryption process should be simple—one-click encryption, email tracking, and receipt notices are essential. Making this process easy increases adoption rates across your enterprise. For email recipients, attachment retrieval should be simple and without the need for additional downloads. Complexity and cumbersome processes reduce adoption and frustrate users while a straightforward user experience accelerates building a corporate culture of security.

5. Mobile Integration and Adaptability

The email solution should be flexible and ideally integrate with the programs users are already familiar with. Most security programs have mobile applications that have secure portal access via your Internet browser. With more business conducted on mobile devices these days, mobile email security is essential.

6. Administrative Customization

Once you’ve researched the must-have security features, your final choice may come down to how customizable you want your email security system to be. Competitive encryption solutions offer advanced options to tailor the email platform to each business or individual user. Digital signatures, automated messaging, or adding your brand logo are all bonus features that can give your security solution an edge. Identify and deploy an email solution, which allows for easy customization, one-click ability to secure communication and claw back and true traceability and intelligence.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge NewsletterCTA-Email-Encyption-eBook-1024x443

5 Reasons Why Legal Firms Must Prioritize Digital Documentation

5 Reasons Why Legal Firms Must Prioritize Digital Documentation

Paper documentation in the legal world is quickly going the way of the rotary phone.

ICO recently reported that legal data security breaches increased from three to four percent last year, with most arising from loss, or theft of paperwork. With the drawbacks of paper documentation increasing, legal firms that have no digital transformation strategy are missing several advantages that digital documents offer.

1. Better Productivity

Digitally searchable documentation can save tremendous amounts of time and worker productivity. Did you know that employees in information-based industries spend an average of 11.2 hours per week creating and managing documents? Worse yet, six are wasted by the inefficient burden of transferring and filing paper documents, hours that could be saved if digital documents were the norm. The inefficiencies of paper filing add up quick.5 Reasons Why Legal Firms Must Prioritize Digital Documentation

The productivity benefits of digital documentation are twofold: digital documents are searchable by variables, such as title or keyword, and can be instantly accessed. They also let multiple users review and amend them at once, saving the time and hassle of physical document transfer between parties.

2. Streamlined Communication

Digital documentation allows faster communication among workers. Any user with an Internet connection can access documents stored digitally in the Cloud, or sent through email. This creates streamlined messaging among parties working on the same project and allows businesses to display real-time updates to clients who have access to the project.

3. A More Mobile Approach

With the legal world becoming increasingly mobile, digital document systems leverage the rise of mobile use by letting lawyers work wherever their phones are. With Cloud-based project management, folders and documents can be shared regardless of geographic location. There’s no worrying about the transportation of physical documents, or concerns about letting papers fall into the wrong hands.

4. Cost Savings

Digital documentation can be an effective way to optimize a physical workspace. Many offices have storage rooms full of old paperwork and files. Digital systems free up space, and can be a lifesaver for small offices with little real estate to spare. 

5. Going Green

Despite the digital push, legal firms are still printing up to 10,000 pages per month. This creates a significant environmental impact on the community. Digital strategies negate the need for large-scale printing and provide a necessary boost to corporate sustainability and the local environment.

Data Security Concerns

Despite the well-documented benefits of digital strategies, many legal firms are reluctant to take the plunge due to their fear of poor digital document security. How can you protect your online information?

Fortunately, digital information governance is affordable and easy to deploy these days. Data security firms can work with legal departments to ensure ironclad digital security for their privileged information, helping firms correctly recycle and destroy their outdated paper files. Taking these security steps will ensure that legal departments are kept safe during their transition to digital documentation.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge Newsletter10 Legal eBook CTA

Visual Hacking a Growing Concern for Healthcare, Reports 3M

Visual Hacking a Growing Concern for Healthcare, Reports 3M

Despite the push towards data security and information governance, data breaches can occur where you least expect them. Though encryption software and more secure firewalls have shown success at preventing internal data breaches, another threat is looming on the data security landscape: “visual hacking.”

Low-Tech Hacking

Visual hacking involves capturing confidential information from digital screens by using smartphones, discrete cameras, or plain sight. Compared to complex coding backdoors and malware infection, visual hacking is relatively low-tech, but that doesn’t mean it isn’t a concern for healthcare organizations tasked with controlling sensitive data.

Imagine the opportunities for visual hacking present in locations as basic as healthcare clinics. Offenders can snap photos of your information as you fill out your medical record, eavesdrop on your conversation with staff, and once they enter the actual clinic, use silent, high-powered zoom cameras to discretely record any instances of unsecured patient data. With just a few clicks of a button, healthcare organizations can suffer data breaches that may cost them millions.

Visual Hacking

Though protecting confidential data from prying eyes has always been a concern in the healthcare field, new mobile camera technology is giving offenders more tools than ever before. A 3M sponsored hacking experiment with the Ponemon Institute found that a white hat hacker could visually hack sensitive information in 88 percent of attempts.

3M’s campaign against data loss helps IT and security professionals better address their security vulnerabilities. According to Gartner, IT security spend reached $75.4 billion in 2015, but this increase in security funding will do little to prevent the rise of low-tech hacking methods.

Preventing Visual Hacking

Healthcare providers must try to prevent data loss from visual hacking:

  • Using applications to mask high-risk data, particularly when accessing data from mobile and public locations.
  • Creating a corporate culture of security that prioritizes visual security—all staff must know of the growth of visual hacking and why all data must be stored behind authentication or privacy filters.
  • Limiting logins to necessary locations will help prevent the number of access points where data breaches may occur.

There’s no simple strategy to fight visual hacking, but healthcare organizations that understand the risks and challenges associated with visually securing private data are one step ahead in the game. Data security across all channels is an ongoing struggle that healthcare providers must be prepared to face.

Desh Urs iBridge LLC

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge NewsletterUnderground eBook CTA

Healthcare under Attack: The Need for Device Security

Healthcare under Attack: The Need for Device Security

Although we typically imagine the U.S. Food and Drug Administration as protectors of dietary and medicinal products, their outreach is expanding to the realm of cybersecurity.

Two of the biggest cybersecurity threats existing today involve malware and unintentional employee infections of confidential systems. These threats can compromise delicate medical devices and threaten the health of the users relying on them.

Healthcare under Attack: The Need for Device Security

In response to this emerging threat, the FDA is making medical device security a top priority. A collaboration by the FDA and the medical security focused MITRE Corporation is working to address existing vulnerabilities in medical devices to cyberattack. This approach involves better stakeholder engagement on critical issues and conducting in-depth interviews across the country to help develop a “roadmap” of medical device vulnerability. The end goal of this project, says FDA director of emergency preparedness, Suzanne Schwartz, is to establish a trusted ecosystem where security and vulnerability information can be collected, analyzed, and shared. According to Schwartz, the FDA has faced several challenges in this process:

  • Defining basic responsibility for device cybersecurity
  • Understanding device vulnerabilities for basic users
  • Knowing the challenges manufacturers face trying to address security issues
  • Reviewing expectations and accountability for manufacturers that must demonstrate their security protocols across each product’s lifespan

Addressing each of these concerns has been a primary goal of the FDA’s security strategy over the past few years.

The Need for Security

Device security relies on cooperation from multiple organizations. Both healthcare delivery organizations and device manufacturers must prioritize device security throughout each step of development and use. Healthcare organizations face constant threats from hackers trying to gain access to their privileged data. While electronic health records and hospital security infrastructure has improved, medical devices themselves have traditionally lagged behind.

MITRE’s contribution to the FDA’s initiative involves adapting the existing Common Vulnerability Scoring System to apply to medical devices in clinical settings. This assessment protocol accounts for considerations unique to each device and provides stakeholders with actionable data to be used in shaping the future of device security. The FDA and MITRE are addressing these loopholes to prevent future medical devices from being compromised and to establish protocols for better device security in the coming years.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge NewsletterUnderground eBook CTA

8 Cybersecurity Trends the Healthcare Industry Must Pay Attention To

8 Cybersecurity Trends the Healthcare Industry Must Pay Attention To

As emerging technology changes the landscape of information security in healthcare, health organizations must ensure that their policies stay up to date to protect the privacy and security of patient information.

According to a joint study conducted by Information Security Media Group and email data security company, Zix Corp., many healthcare organizations believe they are meeting this goal—but key findings of the survey highlight the unpreparedness that many organizations face, and reveal several developing trends for healthcare providers to know of.

1. Awareness of Emerging Threats

Over a quarter (28 percent) of survey responders agreed that while hackers are a significant threat, the bigger security risk comes from in-house employees failing to meet basic security standards. Proper training of personnel is essential for HIPAA compliance.

2. Shifting Priorities

While the U.S. Department of Health and Human Services (HHS) is prioritizing EHR interoperability, survey responders indicated that other issues were of more concern:

  • Increased regulatory compliance
  • Better security awareness and training
  • Prevention and detection of breaches
  • Updating business continuity/disaster strategies
  • Monitoring HIPAA compliance of associates

3. Mobile Protection

Lost or unencrypted mobile devices are often the culprit behind data breaches. The best way to avoid unauthorized access is to keep privileged data off mobile devices when possible, and to maintain good security practices when mobile use is unavoidable.picjumbo.com_HNCK2614

4. Restrict Data Access

Increased regulation for data access is necessary to improve security. This includes multi-factor authentication and encryption of remotely-accessed data, and restriction of who has access to confidential information.

5. Better Risk Assessments

Thorough assessments of risk are necessary for HIPAA compliance. These audits typically result in updated and revised security practices, including the use of new security technology and educational initiatives.

6. No Cloud Confidence

Only 64 percent of survey respondents store data in the cloud, reflecting a fear of unauthorized remote access of privileged data. Only one-third of respondents claimed confidence in their vendor’s security standards.

7. Better Security Strategies

While security frameworks and policies are essential to information privacy, survey responders revealed that 40 percent of organizations still lack a documented security strategy.

8. Trained Staff

With the prevalence of IT breaches that occur in-house, proper training of staff is essential. This includes appointing a chief information security officer to oversee IT security, preferably an employee knowing security issues in healthcare and security auditing experience.

At iBridge, security is a serious topic and we continue to learn and provide information to the industry at-large. If you have a question about HIPAA assessments, compliance requirements and other security topics, feel free to contact us.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge NewsletterCTA-ICD-10-eBook-1024x443