This past week I attended the largest Health Care Conference, HIMSS (Healthcare Information and Management Systems Society), along with over 40,000 fellow health professionals in Orlando, Florida.
Today, I want to share many of the significant points that were made in the all-day Cybersecurity Symposium:
Health IT professionals are in great demand
Repeated theme throughout the day: "healthcare is behind in IT Security"
Cybersecurity breaches have increased over 125% in the last five years
Between 2014-2016 healthcare has seen increases in
-Threats of DOS up 83%
-Phishing up 250%
-Spear Phishing up 22%
Protection of healthcare data begins at the top leadership in C-Suite or Ownership
All organizations, no matter their size must have a robust plan for IT Security with an emphasis on Cybersecurity
“It's all about people, the people, processes, the processes, and the processes"
The greatest vulnerabilities in order are:
-Social Engineering (people)
-Internet of Things (people)
-Deferred maintenance (people)
-Patch Management (people)
-Co-mingling of devices (co-mingling- people)
Best practices that were discussed for incorporating into your IT platform were:
- Ensuring policies are in line with your actual processes
- Review your processes for any inconsistencies
- Mandatory security training
- Have a Breach and Response playbook
- Incorporate appropriate levels of system access
- Audit, audit, audit
- Physical security access controls
- Embrace guidance through NIST (*National Institute of Standards and Technology)
As a healthcare consultant, I was fascinated to hear Healthcare IT professionals still debating and discussing what should be common place within IT Security, in a room filled with CIO’s (Chief Information Officer) and CISO’s (Chief Information Security Officer).
Judith is an accredited Certified HIPAA Professional (CHP). As the owner of JAL, Judith is your subject matter expert providing guidance to organizations within HIPAA, GLBA, False Claim and other regulatory agencies. Judith provides reasonable and appropriate compliance policies, procedures within your Compliance Program. As a guru in compliance, Judith delivers compliance employee training programs, and participates in educational speaking engagements for the industries who handle Protected Health Information. To read more about the world of compliance subscribed to JAL’s insightful newsletter at www.jalconsultantsaz.com.
Personal Information Collected Online
•Personal Information means personally identifiable information such as information provided via forms, surveys, applications or other online fields including name, postal or email addresses, telephone, fax or mobile numbers, or account numbers.
•Before or at the time of collecting personal information, JAL will identify the purposes for which the information is being collected.
•JAL will collect and use personal information solely for the purpose of fulfilling specific contracted engagements or for other compatible purposes, unless consent is obtained from the company and/or individual concerned or as required by law.
•JAL will retain personal information as long as necessary for the fulfillment of a specific contract or for a specific purpose.
•JAL will collect personal information as deemed lawful and where appropriate with the knowledge and/or the consent of the individual or company.
•Personal data should be relevant to the extent of necessary purposes and should be accurate, complete and up-to-date.
•JAL will protect personal information by reasonable safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
•JAL will make readily available to customer’s information about our policies and practices relating to the management of personal information. Terms and Conditions
JAL is committed to conducting our business in accordance with these principals in order to ensure that the confidentially of personal information is protected and maintained. By accessing this website, you are agreeing and bounded by these Website Terms and Conditions of Use, all applicable laws and regulations. If you do not agree with these Terms and Conditions, you are prohibited from using or accessing this website. The materials contained in this Web Site are protected by all applicable copyright and trade mark laws.
Our Online Notices are subject to change. Please review it periodically. If we make changes, we will revise the “Last Updated” date at the top of this Notice. Any changes will become effective the date the revised Notice is posted on the Site.