We have all heard about the reported data breaches and the effects these breaches have had on individuals whose information was breached.
According to a survey conducted by the Medical Identity Fraud Alliance, healthcare organizations are reportedly spending more on updating software to detect both fraud and breaches. Additionally, healthcare organizations are placing greater emphasis financially on their security and their workforce. Even with these enhanced efforts by the healthcare industry, the company, Accenture reported that the medical industry stands to lose over $305 billion in cumulative lifetime revenue due to cyberattacks.
Technology, processes and people are required within the Security Safeguards of the Health Insurance Portability and Accountability Act (HIPAA).
Security Awareness and Training
Security Incident Procedures
Business Associates Contracts
In recent breaches, there are indicators which point to the lack of controls and management within the organizations of their technology, processes and their people.
Mark McLaughlin, CEO of Palo Alto Networks Inc., wrote an article, “Prevention: Can it be done?” In the article, he states“the executive team has a duty to ensure their technical experts are managing cybersecurity risk. Under the executive leadership, it is very important that there should be continued improvement in organizational processes for security.”
McLaughlin goes on to state; “many of the attacks that are being reported today start or end with poor processes or human error,” people must be continually trained regarding identifying cyberattacks and the appropriate steps to take in the event of an attack. The sharing of personal information by employees on social networks is an easy way to target the workforce in sophisticated phishing attacks. It is important that technology, processes, and people are coordinated, and that workforce training to be done on a regular basis. McLaughlin suggests that the business community, along with other organizations, share cyberattack patterns and information with each other close to real time. With this combined intelligence, the number of successful attacks would be dramatically reduced.
Implementing the strategy of communicating in real time to other like businesses and organizations could possibly cripple the cyber attackers. The attackers would then need to custom design and develop unique attacks each and every time that they wish to attack a target. McLaughlin states “this would significantly drive up the cost of a successful attack and force attackers to aggregate resources in terms of people and money, which would make them more prone to becoming visible to law enforcements and governments.”
On a personal note, I am very grateful for allowing me to be a part of your lives through my blogs. I’ve met some wonderful people because of them, and I feel there are important memories that are tied to them. I am grateful for the gift of each of you, as if you are reading this, you are alive, and that is a gift. Thank you for allowing me to be a part of your world.
Here’s wishing you the gift of peace and prosperity throughout 2016.
Personal Information Collected Online
•Personal Information means personally identifiable information such as information provided via forms, surveys, applications or other online fields including name, postal or email addresses, telephone, fax or mobile numbers, or account numbers.
•Before or at the time of collecting personal information, JAL will identify the purposes for which the information is being collected.
•JAL will collect and use personal information solely for the purpose of fulfilling specific contracted engagements or for other compatible purposes, unless consent is obtained from the company and/or individual concerned or as required by law.
•JAL will retain personal information as long as necessary for the fulfillment of a specific contract or for a specific purpose.
•JAL will collect personal information as deemed lawful and where appropriate with the knowledge and/or the consent of the individual or company.
•Personal data should be relevant to the extent of necessary purposes and should be accurate, complete and up-to-date.
•JAL will protect personal information by reasonable safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
•JAL will make readily available to customer’s information about our policies and practices relating to the management of personal information. Terms and Conditions
JAL is committed to conducting our business in accordance with these principals in order to ensure that the confidentially of personal information is protected and maintained. By accessing this website, you are agreeing and bounded by these Website Terms and Conditions of Use, all applicable laws and regulations. If you do not agree with these Terms and Conditions, you are prohibited from using or accessing this website. The materials contained in this Web Site are protected by all applicable copyright and trade mark laws.
Our Online Notices are subject to change. Please review it periodically. If we make changes, we will revise the “Last Updated” date at the top of this Notice. Any changes will become effective the date the revised Notice is posted on the Site.