[ Tuesday, June 10, 2014 ]
Guest Blogger: As you know, I occasionally allow a guest blogger or two to provide different perspectives. Here's one:
Health IT Lag
by Michael Sculley, VP of Marketing, PracticeSuite
BitSight
Technology, a security rating firm, reports that the
healthcare industry needs to take a lesson from the recent data breaches
experienced by Target and eBay. The BitSight report, “Will Healthcare Be the
Next Retail?” warrants close attention. It analyzed security breaches and
response times of four different industries: Pharmaceuticals and healthcare
(healthcare), utilities, retail and finance.
The study
was conducted for the year between April 1, 2013, and March 31, 2014. All
sectors experienced security incidents. Finance had the fewest incidents and
the fastest response time, about three-and-a-half days. Retail and utilities
both responded in about four days. Healthcare had more security incidents, yet
came in last in response time. It took five full days to respond to security
breaches.
The fewest
breaches and best response time was in the financial industry. That industry
takes cybersecurity very seriously and goes beyond doing what is legally
required. It takes extra steps to ensure the security of data. It also readily
provides warnings to other industries whenever it becomes aware of potential
security threats.
Unfortunately,
neither healthcare nor pharmaceuticals view cybersecurity as seriously as they
need to. It apparently has not received the appropriate attention from
executives at the higher levels. Both industries need to spend more money and
provide greater compensation for its data security professionals.
The two
industries are in compliance with HIPAA regulations, but spend barely enough
money to meet the requirements. Unfortunately, just because they are compliant
does not mean they are secure.
The
Bitsight report is similar to a recent SANS Institute
report.
That report emphasized that the healthcare industry has lagged far behind in
its cybersecurity and warns that measures need to be taken to reduce risks.
Breaches have become so frequent that the U.S. Department of Health & Human
Services (HHS) is imposing heavy fines for a health care organization that has
a compromised Internet-connected device.
The
failure to take proper cybersecurity precautions can be expensive as the New
York-Presbyterian Hospital recently discovered. HHS imposed a $3.3 million fine
on the hospital. This is the largest penalty ever imposed for use of a
compromised server in the health care industry.
____________________________
You can reach Michael at
msculley@practicesuite.com.
PracticeSuite offers billing, practice management, and other medical software products.
Jeff [3:36 PM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template