January 17, 2019

Please reload

Recent Posts

Company's should treat the Disease of Cyber and not symptoms!

May 6, 2015

1/2
Please reload

Featured Posts

Company's should treat the Disease of Cyber and not symptoms!

Wednesday, May 6, 2015

 

Healthcare Systems are treating the Symptoms

& Not the Disease of Cyber Threats

 

 

The first quarter of 2015 has yielded a large number of cyber threats and open vulnerabilities in the healthcare industry.

 

The trend has steadily increased from 2010 and will only continue to climb as the healthcare industry continues to become further entrenched in technology – everything from electronic medical records to HIPPA compliance to payment card information to be more exact. In fact, during the passed few months, New York Presbyterian and Columbia University were forced to enter into settlements totaling $4.8 million dollars surrounding the “availability” of all patient data being accessible by the public.

 

More recently, UMASS Memorial Medical Center discovered that one of its employees accessed and used personal identifiable information, credit card data and other patient information throughout his 12-year tenure for his personal use.

 

These stories are just two symptoms of a cyber threat disease that is poised to become a pandemic.

 

Much the same way a lay person is confident that an antibiotic will cure whatever ails them, it appears that healthcare organizations are approaching risk mitigation by only treating risks that other healthcare systems have been susceptible to without realizing the damage they are doing to themselves by addressing the problem with an ill-conceived solution.

 

One could argue that this theory would make sense to quick-fix information security and data personnel. For example, if an entity falls short in laptop encryption, the exposed entity’s business neighbor would encrypt their laptops and feel some sense of security or accomplishment.

 

Relying solely on other organizations shortcomings to remediate similar gaps in your business does not make your business secure. In fact, it makes the business even more exposed by giving business leaders a false sense of hope. There are no shortcuts and quick fixes to securing your data and business. While you may mitigate one issue and feel secure in that specific sub-segment, the harsh reality is you have only mitigated one of one thousand or even more security vulnerabilities in your business.

 

The first step any organization should conduct is to cease reading the horror stories, stop remediating risk by pinpointing other healthcare organizations publicized shortcomings and look to a seasoned Chief Security Officer with my big three requirements. The requirements are ECF - experience, certifications and a former executive background.

 

Please reload

Follow Us
Please reload

Search By Tags
Please reload

Archive
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
  • Facebook
  • LinkedIn Social Icon
  • YouTube Social  Icon
  • Twitter Social Icon

CREDENTIALS

 

_MS, Information Security

_CISSP

_CCIE Security

_Certified Information Privacy Profesional (CIPP/US)

_Cisco Intrusion Prevention Specialist 

_CNSS

_FBI InfraGard

 

The Knox Corps. All Rights Reserved.