Rochester Medical Center Breach!


New York State attorney general fines Rochester Medical Center for having a non-existent information security training program. An employee of the Medical Center released patient information to her future employer without gaining permission from the patients. Obviously, this is a huge infraction according to the HIPAA Security Rule.

Often we mention implementing an information security program into firms, and while security awareness training is a huge part of that program, often training is left out. If you secure every aspect of your technology, this does not ensure end to end security as information technology is only 45 percent of information security, if not less in other industries.

Having a sound information security plan will cover employees, IT Staff, executives, third parties, etcetera. This hospital should look to review their security program and solidify the weak areas before the fines begin to mount in other areas.

For more information, please contact The Knox Corps!


Featured Posts
Recent Posts
Archive
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
  • Facebook
  • LinkedIn Social Icon
  • YouTube Social  Icon
  • Twitter Social Icon

CREDENTIALS

 

_MS, Information Security

_CISSP

_CCIE Security

_Certified Information Privacy Profesional (CIPP/US)

_Cisco Intrusion Prevention Specialist 

_CNSS

_FBI InfraGard

 

The Knox Corps. All Rights Reserved.