Sony Pixel Power calrec Sony

Managing Cyber Security reats to Personal Heal Information by John Lynn

21/10/2016

One of the challenges that keeps healthcare leaders up at night more than any other is managing cyber security threats to health data management. Unfortunately, there have been a variety of recent incidents in which patient records have been stolen. As EMR & HIPAA reports, research has shown that attackers have recently stolen at least 600,000 patient records. In addition, an increasing number of hospitals are being struck by ransomware attacks, according to HealthcareITNews. This is a large, growing problem that is only going to get more complex and challenging. As such, there's little doubt that managing cyber security threats to personal health information has become a number one priority for nearly every healthcare IT organization.

Protecting health information can be a difficult task, especially as the healthcare industry continues to get pushed into being more open and connected with its use of technology and data. While connected IT systems can be great for lowering healthcare costs and improving patient care, they also come with a slew of security challenges.

No Bulletproof Solution So what can an organization do to protect itself against hacking, phishing, malware and ransomware? Unfortunately, there's no bulletproof solution that will ensure that you're 100 percent secure. As a healthcare leader, you should focus your efforts on two main risk areas: your team and your partners.

In order for you to truly protect the personal health information in your care, you need to invest money in firewalls, anti-virus and encryption. One of the biggest vulnerabilities you must manage is your people. It's crucial to ensure that all of your employees have a deep understanding and vested interest in the security of your organization. Unfortunately, a culture of security doesn't happen overnight and it's not easy to create. Leadership at all levels must come together to ensure that cyber security is considered and implemented throughout the organization. After all, the chief security officer can only be in one place at one time, but the organization as a whole can identify, fix and report potential cyber security threats that exist.

Beyond your own team, your partners can be a major risk to the security of the patient health information you collect. Many of these partners are moving to the cloud, which comes with many advantages, but also presents new cyber security threats. As such, it's important to make sure that your partners have signed business associate agreements and that they are following through with good HIPAA practices.

Trust, But Verify Unfortunately, many healthcare organizations stop there; they file away the business associate agreement and move on. However, this assumption that business associates will comply with HIPAA and implement effective cyber security efforts is a flaw that presents a tremendous risk to organizations. When ensuring that your partners are securing your health information effectively, it's good to follow the old adage, Trust, but verify. As you verify your partner's efforts to secure your health data and comply with HIPAA, you shouldn't be afraid to ask the company to show (versus tell) you what they're doing. After all, just because a partner says they're compliant doesn't mean they actually are compliant. It's important to remember that you are still held equally responsible for data that is stored at a partner's facility. As such, you may even want to assign someone in your organization to be specifically responsible for your partners' security and privacy efforts.

Breach Response While mitigating these risks will be two massive steps in the right direction, breaches are still almost inevitable. Along with working to manage cyber security threats to your organization, it's important to have a solid plan of attack for when a breach does occur. At the core of any crisis is a great communication strategy and that's never more true than when a cyber security incident occurs. As such, you need to have a plan in place for communicating your strategy to providers, patients, partners, the media and IT professionals.

Along with great communication, you need a well-thought-out and robust backup and business continuity strategy. These strategies are particularly important in cases of ransomware incidents that can leave your systems locked down when a breach occurs. Ask yourself the following questions: Where are your backups stored? How quickly can they be restored? Have you tested them to make sure they can be restored? Do you have an onsite and offsite backup? How often are you creating a backup? Thorough backup and business continuity planning can ensure your organization minimizes system downtime when a breach occurs.

In light of recent healthcare breaches, the industry has begun to wake up to impending cyber security risks. However, most healthcare organizations can make more of an effort to create a culture of security and privacy amongst their teams and their partners, and they should make these changes now, before it's too late.
LINK: http://blogs.ironmountain.com/2016/industry/healthcare-information-man...
See more stories from ironmountain

More from Iron Mountain Entertainment Services

14/06/2017

HIMs in the Driver Seat: Accelerating Data Integrity Efforts by Michelle Urban

Early on in EMR implementation it was all about getting up and running to realize the incentive payments offered by the government. How could legacy information...

14/06/2017

SMB Tax Season: Would Your Business Pass an IRS Audit? by Melissa Cantarow

If you run or work at a small business, you know there are many perks. From the close relationships to the opportunities to take on new skills and roles, there&...

14/06/2017

Are You Looking for Custom Kitting Solutions? Then Look No Further by Leslie Barton

Custom kitting can be viewed as the process by which your business touches pro...

29/03/2017

Leading the way to data quality by Karen Snyder

This year's Healthcare Information and Management Systems Society (HIMSS) Annual Conference had another record-setting year for attendance, with over 40,000...

28/03/2017

Leading the Way to Quality Data by James White

Having worked in Health Information for over 39 years, I recently had an opportunity to speak with Health Information students at Cuyahoga Community College. Th...

09/03/2017

AWS Outage Shows How Little Control Cloud Users Have by Nadine Dias

On Tuesday, February 28th, Amazon Web Services (AWS) had a service disruption that affected its Simple Storage Service (S3) which supports over 150,000 websites...

07/03/2017

Custom Kitting and Booklets: Cut the Clutter and Make a Good Impreion by Leslie Barton

I don't know about you, but I'm just way too busy these days. When I ask...

01/03/2017

What ds Trump s Dodd-Frank Reform mean for Banking and Financial Services? by Shawn A. Brazeau

The Dodd-Frank Act is currently being reviewed by the Trump administration in an...

28/02/2017

Do Your Point of Purchase Displays ATTRACT Customers? by Leslie Barton

In a competitive retail environment, creative use of point of purchase displays can set you apart from the dull roar of conventional installations. Manufacturer...

16/02/2017

Join the ranks of Heal IT profeionals standing up to #makeHITcount every day! by Elia Robins

Imagine a seamlessappointment with your health provider: Even with a last-minut...

14/02/2017

Treating the Old Wounds of Transition to Advance Value-Based Care by Michelle Urban

ARRA. HIPAA. Meaningful Use. Value-based Care. MACRA. And so it goes The only th...

09/02/2017

Meaningful Use and MACRA-Positive Change by James White

As a Healthcare Information management (HIM) professional for the past 40 years, I have experienced the transition of the paper medical record to today's mo...

08/02/2017

IG Solutions - It s A New Day for Records Retention Schedules! by Craig Grimestad

Companies often struggle with numerous issues when developing and administrating...

06/02/2017

Ds Healcare Care About Clinical Quality Improvement? by John Lynn

We face a big challenge in healthcare. A doctor's success is largely not dependent on the quality of care they provide a patient. We won't dive into the...

03/02/2017

Holy MACRA! by Karen Snyder

A lot has been written about the Medicare Access and CHIP Reauthorization Act, better known as MACRA, since it was published in October 2016. The intent of this...

31/01/2017

Destination: Value-Based Care by Nancy Twombly

Despite all predictions on the future of our healthcare delivery system, healthcare is - and will continue to be - one of the key drivers in our economy. While ...

27/01/2017

Data privacy in the IoT Era by Paul Gillin

It's appropriate that this year's Data Privacy Day (January 28) takes place just three weeks after the giant Consumer Electronic Show (CES). CES is an a...

13/01/2017

5 Top IT Predictions for 07: Which Technology Trends will Impact You? by John Boruvka

This is certainly the time of year for predictions, forecasts, and trends, so we...

05/01/2017

Are you using our Escrow Management Center to your Advantage? by Nadine Dias

As an Iron Mountain technology escrow customer, you have access to our online portal in Iron Mountain Connect called the Escrow Management Center. We hope all ...

05/01/2017

Retention Schedules To Purge or Not to Purge and When? by Linda Joshua

When developing a retention schedule and looking at the legal research that supports it, there are laws and regulations that set minimum periods that must be ad...

30/12/2016

What happens when your Source Code is released from Escrow? by Nadine Dias

You may know that technology escrow (also known as software escrow) is a best practice for safeguarding your software source code in case there is ever an issue...

23/12/2016

The Psychology of Records Management: Energize Compliance with Technology by Craig Grimestad

This is the last of a 7 part series on energizing compliance. The last? I though...

29/11/2016

Mergers, Acquisitions & Divestitures: Managing Information and Risk by Mark Emery

Mergers, Acquisitions and Divestures (MA&D) happen for many reasons - to create ...

18/11/2016

Concerned with Busine Continuity? Understand Software Licensing Risks. by John Boruvka

If you're concerned with business continuity in your company, it's impor...

18/11/2016

Evaluating Your Storage Options: Tape or Cloud by John Sharpe

Over the past few years or so, data protection has trended towards the Cloud. But that doesn't mean tape is dead-far from it. Today's forward-thinking o...

04/11/2016

A Millennial s Impreion: My first Gartner Conference by Nadine Dias

I was the oddball millennial at the recent Gartner IT Financial, Procurement & Asset Management Summit in Grapevine, Texas. As one of the few millennials at th...

21/10/2016

Managing Cyber Security reats to Personal Heal Information by John Lynn

One of the challenges that keeps healthcare leaders up at night more than any other is managing cyber security threats to health data management. Unfortunately,...

17/10/2016

The consequences of data hoarding by Paul Gillin

At some point during the past decade, storage costs crossed a threshold that made it cheaper and easier for organizations to keep data than to throw it away. Th...

08/10/2016

Why Hackers Love Small Businees

Typically, when a data breach makes the headlines it involves a well-known brand with deep pockets which might give you a sense that hackers are only interested...

05/10/2016

Records management best practices: In 40 characters or le by Karen Guglielmo

Records management is a complicated job. RIM professional work hard every day to take their company's R and I and M the heck out it. So we took to Twi...

30/09/2016

Building a Framework for the Future of Federal Information Management by Lisa De Luca

The information landscape is constantly changing, especially for government. Fed...

30/09/2016

Care Continuum And the Internet of ings by Simon Morrell

I was once part of the Internet of Things. A sensor on my sneaker linked to a tiny computer on my wrist. When I plugged the computer into my laptop the battery ...

30/09/2016

Is Your Busine Prepared for a Cyberattack? by Eileen Sweeney

September is National Preparedness Month and a good time to think about whether your company is ready. Companies can improve preparedness by being proactive - r...

28/09/2016

The Psychology of Records Management: Energize Compliance with Forcing Functions by Craig Grimestad

With what? Never heard the term Forcing Functions used in Records Management (...

16/09/2016

A Virus Backup Plan: Responding to a Terrible, Horrible, No Good, Very Bad Day by John Sharpe

Extortion. Ransom. International crime syndicates. No, this isn't a descript...

16/09/2016

How can procurement help an organization master information risk? by Amy Perras

There is a tendency for discussions about information risk to focus exclusively on the dangers organizations find themselves exposed to and potential disasters ...

15/09/2016

Why is procurement so critical to minimizing information risk? by Amy Perras

In today's business environment, no organization can afford to ignore information risk. The consequences of an information related catastrophe, whether it&#...

23/08/2016

The 4 Levels of Verification: Verify Your Developer s Compliance by Nadine Dias

Once you have made the decision of whether or not you need technology escrow, ha...

22/08/2016

The Standard is the Standard: ISO 700 & Law Firms by Brianne Aul

This past June, our Pittsburgh ARMA chapter toured Heinz Field, home to the Super Bowl LI Champion (you heard it here first!) Pittsburgh Steelers. Directly out...

18/08/2016

Pre- Vs. Post-Claification For Records Metadata by Juerg Meier

I recently watched a demo of the IBM Watson natural language processing (NLP) tool that showed how it was used by police for criminal investigations at a Record...

15/08/2016

Closing the Gap by Lisa De Luca

Empowering Federal Professionals with Next-Generation Information Management Skills As anybody who has been paying attention to federal headlines or budgets ca...

10/08/2016

Putting information privacy first by John JT Tomovcsik

There is a lot more to protecting customer privacy than locking down facilities and enforcing strong passwords. It's about getting the entire organization a...

09/08/2016

A Licensee s Guide to Technology Escrow [Free eBook] by Nadine Dias

Investing in technology is not a decision that is made lightly. In today's technology-driven world, companies are competing to be the best of the best and t...

05/08/2016

Disposing of IT ts: eBay, You Found What on ose Hard Drives? by Michele Hope

Some organizations dispose of their IT assets by recycling what they can and discarding the rest. For others, this process involves reselling parts that still h...

05/08/2016

How to Reduce Data Storage Costs by John Sharpe

In the age of big data, IT managers are increasingly tasked with taking more comprehensive views of their organizations' data. This requires them to evaluat...

05/08/2016

Uncovering the Hidden Risk wiin Federal Information Management Programs by Lisa De Luca

Identifying and addressing the burgeoning skills gap issue The federal governm...

04/08/2016

My First 6 Mons as an IG Project Coordinator by Jeica Bundy

I recently checked in with Karen, the project coordinator for the Records and Information Governance Group at a large healthcare corporation in Missouri. Karen ...

28/07/2016

Customer Care by Day, Rock Star by Night by Megan OKeefe

Friendliness, patience, and determination are qualities that make for a remarkable customer service agent, and Kim possesses all three. As a member of Iron Mou...

22/07/2016

Top Benefits of Outsourcing Print and Fulfillment by Leslie Barton

You have to spend money to make money, as the old adage goes. But, when it comes to print and fulfillment, most companies would prefer to spend less and make mo...

21/07/2016

6 Bad Habits of Data Management- Part by John Sharpe

In my last blog, 6 Bad Habits of Data Management- Part 1, I covered three bad habits many IT departments across the globe are guilty of committing. Here are 3 m...