Author Archive

Healthcare Industry Still Lags in Protecting Data

Posted by on Tuesday, 30 April, 2013

As healthcare information security requirements and penalties get tougher, a great deal of discussion is focused around how well the healthcare industry is securing patient data.

healthcare data security survey resultsThe general consensus is that the industry still has a long way to go. One of the industry’s publications, Healthcare InfoSecurity, released the results of the Healthcare Information Security Today survey sponsored by RSA which took an in-depth look at security and IT practices of senior executives in the healthcare industry.

<< click on the image to learn more

 

The survey reviews many information security topics including

  • Impact of a data breach
  • Security threats
  • Compliance and steps to improve security
  • Risk assessment

Some of the responses surprised us on how far healthcare companies need to go for proper HIPAA compliance. Take a look at these statistics:

  • 55% of respondents were not confident in their organization’s ability to comply with HIPAA and HITECH Act regulations concerning privacy and security (grading themselves adequate or less).
  • 66% responded that their organization’s ability to counter internal information security threats was adequate or less.
  • Only 47% of survey participants utilize encryption for information accessible via a virtual private network or portal.
  • 32% of respondents have not conducted a detailed information technology security risk assessment/analysis within the past year with 47% updating their risk assessment only periodically.

The good news is that the survey shows that healthcare organizations are taking steps in the right direction to improve their security practices.

  • 37% of organizations’ budgets for information security are scheduled to increase over the next year.
  • 40% of respondents plan to implement audit tool or a log management solution within the next year.

When asked what their organization’s top three information security priorities are for the coming year, the top responses included

  • Improving regulatory compliance efforts
  • Improving security awareness/education
  • Preventing and detecting breaches

Healthcare IT teams will need updated security policies, comprehensive training for employees, and reliable tools and solutions that can deliver functionality, ease of use, audit reporting, and efficient workflows that protect the security of confidential data at rest and in motion.

The pressure is growing, compliance audits are looming, and tackling these issues are just part of the evolution of the healthcare industry.

 

Jennifer Phillips

Jennifer Phillips is a technology blogger and social media expert. With a focus on the data security and the IBM i market, she has over 10 years of experience writing for publications on technology solutions.

More Posts - Website - Twitter - LinkedIn

Hold the Phone! Your Cloud-Storage Files May Be Vulnerable

Posted by on Friday, 22 March, 2013

The cloud storage services market has seen tremendous growth in just the last two years. Reports indicate a growth from 300 million cloud storage subscriptions in 2011 to over 500 million in 2012. The popularity and convenience of mobile devices have fueled this growth, with cloud services presenting a way for companies and their employees to share files anytime and from anywhere.

dangers of mobile file transfers in the cloudThe ability to access virtually any type of document from your smartphone has been both a great tool, and a potentially serious risk.   Sharing files in the cloud allows your traveling sales representatives to access their latest sales report from their tablet, and lets the exec review accounting figures from their phones. Once the files are viewed, the users can delete them and assume everything is safe.

While cloud storage services may be convenient, they also present many security vulnerabilities. One of those vulnerabilities is that unauthorized users may be able to gain access to your files stored in the cloud through your mobile phones.

A recent article published in InfoWorld details the findings of a new report that focused on the security risks of using cloud storage services like Dropbox, Box and SugarSync. It described how researchers were able to recover a variety of different files from multiple mobile devices including iPhones and Android devices, even after they had been deleted from the cloud.  In addition, data about the cloud service user was also accessible via the phones.

Given how many mobile devices are lost and stolen every day, if you or your employees use a cloud storage solution to transfer sensitive data, it’s possible that someone with the right expertise could access those files using your mobile device.

Two important precautions companies can take to minimize risk are to train employees to follow established security policies, and give them easy access to a secure and convenient way to share and store files.

Secure managed file transfer solutions are an excellent alternative to the cloud storage services, providing the ability to transfer files – both batch and ad-hoc — without risk of unauthorized access. It puts the control for data security back into the hands of the IT team without compromising the workflow for employees.

Managed file transfer solutions offer many features not typically included in cloud based storage solutions like encrypted file transfer protocols, error reporting, audit trails, and support for SFTP, FTPS, and HTTPS – all important to maintain the utmost level of security.

 

 

Jennifer Phillips

Jennifer Phillips is a technology blogger and social media expert. With a focus on the data security and the IBM i market, she has over 10 years of experience writing for publications on technology solutions.

More Posts - Website - Twitter - LinkedIn