My first week back to work at NetGain IT and I am greeted with one of the biggest data breaches ever reported! Anthem, the nation's second largest health insurer, confessed to as many as 80 million of its members that hackers penetrated its IT systems and swiped their personal data.
Unfortunate incident? Uncommon occurrence? Not likely! Don't forget the nearly 42 million people who have had their health data compromised in HIPAA breaches to date. Big crevices in security allowed for Heartland Payment Systems breach in 2008, the Target breach, Community Health Systems Heartbleed attack, Sony –and more!
Privacy and security risks are here to stay and will not be going away anytime soon. These threats will continue to grow. FBI Director Robert S. Mueller III has stated that “there are only two types of companies: those who have been hacked, and those that don't know they've been hacked." The truth of that is evident in the amount of legislation that has flowed in recent years around HIPPA and other compliance areas.
"This should serve as yet another wake up call for those who haven't gotten it yet," said CynergisTek Co-Founder Mac McMillan. "Healthcare is a target." With so much of the focus by hackers on healthcare data and user information, the time is now to make a stronger case for changing how security is addressed. It cannot remain just about compliance and meeting the minimums to avoid fines.
Taking a look at where healthcare security is now, one can question where will it need to be to deliver the best healthcare without diluting the trust and valued health information of the people they serve? “We need to remember that our assets are not devices, but the information on them,” said Karl West, Intermountain chief information security officer, at the Privacy & Security Symposium in December. “Understanding where data is: that’s the security model of the future.”
Offering better training to end users on security for basic forms of sensitive information is a start.
Printed, spoken and electronic- each individual has the responsibility to protect the privacy and security of sensitive information. I myself am growing more and more conscious and I do not have the luxury of being one of those writers who can just carelessly toss away research and documentation without considering the implication of it's existence.
“The threat landscape is changing far too quickly for just a compliance-based approach to security,” Aetna CISO Jim Routh said after his organization was hit. Believing that each individual has to take a part in the solution is key, and I have the privilege to work for a firm that is building a better boat to chart these waters. We provide proactive tools to bring about end user awareness and offer security assessments to all varieties of industries with specific criteria that can be addressed.
I am glad to back, and am bringing my best to the table in the hope that this landscape of data breaches can only improve each day and I can do my part.