Privacy & Security
The recent CrowdStrike outage might have made the issue top of mind for many hospitals IT and security leaders. But it's important to remember that controls don’t fail in just major events – they're always at risk.
Cyberattackers have been shifting to strategies where legitimate tools commonly installed on desktops and servers are abused for malicious purposes. To fight back, knowledge is power.
By creating new definitions and revising others, the proposed rule targets health and wellness technology companies operating outside of HIPAA and qualitatively expands the scope of what constitutes a PHR.
NGITS are versatile, adaptable infrastructures and engineering/operations that can incorporate new mission-advancing technologies and business processes into the enterprise as they emerge in a thoughtful, integrated way.
As an industry we've bought into the idea for too long that we can simply buy some cybersecurity tools and be safe.
With the door now opened for medical data to be weaponized, HIPAA protections are insufficient for current times.
When employees say yes to unsolicited push notifications, they effectively allow a malicious actor to bypass the controls offered by two-factor authentication – and open a new vulnerability for phishing attacks, or "phushing."
When implemented correctly, these programs can effectively crowdsource security research and testing services to help uncover real world exploitable vulnerabilities.
While compliance-based frameworks are not without merit, it is important that they be viewed as minimum acceptable standards and not as end goals.
A new weekly series looks beyond the pandemic and explores strategies for driving lasting, IT-enabled operational and business improvements across healthcare.
