The Coalfire Blog
Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, Retail, Financial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.
The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.
The Coalfire Blog
Viruses and Vendors Can Put Healthcare Data At Risk
August 09, 2011, Andrew Hicks, Managing Principal, Coalfire
A recent article in Healthcare Security Info highlights that computer viruses can cause security breaches, that can then in turn compromise health care data and potentially violate the HIPAA and HITECH Act regulations. Beth Israel Deaconess Medical Center in Boston had to notify more than 2,000 people that a computer virus sent data, including medical record numbers, names, etc. to an undisclosed location.
The cause? A computer maintenance vendor did not restore computer security controls after working on a machine. This news emphasizes three things that healthcare providers must be vigilant about:
Computer viruses can lead to breaches;
Outside vendors (business associates) can be the source of breaches;
Maintenance periods can introduce unintentional risks.
How can healthcare companies mitigate these dangers? The first step is developing an understanding of what HIPAA and HITECH both require and knowing where security responsibilities lie. An independent audit from a reputable risk assessment firm can clarify these issues and identify security weaknesses before problems arise.
Beth Israel’s reaction to the incident should be applauded. HITECH does require them to notify individuals of a breach, and their timeliness and offer of free identity protection services show their dedication ed to their patients.
<< Go Back
Blog post currently doesn't have any comments.