The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.

The Coalfire Blog

Viruses and Vendors Can Put Healthcare Data At Risk

August 09, 2011, Andrew Hicks, Managing Principal, Coalfire

Andrew Hicks

A recent article in Healthcare Security Info highlights that computer viruses can cause security breaches, that can then in turn compromise health care data and potentially violate the HIPAA and HITECH Act regulations. Beth Israel Deaconess Medical Center in Boston had to notify more than 2,000 people that a computer virus sent data, including medical record numbers, names, etc. to an undisclosed location.

The cause? A computer maintenance vendor did not restore computer security controls after working on a machine.  This news emphasizes three things that healthcare providers must be vigilant about:

  • Computer viruses can lead to breaches;
  • Outside vendors (business associates) can be the source of breaches;
  • Maintenance periods can introduce unintentional risks.

How can healthcare companies mitigate these dangers? The first step is developing an understanding of what HIPAA and HITECH both require and knowing where security responsibilities lie. An independent audit from a reputable risk assessment firm can clarify these issues and identify security weaknesses before problems arise.

Beth Israel’s reaction to the incident should be applauded. HITECH does require them to notify individuals of a breach, and their timeliness and offer of free identity protection services show their dedication ed to their patients.

<< Go Back

Blog post currently doesn't have any comments.

Post Topics