Talk to a Security Expert Now: (800) 721-9177

IT Security Blog

Independent research and articles on IT security, healthcare security, and hacking techniques.

Contact Us

Healthcare IT Security – The “Not So Big Easy”

HIMSS, the healthcare industry’s standard bearer for the promotion of information technology (IT), held its 13th annual conference in New Orleans last month. Nearly 35,000 people attended the event including former president Bill Clinton, fellow politicos James Carville and Karl Rove, and bow-tied Dr. Farzad Mostashari, HHS’s National Coordinator for Health Information Technology.

Interoperability and exchange were the hot topics of the week, further jazzed by the recently announced CommonWell Health Alliance – a 6-party partnership between Cerner, McKesson, Allscripts, athenahealth, Greenway Medical Technologies and RelayHealth. Notably absent from the Gang of 6 is Epic, the undisputed EHR market heavyweight. Depending on who you ask, Epic was either not invited to join CommonWell or chose not to participate. Epic’s CEO, Judy Faulkner, said that the alliance is less about interoperability and more about competition. “It appears on the surface to be used as a competitive weapon and that’s just wrong. It’s wrong for the country.”? When asked to referee, ONC’s Dr. Mostashari said he didn’t want to get into a “he-said, she-said.” The dust-up made the Karl Rove – James Carville debate look tame by comparison.

Read More

The Executive Order on Cybersecurity – What Does It Mean for Healthcare?

The much anticipated executive order titled “Improving Critical Infrastructure Cybersecurity” was recently unveiled by the White House. As much praise as the President’s order garnered, there are still many unknowns about how the order impacts not just healthcare but all major industries in the United States. In the era of HIPAA, HITECH, SOX and another dozen regulatory security compliance acronyms how should the order be regarded? Potential, nothing more.

To understand what the executive order means and doesn’t mean we have to break it down into its two primary components: information sharing and security framework. Of these two the information-sharing piece is the one that could yield real benefit in the present. This section requires the federal government to report cyber security threats to private industry in a timely manner, if these threats are labeled as unclassified. The value of this kind of knowledge to a company in the crosshairs is enormous. However, the classification is a big IF so don’t expect your friendly neighborhood federal agent to routinely call you every time there is a threat on the horizon.

Read More