Talk to a Security Expert Now: (800) 721-9177

IT Security Blog

Independent research and articles on IT security, healthcare security, and hacking techniques.

Contact Us

The Executive Order on Cybersecurity – What Does It Mean for Healthcare?

The much anticipated executive order titled “Improving Critical Infrastructure Cybersecurity” was recently unveiled by the White House. As much praise as the President’s order garnered, there are still many unknowns about how the order impacts not just healthcare but all major industries in the United States. In the era of HIPAA, HITECH, SOX and another dozen regulatory security compliance acronyms how should the order be regarded? Potential, nothing more.

To understand what the executive order means and doesn’t mean we have to break it down into its two primary components: information sharing and security framework. Of these two the information-sharing piece is the one that could yield real benefit in the present. This section requires the federal government to report cyber security threats to private industry in a timely manner, if these threats are labeled as unclassified. The value of this kind of knowledge to a company in the crosshairs is enormous. However, the classification is a big IF so don’t expect your friendly neighborhood federal agent to routinely call you every time there is a threat on the horizon.

Read More

The First Step In Cyber Insurance: Know Your Risk And What You’re Insuring Against.

Cyber insurance provides an opportunity to address residual risk in your information security program to offset the costs due to a data breach of ePHI. However, individuals polices, coverage and exclusions are highly variable, so just like any security control it’s important to understand your security risk profile before an appropriate security insurance policy can be defined. An assessment, such as a HIPAA Security Risk Analysis should be the first step in any insurance policy strategy. Here’s why: A) You’ll have to do it anyway, B) The safest approach is to avoid a breach in the first place, C) Your risk profile will enable a better tailored policy.

Read More