Relying solely on historical data has limitations, particularly in such dynamic, fast-moving arenas as healthcare and IT. Any conclusions drawn may turn out to be less predictive or prescriptive than as originally put forth. The old adage “if we don’t learn from history, we are doomed to repeat it,” is diluted by the pace of technological change. Relatively new innovations such as smart phones, iPads, and social media continue to alter the nature of human-machine interaction, workflow and social reach.
The RSA Breach, their initial reaction, and their follow-up communication regarding the Lockheed Martin attack (which they are admitting is related to the initial RSA breach) makes us question their priorities.
If RSA can't succeed in securing a small and critical area of their network, what is a healthcare organization to do?
While information around this attack and its impact on customers is lacking (RSA is citing an ongoing investigation as a reason to limit public disclosure) a couple of lessons about general security management can be learned.