The ailments and issues that health care IT professionals are most concerned about

health care ITThe operating room is the convergence of intelligence and technology. The computers, devices, and software that make up the operating room and your doctor’s office, as well as the latest trends in health care, were on full display at HIMSS 2016 in Las Vegas earlier this month. This year’s conference was attended by more than 45,000 health care IT professionals who were ready, willing, and eager to learn how to collaborate better and improve patient care through IT solutions.

Throughout the conference I met with people from all areas of health care — from providers to payers to vendors. Here are three key takeaways. Continue Reading…

Tags: , , ,

Is your data safe with your employees? Maybe not.

lock down dataThough your company’s sensitive data is closely guarded, locked away behind firewalls and password-protected portals, there’s another threat that should keep you up at night. That gnawing feeling is one shared by 39 percent of IT professionals worldwide: They’re more concerned with their own employees leaking data than any hacker. Continue Reading…

Tags: , , ,

Remember these 3 things about Single Sign-On portals

sign onPasswords are our keys to nearly every digital door. No matter where we go, there’s a prompt for a password from websites, software, and company programs.

But what happens when an employee leaves the company? Oftentimes, not much. And the passwords we use for each different system often are changed on regular but inconsistent schedules. Because Single Sign-On (SSO) portals are still unknown to many IT directors, it’s rare to find a company where IT manages passwords and other credentials, and that can be a problem. In a worst case scenario it could lead to data breaches should a former employee retain credentialed access to important company information. Continue Reading…

Tags: , ,

Technology in the classroom, part 2: Improving infrastructure and security

digtal learningAs the school year progresses, so does student achievement. And so must your school network and its security. After all, security threats to your network and mission-critical data don’t leave for the summer. We’re again looking at our digital learning checklist to guide analysis of your school’s current IT environment, see where improvements can be made, and help you begin investing for the future.

Let’s continue, focusing on network infrastructure and security. Continue Reading…

Tags: , , ,

Think hackers aren’t targeting your small business? Think again.

cyber criminalThe fallout from the massive data breach of controversial website Ashley Madison probably still hasn’t hit rock bottom.

The names and email addresses, as well as more sensitive information, of about 37 million Ashley Madison customers were exposed after malicious hackers published the information on a dark web forum. The consequences of the Ashley Madison breach are potentially devastating for Ashley Madison’s clientele, and the company is facing serious fallout as well, including class-action lawsuits and incalculable damage to its brand.

Leaders at many small and mid-sized businesses (SMBs) might be thinking, “I don’t need to worry about a data breach — no one is interested in attacking my business.” Continue Reading…

Tags: , , , ,

Is it a patch, or just another problem for your network?

security patchWhen is a patch not a patch? When it becomes another exploit on your network.

We sometimes lose sight of these obvious points when talking about patching and vulnerability management. At Tenable, we often discuss vulnerability management (it is what we do), which leads to conversations about patching and patch management (even though that is not what we do). Patch Tuesday has driven systems administrators and vulnerability management professionals into a myopic patch mentality; sometimes it works well, sometimes it works just well enough, and sometimes it leads to stupidity.

Patching isn’t always the answer. When vulnerabilities are found, there should be a logical process for dealing with them. While “slap a patch on that bad boy” is often a great answer, and frequently the easiest, it is not the only response to network vulnerabilities. Continue Reading…

Tags: , , , , ,

Assessing security: How one health care provider stepped up its security outlook

healthcare securityWhen the federal government offers incentives to support a change, many organizations sprint to meet the benchmarks that trigger the payoffs. That was the goal when, in 2009, the government offered grant money to spur the adoption of electronic medical records (EMRs). Since 2009, 80 percent of doctors and 60 percent of hospitals have converted to EMRs, and $28 billion has been paid out to health care providers for converting paper files to digital.

A large health care provider in the Midwest was among them. Serving more than 200,000 patients, the organization had thousands of medical records on file that needed to be digitized. The company ramped up the push for electronic records to meet the government incentives, including its requirement to use only electronic records for Medicare and Medicaid patients by the end of 2013.

But as the company, like many providers, rushed to meet these new EMR requirements, it found the cyber security requirements were changing far faster than other technologies.

The organization knew it needed to ramp up security — and quickly — to continue to meet its responsibility to its patients and their privacy, and to continue to meet health care privacy rules and HIPAA requirements, while maintaining the security of the entire system. But with IT resources tied up in the switch to EMRs, how could the organization best upgrade its security? Continue Reading…

Tags: , , ,

Why it’s time to rethink what drives your IT security program

intrusion prevention system (IPS)In the past, IT security was like insurance, viewed as an expense, not a revenue generator. That perception left IT with minimal dollars allocated to securing networks, data, and other assets. But with the increase in threats, ranging from malware to data and identity theft, security has become a priority for all organizations.

Over the past three decades, businesses have developed structured security programs as federal and industry regulations became more prevalent. The Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), and Payment Card Industry Data Security Standard (PCI DSS) are some of the well-known guidelines that have advanced compliance-based security.

But regardless of the industry guidelines, both compliance controls and the threat landscape have evolved, introducing a new requirement to address: risk. Security can no longer simply check the box of compliance as it could in the past. Risk is the new basis for every effective IT security program. Continue Reading…

Tags: , , ,

3 vulnerability and assessment tools that will strengthen your IT ecosystem

snapshot-syndromeDig up your high school yearbook photo and you’re likely in for a laugh — the clothes, the hair styles, the glasses are distant memories for most of us. That snapshot of 18-year-old you is unlikely to be confused with who you are today.

And yet when it comes to IT, many organizations often find themselves the victim of a kind of snapshot syndrome, the common misconception that our environments exist in the state in which they were last measured or assessed. In reality, most infrastructure, policies, and processes are in a continually dynamic state, and just like current you compared to your high school yearbook photo, only a few undergo limited changes. Continue Reading…

Tags: , , , , ,