Healthcare Software Security Assessed by Veracode
The cloud offers healthcare providers the opportunity to streamline the provision and management of medical services. However, healthcare providers attempting to harness the power of the cloud could potentially be placing Protected Health Information (PHI) at risk. HIPAA requires covered entities to safeguard PHI at all times, whether it takes the form of physical records or digital files. Any PHI stored or accessible via apps or other cloud applications must have security controls in place to protect the data. All cloud applications must therefore be subjected to a thorough risk assessment to identify potential security vulnerabilities, and any issues found must be addressed. Many healthcare providers, and other HIPAA-covered entities, enlist the help of professionals when it comes to assessing mobile application security, with Veracode a market leader. Over 200,000 Cloud Application Security Assessments Performed Veracode assesses applications for security vulnerabilities that could potentially be exploited to gain access to patient data; or login credentials to gain access to...
2015 Application Data Security Study Released
The Sans Institute has recently released the findings from this year’s mobile app security survey. The report, “2015 State of Application Security – Closing the Gap”, explores the differences in attitude between mobile application developers and security operations teams: Those responsible for protecting the data recorded, stored, and transmitted by applications. The survey was conducted on 435 individuals, of which 35% were application developers, with the remaining 65% comprising respondents from the data security industry. The Gap between Developers and Security Professionals is Closing One of the main issues limiting the adoption of mobile applications – especially in the healthcare industry – is a lack of robust data security protections for mobile devices. Developers are excellent at creating useful and fully functional apps, but they lack the knowledge to make the apps secure; a necessity before health apps can be used by medical professionals. Security professionals excel at securing mobile applications, but many do not understand the App development process. To...
MedData Report Offers New Healthcare Cybersecurity Insight
A new healthcare cybersecurity report has been released by the MedData Group, detailing the results of a new survey conducted on 272 U.S healthcare professionals. New Insights into the State of Healthcare Cybersecurity The Report – Physician and Hospital Professionals’ Perspectives on Cybersecurity in the Workplace – analyzes the results of a survey conducted in June of this year, and provides an insight into the current trends in healthcare cybersecurity. The report also highlights some to the major concerns medical professionals have about data security. The survey was conducted on physicians, hospital administrators and Health IT professionals and asked their opinions on a wide range of cybersecurity issues. With the increased risk of suffering data breaches, HIPAA-covered entities (CEs) have been given little choice but to implement a number of new security controls to repel hackers, monitor networks and prevent malware from being installed. However, physicians are not too confident in their organizations ability to prevent breaches. Physicians Lack Faith in Cybersecurity...
Connecticut Breach Notification Laws Updated
Connecticut breach notification laws have been updated and are now in effect. Substitute Senate Bill No. 949, Public Act No. 15-142 introduced a number of changes to improve data security and agency effectiveness to better protect state residents. Updates affect all who do business in the state, with specific changes that affect contractors (Business Associates/BAs) and health insurers. One of the major changes concerns damage and risk mitigation after a data breach. All companies and individuals doing business in the state must now provide credit monitoring services to breach victims, without charge, for a minimum period of one year if confidential information is exposed. The definition of “confidential information” varies from state to state. It broadly follows the definitions in HIPAA/HITECH, although in Connecticut it specifically refers to: Name Date of birth Mother’s maiden name Motor vehicle operator’s license number Social Security number Employee identification number Employer or taxpayer identification number Alien registration number Government passport...
Another Orlando Health Data Breach Reported: 3,200-Records Exposed
Yesterday, Orlando Health reported a (now former) employee illegally accessed the medical records of up to 3,200 patients while employed at the hospital. The data breach was discovered on May 27, 2015, although it took just over a month for breach notices to be issued. The healthcare provider started sending notifications to patients yesterday, according to the Orlando Sentinel. An investigation was immediately launched upon discovery of the data breach, which rapidly established information had been improperly accessed by the employee. The healthcare provider terminated the employee’s work contract, and the matter has been reported to law enforcement officers. This is not the first data breach to be suffered by Orlando Health. Another employee was discovered to have improperly accessed patient records in February 2013. In March of last year the company lost a flash drive containing the medical records of 586 children treated at the company’s Arnold Palmer Medical Center. More recently, just two months ago, patient records were found in a neighborhood driveway. Breach Notification...



