On October 27, 2015, Congress passed the Cybersecurity Information Sharing Act (CISA). Section 405 of CISA is specific to healthcare and charges Health and Human Services (HHS) with the responsibility of leading healthcare cybersecurity efforts, with the goal of keeping patient personal data secure.
Vendors always attempt to position themselves as a partner and a friend. The vendor relationship can sometimes get confusing and cause frustration around expectations, and one of those expectations is protecting data. So, the Vendor Relationship: BFFs? or Covered Entity and Business Associate?
It’s enough stress on CIOs and IT Directors to worry about a breach occurring in their own organization; but add to that stress the concern of being responsible as well, if a breach happens at one of their vendors. It can be overwhelming!
ECRI Institute recently announced their annual “Top 10 Health Technology Hazards for 2019.” If you keep abreast of Health Information Technology (HIT) news, you already know the number one risk: hackers can exploit remote access to systems, disrupting healthcare operations.
"The consequences of an attack can be widespread and severe, making this a priority concern for all healthcare organizations," said ECRI Health Devices Program Executive Director David Jamison. "In critical situations, this could cause harm or death."
The topic of security is on the minds of most healthcare IT professionals today. Securing remote access to your hospital's network is the deadbolt that helps protect your data. Most people don't leave their backdoor wide open, or expect that little doorknob lock to be secure, so why do most hospitals do the equivalent with their networks?