Healthcare Data Today: In Motion or Out of Control?

From October 2009 through the present day, one industry alone has reported 900 different breaches. And none of those 900 were limited in their scope – in each, at least 500 individuals were affected. Who knows how many other smaller breaches happened, without public knowledge. The industry we’re describing probably isn’t any of the ones you might guess – maybe retail or financial services – it’s the healthcare industry. And we can be absolutely certain that the numbers really are this high because the healthcare providers are required by law to disclose any breach affecting 500 or more individuals. Since the HITECH Act of 2009, the U.S. has been grappling with how best to adopt new technology like electronic health records and telemedicine tools. The challenge is always to walk the line between improving patient care, without jeopardizing patient privacy. For that reason, the Department of Health and Human Services is now responsible for reporting breaches to the public. It doesn’t matter whether the breach is the result of negligence involving an inadequate remote access policy or the theft of a laptop – all major incidents are reported. Healthcare information is particularly valuable to attackers because it can lead to even more lucrative data, such as bank account information or prescriptions that can be used to obtain controlled substances. Yet, these incidents involving healthcare providers aren’t the ones making national headlines. Usually, widespread public panic involving network security is reserved for high-profile breaches of retailers and financial providers instead. The silver lining is that every time another Target or Home Depot is attacked, retailers are again reminded that they could...

Readers' Poll: What Industry Vertical Do You Work In?

A little while back, we began a series of “get to know you” polls in an effort to better shape our content. In a June poll, we asked about your positions within your organizations, with results showing an even split between IT and marketing, with sales also being a popular answer. We found the results quite interesting, and they led us to wonder – in what industry vertical do you work that makes remote access and network security of interest? As always, feel free to elaborate in the comments. [polldaddy...

Readers’ Poll: What Industry Vertical Do You Work In?

A little while back, we began a series of “get to know you” polls in an effort to better shape our content. In a June poll, we asked about your positions within your organizations, with results showing an even split between IT and marketing, with sales also being a popular answer. We found the results quite interesting, and they led us to wonder – in what industry vertical do you work that makes remote access and network security of interest? As always, feel free to elaborate in the comments. [polldaddy...

Revisiting mHealth with Dr. Ruchi Dass, Part 2

Today, we finish our conversation with Dr. Ruchi Dass on mobile health trends. We left off last week talking about the security issues surrounding mHealth. Below, Dr. Dass tells us more about mitigating security risks and what still needs to happen for mHealth to be fully optimized. Dr. Ruchi Dass: To mitigate the risks authentication systems raise, it is essential that they be designed to offer individuals control over their personal information by supporting traditional principles of fair information practices. While these principles have long formed the basis of federal and state law, industry rules of best practice, and international agreements related to information privacy protection, their application to authentication systems must be carefully considered and articulated so as to take into account the complex and unique questions raised by the technology. In fact, because fair information practices are often ignored in the current use of authentication, the move to new authentication systems offers implementers the ability to offer stronger privacy protections if privacy issues are addressed in the design of the technology. On the technology front, these risks may be mitigated through deployment of diverse authentication products, by decentralizing their design and limiting the amount of personal information collected. It discusses the importance of applying fair information practices to the management of authentication data. Also, computer and mobile solutions should be designed and implemented using an enterprise-wide architectural methodology. An architectural methodology helps IT by providing a framework to consider all of the major issues, highlight the interdependencies and facilitate decision making between conflicting tradeoffs. VPN Haus: What are the major barriers that need to be overcome before mHealth can be...

Making Mobile Health Possible, Part 2

Earlier this week, we explored the innumerable medical breakthroughs that could stem from mobile health innovations. Today, let’s consider the security considerations to enable this. Security Must Be Paramount Yet, considering how sensitive and valuable medical information is, proper precautions must be taken to secure this data before mobile health can become mainstream. For instance, if hackers or disloyal employees scan or manipulate health data that is sent via mobile applications, the consequences can range from embarrassment to, frankly, death. It’s easy to understand why ensuring these connections are secure is absolutely critical. Mobile health, however, requires special VPN functionality. For instance, it requires both extremely high security and flexibility. After all, a healthcare application might use a potentially insecure public Wi-Fi network to communicate with the IT system of a hospital or a medical office. In order to maintain security in such a scenario, the VPN client must be able to automatically adapt to these security settings. The same requirements apply to smartphones and tablets used by nurses in elderly or outpatient care. Such solutions relay patient information—from homes or hospitals—onto the central database, typically via a VPN connection. And so again, the VPN connection must be able to flexibly adapt to various network connections, given some of amount of unpredictability of the locations. Also, considering that many healthcare workers are not trained in technology, the VPNs must be easy to use, so convenience is not traded for security. There’s no doubt mobile health offers innumerable opportunities to lower the cost of healthcare and infinitely improve efficiencies and convenience. The question is, can we ensure that this is done...