Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Improvements required in healthcare security management

Tripwire Inc : 25 November, 2013  (Technical Article)
Survey results demonstrate requirements for improved risk assessment in the healthcare industry to increase IT security protection
Improvements required in healthcare security management

Tripwire has announced the results of research on risk-based security management in the healthcare and pharmaceutical industries.

The survey, conducted in April 2013 with the Ponemon Institute, evaluates the attitudes of 1,320 respondents from IT security, IT operations, IT risk management, business operations, compliance/internal audit and enterprise risk management. One hundred and seventeen health and pharmaceutical sector respondents from the USA and the UK participated in the healthcare portion of the survey.

The health and pharmaceutical industries have undergone significant information security changes in 2013, and Health Insurance Portability and Accountability Act (HIPAA) fines have grown in both size and frequency. In August, Affinity Health Plan was fined more than $1.2 million for HIPAA violations and insurer WellPoint agreed to pay a $1.7 million penalty in July. As the final omnibus rule goes into effect, new state healthcare exchanges place additional security and privacy pressures on healthcare organizations. Despite these regulatory pressures, Tripwire’s survey indicates that the healthcare industry lags behind other industries in the implementation of critical security controls.

Key findings include:

* 70 percent say communicating the state of security risk to senior executives is not effective because communications are contained in one department or line of business.
* Only 52 percent use formal risk assessments to identify security threats.
* Only 58 percent have fully or partially deployed change control and security configuration management.

“It is true that healthcare organizations rank better than average in some areas of this survey, but there is still a lot of room for improvement,” said Dwayne Melancon, chief technology officer for Tripwire. “About half of healthcare and pharmaceutical organizations are not using any kind of formal risk assessments, and they are also far less open to challenging current assumptions. Both of these factors could cause them to be blindsided by the increasing number of cybersecurity threats to their businesses.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo