Category: Tip of the Week

Business Continuity, Data Breach, Education, HIPAA / HITECH Enforcement, Tip of the Week, Upcoming Events

Privacy and Security Forum

Rose

Boston Children’s Hospital Senior Vice President and CIO Daniel Nigrin, MD, will be one of the speakers at the Privacy and Security Forum to be held in Boston, MA. The discussion will include sharing “best practices, lessons learned, insights and information regarding the much debated practice of BYOD” or bring you own device (HIMSS, 2014). The hospital experienced having to defend against hackers who made several attempts in potentially exposing the organization’s internal network. The cyber-attack was linked to the renowned hacker group Anonymous (Boston Globe, 2014).

Boston Children’s Hospital is a 395 bed comprehensive center for pediatric health care. The services offered are for children from birth through 21 years of age. The hospital is home to the world’s largest research community. Their current initiatives have attracted $225 million in annual funding. Boston Children’s Hospital is a certified Magnet hospital for nursing excellence; according to the American Nurses Credentialing Center (ANCC), the Magnet Recognition Program signifies “quality patient care, nursing excellence and innovations in professional nursing practice” (2014).

US News surveyed 183 pediatric centers to obtain clinical data in 10 specialties and Boston Children’s Hospital was one of the Top Ten hospitals in the Honor Roll for high scores, ranking in the Top Ten in all Ten categories including eight 1st place rankings. Boston Children’s Hospital ranked number one in the 2014-2015 year, establishing excellence in treating children suffering from all types of illnesses. RTI International, a North Carolina-based research and consulting firm directed the surveys and analyzed the results.

Dr. Nigrin is part of an organization that shows integrity and accountability with regards to their patients’ sensitive information as well as provides excellent and innovative patient care.

 Privacy and Security Forum: Protecting Data Assets and Managing Risks

September 8-9, 2014

Westin Boston Waterfront

Boston, MA

For more information please visit: http://boston.healthprivacyforum.com/

References

American Nurses Credentialing Center. (2014). ANCC Magnet Recognition Program. Retrieved from http://www.nursecredentialing.org/magnet.aspx

Boston Globe. (2014). Hacker group Anonymous targets Children’s hospital. Retrieved from http://www.bostonglobe.com/business/2014/04/24/hacker-group-anonymous-targets-children-hospital-over-justina-pelletier-case/jSd3EE5VVHbSGTJdS5YrfM/story.html

HIMSS. (2014). CIO to discuss cyber-attack at Privacy and Security Forum. Retrieved from http://www.himss.org/News/NewsDetail.aspx?ItemNumber=32805

U.S. News & World Report. (2014). Children’s hospital rankings. Retrieved from http://health.usnews.com/health-news/best-childrens-hospitals/articles/2014/06/10/best-childrens-hospitals-2014-15-honor-roll-and-overview

Data Breach, Risk Analysis/Risk Management, Tip of the Week, Vulnerability Testing & Management

Information Security Operations Planning

CJ Michael

One of the biggest threats for organizations today is the threat of the unknown. For many IT departments and Security Teams, it is a constant battle to know your enemy and protect the organization’s assets from being stolen or corrupted. Not long ago, installing a firewall for the network and anti-virus on workstations was adequate protection. Times have changed, and building a security program requires planning, specifically a good balance of Strategic, Tactical and Operational planning.

Strategic planning is all about allocating the right resources to satisfy long-term goals and protecting the data that helps make your organization valuable. As Darren Dannen explains, “Strategic planning is an organization’s process of defining its strategy or direction and making decisions about allocating its resources to pursue this strategy.” The decisions come mostly from management and are the guiding principles for everyday decisions made throughout the organization. Things to consider would include: What is important to protect? What needs to be monitored? How would you respond to threats? And how do you determine if you need outside assistance?

With these decisions made, the next step is to address Tactical planning, or the implementation of your organization’s strategy. The key here is building a security operations structure that is clear and effective in helping identify and stop attacks. One of the most important aspects of Tactical planning is clearly defining the proper roles within management and your security teams to define the structure of the organization. For healthcare organizations, that means stating who the Security Officer is and outlining Emergency Response Teams to react during a breach or security incident. The next step in Tactical planning is addressing training and techniques. This is when your organization establishes administrative, technological, operational, and analytical procedures to support both immediate and long-term goals.

In support of Strategic and Tactical planning is Operational planning. These activities revolve around protecting information assets through everyday tasks. According to Darren Dannen, there are five basic functions to plan for:

  1. Vulnerability management
  2. Device management
  3. Monitoring
  4. Threat Analysis
  5. Incident Response

Some key areas to address within these functions include patch management, vulnerability scanning, log, auditing, and risk mitigation. This planning process does not happen overnight and can require extra resources to get off the ground. If your organization needs assistance, contact RISC Management. Remember that the first step in establishing any security program is a Risk Analysis. If you don’t identify, analyze, and document your risk, you’ll never effectively manage it.

Sponsored by: RISC Management, www.RISCsecurity.com

References

Implementing Information Security in Healthcare: Building a Security Program