Privacy & Security

There are almost 5 billion connected smart devices already in use. A significant percentage of them are medical devices, from pacemakers to drug pumps. They're already being hacked so often that the trend has its own nickname.

An insurance claims management company that reportedly failed to encrypt its data is in hot water after an IT professional uncovered detailed medical records of some 1.5 million people from its database online.

When the Federal Bureau of Investigation issues an alert to healthcare organizations and others warning of the serious cyber risks presented by the Internet of Things, it's probably best to pay attention.

Hospital operator Sutter Health last week said personal information on more than 2,500 patients was improperly emailed by a former employee in 2013, representing a possible breach of patient data.

The list of tools in a health organization's data security armamentarium is long and varied: firewalls, encryption, anti-virus, etc. But a truly risk-based security framework needs more than mere protective measures. It requires awareness.

A recent security report by Microsoft finds that, even when cloaked in encryption technology, "an alarming amount of sensitive information can be recovered" from electronic medical record databases.

Hackers had unfettered access to Excellus BlueCross BlueShield's information systems for more than a year and a half before the health plan even noticed the cyberattack had occurred.

Richard Clarke, cybersecurity expert and former national security advisor to three U.S. presidents, will keynote the HIMSS Media and Healthcare IT News Privacy & Security Forum Dec. 1-3 in Boston.

Security specialists bring to market new cloud services to secure PHI and PII for Salesforce users.

HIMSS officials plan to share the three "asks" with Congress during National Health IT Week in early October.