Risk management begins with the determination or identification of risks to assets. An adapted definition of threat, from NIST SP 800-30, is “[t]he potential for a person or thing to exercise (accidentally trigger or intentionally exploit) a specific vulnerability.” Here’s today’s big tip – Learn how to define and identify threats!
In information security, a threat is anything that could harm information or systems creating, receiving, maintaining or transmitting information by exercising a vulnerability. A vulnerability is a flaw or weakness in a system.
As an example, theft of a laptop containing ePHI is a threat. Sending unsecured ePHI through email is a threat.
There are several types of threats that may occur within an information system or operating environment. Threats may be grouped into general categories such as natural, human, and environmental. Examples of common threats in each of these general categories include:
- Natural threats such as floods, earthquakes, tornadoes, and landslides.
- Human threats are enabled or caused by humans and may include intentional (e.g., network and computer based attacks, malicious software upload, and unauthorized access to ePHI) or unintentional (e.g., inadvertent data entry or deletion and inaccurate data entry) actions.
- Environmental threats such as power failures, pollution, chemicals, and liquid leakage.
Check out the Clearwater HIPAA Security Risk Analysis ToolKit™ to jump-start your program.
Wanna be even more hip on HIPAA? Learn more…
The complete HIPAA Privacy, Security and Breach regulations are here.
If you’d like keep up to date on Risk Analysis or HIPAA-HITECH in general, please also consider (all optional!):
- Joining our AboutHIPAA LinkedIn Group: http://AboutHIPAALI.org
- Following me: https://twitter.com/ClearwaterHIPAA
- Subscribing to our eNewsletter: https://clearwatercompliance.com/resources/newsletters/
- Subscribing to our RSS feed: http://feeds.feedburner.com/ClearwaterCompliance
- Checking our company web site: http://clearwatercompliance.com/
- Attending a HIPAA HITECH live webinar: http://clearwatercompliance.com/live-educational-webinars/
- Attending a HIPAA HITECH Blue Ribbon Panel Live Web Event: http://clearwatercompliance.com/hipaa-hitech-blue-ribbon-panel/
- Viewing a pre-recorded webinar: http://clearwatercompliance.com/on-demand-webinars/
We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.