In case you missed some of the top news from the last few weeks here is a handy digest of the top headlines with with editorial notes from our team.

Hacker Can Send Fatal Dose to Hospital Drug Pumps

The lack of security in medical devices is simply appalling, and aside from causing information security experts to break out in a cold sweat, quite frankly, should scare people more than we are seeing at the moment. This problem is going to be shown to exist in all manner of connected medical equipment.

OPM Blames Legacy IT Systems in Contentious Hearing

(See also Why the OPM Breach is Such a Security & Privacy Debacle)

The OPM breach is much, much worse than expected. It can’t be said enough: prevention is better than a cure.

When there is a sophisticated attack, determining the extent of damage takes a lot of long, hard work by very skilled (and expensive) resources.  Breach response is a much longer process than most people/teams are prepared for.  

Two main issues that affected OPM are ones that at Clearwater we see over and over again: 

  1. Lack of skilled resources,
  2. No encryption of sensitive data at rest. 

The fact that #2 is likely driven by #1, in this case it is likely that even low-level system admins could have been ringing alarm bells at OPM for years.  As is too often the case, the response comes only after the worst case has occured.

 25 Lessons from a Patient Survey of Adverse Medical Events

This article is the fundamental reason we are in business: to ensure the safe sharing of patient information when it is medically pertinent. ePHI has made is faster and easier for doctors to quickly access a patient’s medical records and history in order to make an accurate and timely diagnosis and treatment plan… but what if that information was compromised?

While health care executives focus on regulatory compliance and Meaningful Use incentives, the real motivation for creating a robust information risk management program should be to improve patient care.ephi

Hack Brief: The Cardinals May Have Hacked the Astros

While we tend to focus on PHI and ePHI within the health care industry, the key take-home of this article reinforces our general guiding principle that ALL sensitive information needs to be protected, including trade secrets.  And it’s not just foreign governments going after it.

Other top news

3 experts teach you how to properly scope your PCI assessment

Names on town website –a HIPAA violation?

243 arrested for healthcare fraud, false claims, kickbacks, medical ID theft 

Taking Stock of the Target Data Breach


Clearwater Compliance

Clearwater Compliance helps healthcare organizations ensure patient safety and improve the quality of care by safeguarding the confidentiality, integrity and availability of protected health information (PHI).

We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.