Want to beat auditors and adversaries? Think like an attacker | Government Health IT

Security is always a top concern, but the stakes are particularly high in the healthcare industry. Click on the below link for an article discussing security “desk” audits by the Department of Health and Human Services Office for Civil Rights (OCR) – the article discusses an audit at Concentra Health Services earlier this year.

Click on the following link for the article: www.govhealthit.com

My thoughts:  The healthcare industry has special cybersecurity needs and requirements – nothing new here about that. But I am surprised when I still see articles suggesting that it is now time to get serious about it. And according to the article, Concentra Health was serious about security measures – but a limitation in laptop encryption was identified by Concentra itself. Takeaway: if they didn’t do so, be sure to address and remedy these situations immediately. The article also doesn’t tell us how much time had passed between the identification and what had been done or was being done. Situations arise and will continue to arise even if diligent efforts and processes have been in place.  Each situation is unique and requires individual investigation and evaluation.

Dave Tate, Esq. (San Francisco / California)