Last year, Konica Minolta launched a new portfolio called “Workplace of the Future,™” which integrates existing solutions with new technologies from Konica Minolta’s Business Innovation Center in Silicon Valley. As a founding member of this practice, I have had the opportunity to become fully immersed in the trends and opportunities in the connected office sector through conversations with 75+ startup leaders, extensive industry research, and an active presence at industry conferences. (more…)
Your company has undoubtedly invested significant time, energy and money to develop intellectual property (IP) – unique ideas, methodologies and trade secrets – as well as other intangible assets – customer lists, plans for future products, non-public financial information, contracts with suppliers, software source code, and so on.
These information assets are extremely valuable, and often what differentiate you from the competition. In the wrong hands – the hands of a competitor, for example – the damage could be catastrophic.
IT professionals lie awake at night making sure their networks are protected from outside threats. And yet you don’t have to look too far to find high-profile examples of security breaches. The 2014 hacking of Sony Pictures and the release of thousands of private emails and documents was both costly and embarrassing for the company.
Perhaps, it’s another headline-grabbing event that offers an indication of what may be a more common and pervasive threat to your information assets: the release of classified National Security Agency (NSA) documents by Edward Snowden. Snowden, you may recall, was a contractor working for the NSA when he copied and released classified information without authorization. This wasn’t a hack from the outside; it was the job of an “insider.” (more…)
In 2013, a covered entity reported to the U.S. Department of Health and Human Services Office for Civil Rights that one of its workstations was infected with a malware program. This resulted in the impermissible disclosure of 1,670 individuals’ electronic protected health information. The ePHI included names, addresses, Social Security numbers, dates of birth, health insurance information, diagnoses and procedure codes.
The covered entity, a hospital in the Northeast, determined that the malware was a generic remote access Trojan that infiltrated their system, providing impermissible access to ePHI, because the organization did not have a firewall in place.
This is a common, basic lapse in compliance of covered entities. So, let’s examine the HIPAA settlement related to this organization. to better understand how you can improve your HIPAA compliance program. (more…)
Gartner estimates about 6.4 billion Internet of Things (IoT) devices today, such as DVRs, surveillance cameras, and many others, all connected to the Web and all with Internet (IP) addresses. By 2020, it is expected that the number of Web-connected devices will increase to 20.8 billion.
So, why are these numbers relevant to healthcare cyber-security?
An IoT fact is that these devices were not designed or developed with security at their core. Further, these devices are typically not configured securely.
IoT = Internet of Threats!
The focus of this article is to walk through the security challenges associated with IoT devices, which are proliferating healthcare entities. We will examine four key steps that a health-care entity should take to be better positioned to address this area of emerging cyber-risk.
Why the IoT-driven Internet Wobble on October 21 Matters in 2017 (more…)
Security should be a driving force and not an afterthought for senior executives and their boards.
It is important that senior executives require that their organization formally establish a credible cyber security program. It starts with setting strategic security objectives that must be achieved by December 31, 2016, and December 31, 2017. Think near-term, and think far! The organization must address security and compliance as a life-cycle, as a process. It will lower business risk! (more…)
As the old adage goes: Don’t take a good thing for granted.
How often do we do this in our personal and professional lives? Probably more than we’d like to admit. So when that good thing comes along, recognize it, take pride in it and promote it. That’s precisely what we’re doing with our interoperability capabilities as they grow and become more relevant for more of our healthcare customers. (more…)
My role as a subject matter expert for Konica Minolta’s education solutions market couldn’t fit my personal passion for education any better. Aside from my role collaborating with our marketing and sales teams, I’m also an adjunct professor at New York University and a volunteer and board member at Living Values Education, a non-profit agency that teaches children how to live their own social, moral and spiritual values. It includes training teachers on conflict resolution and creating an anti-bullying environment. (more…)
Based on the frequency and amount of HIPAA fines in 2016, one thing is clear, very clear: the lack of a credible HIPAA compliance program for an organization today, will lead to an increase in business risk.
Multiple alleged HIPAA violations resulted in a $2.75 million settlement with the University of Mississippi Medical Center (UMMC). HIPAA fines typically are in the seven figures. In addition, it always includes a corrective action map (CAP), which requires a comprehensive HIPAA compliance program, mandated with attestation from an organization’s officer over the duration of the CAP period. The duration of the CAP period is typically a minimum of two years, more likely, three years.
The recommendation to senior leadership: select a security framework and establish HIPAA compliance within the context of that framework. There are essentially three options for security frameworks: HITRUST, ISO 27001 and NIST. I would recommend HITRUST. Be deliberate, disciplined, and steady to get HITRUST certified.
Senior executives must treat HIPAA compliance as a life-cycle, as a process. It will lower business risk!
Let’s examine the settlement related to UMMC to better understand how this impacts where you need to set the bar for HIPAA compliance based on Office for Civil Rights (OCR) enforcement of the regulation. (more…)
Understanding your DNA enables you to take proactive measures in defense of your health and well-being. Similarly, an organization must carefully examine its enterprise to ensure that it is protected from the multitude of threats posed by cyber criminals, employee/staff incompetence and/or malicious intent. In this article, we focus on two key challenges for organizations. First, what does HIPAA compliance mean? What must it address? And second, how can an entity address HIPAA compliance and the risk associated with cyber-attacks on a continual basis? We identify options for security frameworks to address this second question.
HIPAA violations and fines are mounting like never before, as evidenced by the following examples: