Is your health data secure? Find out here: https://goo.gl/kJDOWg Did you know that stealing medical information these days is 50 times more valuable than credit cards or social security numbers the street value of a medical record is around fifty dollars compared to a street value of $1 for credit card and the average profit per record is $20,000 compared to just $2,000 for regular identity theft the number of HIPAA violation complaint says also geometrically increased since the HITECH Act in the last three years there have been over seventy thousand complaints most of these security breaches are caused by I T infrastructure issues that can be readily fixed a successful healthcare I T infrastructure must use data security measures that comply with HIPAA prevent unauthorized access and protect authentication data Kim green chief security and privacy officer at several health and senior policy adviser to nets which technologies says privileged access is a big problem resulting in serious insider threats badly it is estimated that less than 50% of healthcare organizations manage privileged accounts properly which can lead to rogue admin credentials such was the case and Home Depot Sony and target breaches implementing privileged access and identity management technology followed by the continuous audit of privilege taxes is essential and reducing insider threat and theft of privilege credentials there are several tools available that can make this protection relatively inexpensive and the implementation relatively quick it is not always disgruntled workers and corporate spies who are a threat internal threats are also a major concern in health care it is often the nine malicious uninformed employee who represents the greatest internal threats security awareness is a big problem in most companies today traditional security awareness training on policies and procedures is generally not effective fishing and other social engineering techniques are more sophisticated than ever healthcare organizations need to implement innovative and continuous training program that match discovery techniques with the sophistication of today's threats nets wade in other managed security services providers offer advanced programs that deal with the current evolving threat landscape healthcare is increasingly turning to cloud services and big data technology therefore making security due diligence extremely important however most organizations are failing at properly identifying the security risks associated with their technology vendors and other third parties third-party vendors are not being properly vetted and managed which depending on the types of services being provided can create a significant playing sports and health care organisation security posture and placing the organisation at high risk factors often target third-party vendors as an easy gateway into their larger clients networks because these vendors don't always have the resources or knowledge to implement proper security I recommend that healthcare organizations rely on third parties and who have limited resources engage in an outside firm who has a strong expertise and application and infrastructure security to thoroughly vet their vendors to make sure proper safeguards are in place after all your data is going to be running in their cloud on their systems but security still your responsibility many of the medical devices and healthcare environment are under FDA scrutiny and can't receive security patches on their needed intervals nor have their antivirus signatures updated automatically produce security is a big problem in health care in secure coding development lifecycle week authentication and session management and the absence of embedded security are all potential areas of exposure to the TAC healthcare organizations integrate numerous third-party products into their networks vulnerabilities exist in one vendor's product can serve as a stepping stone to exploit possible vulnerabilities in more critical healthcare systems and equipment such as CPOE EMR systems injection pumps and surgical robots it is critical to get a vulnerability analysis performed so healthcare organizations can properly determined steps necessary to correct the vulnerabilities and their systems before attack occurs as more health care organizations take the necessary steps to implement security measures data encryption is becoming an increasingly hot topic no one wants to make headlines for a healthcare data breach especially if the cause was easily avoidable encryption changes data into a secure format that only an authorized user with the correct encryption key can taxes some sort of data should be encrypted when it doesn't use in transit and at risk to make sure that the data is unreadable it is lost or stolen likely encryption and data security are