Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

Should the Sony Hack Have Hospitals Concerned?

Posted on December 23, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

If you haven’t heard the details of the Sony hack, then lucky you. It seems that coverage of the hack has been everywhere. Long story short, Sony wasn’t careful and the hackers got a lot of really private information like emails. It was embarrassing to the company in a variety of ways and the effects of it and them eventually pulling The Interview are going to be felt for a long time to come. In fact, some of the hack included Sony’s insurance records which included medical information.

Should hospitals be concerned by the hack of Sony? The hack itself shouldn’t be of particular concern, but it should be a stark reminder that anyone is vulnerable if the hackers want to hack you enough. Unfortunately, the game of privacy and security is a cat and mouse game of trying to make what you have so difficult to access that hackers choose other, simpler targets.

With that said, if Sony, Google, Target, etc can be hacked, then anyone could be hacked. While it’s absolutely critical that you’re doing everything you can to make it hard for hackers to access your systems, it’s also important to make sure that you have proper breach procedures in place as well. How you handle a breach is going to be incredibly important for every organization.

While the Sony hack is going to cost them a lot of money. A breach in healthcare could incur some of the same embarrassment publicly, but there are also stiff HIPAA penalties for a breach. This could get very expensive for organizations that aren’t taking health IT security seriously. If you thought the coming MU penalties are bad, try to calculate in some major HIPAA fines and reduced patient load because patients no longer trust your organization. It will be devastating for organizations.

What is your organization doing to avoid breaches? Are you going beyond the HIPAA risk assessment?

Arbitrary Hospital IT Security

Posted on December 6, 2012 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

A really great quote came out of the mHealth Summit this week that’s worth sharing with this audience:

My favorite example of this is when a hospital makes it a policy that Facebook is not allowed in the office. The problem with this policy is just as the tweet above states, employees will find a way to work around the policy. Sure, you can block Facebook on your local network. However, pretty much every employee has a cell phone in their pocket which they can use to access Facebook if they want to access it. Do you really want to relegate your staff to taking their cell phone in the bathroom to check Facebook?

Instead of trying to control your workers which usually backfires with them working around your policies, I like to look at ways to empower your workers. In this case, instead of banning Facebook, you teach them appropriate and inappropriate use of Facebook during work hours. This empowers your employees to do the right thing as opposed to trying to control their actions through some arbitrary security policy which is impossible to enforce.