PCI Breaches – Can we at least detect them?
Almost all Payment Card Industry (PCI) breaches over the past year, including the most recent one at Supervalu appear to have the following aspects in common: 1. They involved some compromise of Point...
View ArticleHello PCI SSC…
Hello PCI SSC, You had me on board until I saw this statement in your guidance1 released yesterday. “However, using risk as the basis for an organization’s information security program does not permit...
View ArticleClik here to view.
Security is mostly basics, but talk is cheap
In most cases, better security posture is all about getting a few basics right. And this recent incident related to the breach of a Healthcare.gov server may be further proof of that. Based on this...
View ArticleClik here to view.
Hello PCI SSC… Can we rethink?
This is a detailed follow-up to the quick post I wrote the Friday before the Labor Day weekend, based on my read at the time of the PCI SSC’s Special Interest Group paper on “Best practices for...
View ArticleClik here to view.
Patient Portals – Make or Break
Like many other Health IT initiatives today, the primary driver for patient portals is regulatory in nature. Specifically, it is the Meaningful Use requirements related to view, download or transmit...
View ArticleClik here to view.
Wise Words To Avoid Horror Stories in Identity and Access Management
It is no secret that Identity and Access Management (IAM) continues to be a challenge for many organizations. As a witness and practitioner in the space for over 10 years now, it is not clear to me...
View ArticleClik here to view.
Docs turn up the heat on ONC! – Security Commentary
HealthcareITNews reported yesterday on this letter that was written by several physician organizations to the ONC. I wanted to write a couple of quick thoughts on the security aspects raised in the...
View ArticleClik here to view.
This is how the #AnthemHack could have been stopped, perhaps
It has been just over a week since the #AnthemHack was made public. Over this period, the main stream media and many of the bloggers and commentators, as usual, have been all over it. Many have...
View ArticleNo, Security-Privacy Is Not A Hindrance To TeleHealth Adoption
Since I follow the teleheath space rather closely from a security/privacy perspective, I was drawn yesterday to this article titled “How Health Privacy Regulations Hinder Telehealth Adoption”. From my...
View ArticleClik here to view.
Is your auditor or consultant anything like the OPM OIG?
The OPM breach has been deservedly in the news for over a month now. Much has been written and said about it across the mainstream media and the internet1. I want to focus here on a topic that hasn’t...
View Article
