Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

How anticipating a health data breach can boost security

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 21 May 2013 01:40:05 -0500 (CDT)
http://healthitsecurity.com/2013/05/20/how-anticipating-a-health-data-breach-can-boost-security/

By Patrick Ouellette
Health IT Security
May 20, 2013
A healthcare chief information officer (CIO) saying that he expects to experience a health data breach is not only unusual, but may produce shock and awe in some parts of the healthcare industry. However, having this type of outlook, regardless of whether the CIO ends up having to deal with a breach or not, can prepare organizations for the worst types of viruses and help ensure that there are security policies in place as well.
At the Institute for Health Technology Transformation (iHT2) Health IT Summit a few weeks ago, Chuck Podesta, SVP and CIO of Fletcher Allen Heathcare, explained to HealthITSecurity.com why he falls under the category of fully anticipating a breach of some sort and being ready when one does come along. The value of taking a proactive approach was further established a few years ago when Podesta and his IT staff were up for 42 hours straights after going through a breach scare a few years ago. Fletcher Allen’s email server was penetrated by a big virus that used algorithms to look for information and Podesta walked us through what happened and how the organization was able to manage the situation because it had put the work and time into its security measures before the virus came into play. 


What were some of your first steps in handling the virus?
All of our applications still worked, but it was still going through our system. A nearby hospital a few weeks later got the same thing, but they didn’t realize it because it didn’t shut anything down and they were in a breach situation. We had McAfee’s central hub that manages all your devices and keeps the anti-virus software updated – we realized that there were about 1,000 devices that weren’t connected based on organic growth as well as other areas we had to shore up.
We were able to contain it quickly and didn’t get into a breach situation, but scared the hell out of us. We had a command center and it cost us about $250,000-300,000 to remediate over a 2-3 week period because we found a lot of holes in our system. 

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org
Previous By Date Next
Previous By Thread Next

Current thread: