[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] How anticipating a health data breach can boost security
From: InfoSec News <alerts () infosecnews ! org>
Date: 2013-05-21 6:40:05
Message-ID: alpine.DEB.2.02.1305210139540.8695 () infosecnews ! org
[Download RAW message or body]
http://healthitsecurity.com/2013/05/20/how-anticipating-a-health-data-breach-can-boost-security/
By Patrick Ouellette
Health IT Security
May 20, 2013
A healthcare chief information officer (CIO) saying that he expects to
experience a health data breach is not only unusual, but may produce
shock and awe in some parts of the healthcare industry. However, having
this type of outlook, regardless of whether the CIO ends up having to
deal with a breach or not, can prepare organizations for the worst types
of viruses and help ensure that there are security policies in place as
well.
At the Institute for Health Technology Transformation (iHT2) Health IT
Summit a few weeks ago, Chuck Podesta, SVP and CIO of Fletcher Allen
Heathcare, explained to HealthITSecurity.com why he falls under the
category of fully anticipating a breach of some sort and being ready
when one does come along. The value of taking a proactive approach was
further established a few years ago when Podesta and his IT staff were
up for 42 hours straights after going through a breach scare a few years
ago. Fletcher Allen's email server was penetrated by a big virus that
used algorithms to look for information and Podesta walked us through
what happened and how the organization was able to manage the situation
because it had put the work and time into its security measures before
the virus came into play.
What were some of your first steps in handling the virus?
All of our applications still worked, but it was still going through our
system. A nearby hospital a few weeks later got the same thing, but they
didn't realize it because it didn't shut anything down and they were in
a breach situation. We had McAfee's central hub that manages all your
devices and keeps the anti-virus software updated – we realized that
there were about 1,000 devices that weren't connected based on organic
growth as well as other areas we had to shore up.
We were able to contain it quickly and didn't get into a breach
situation, but scared the hell out of us. We had a command center and it
cost us about $250,000-300,000 to remediate over a 2-3 week period
because we found a lot of holes in our system.
[...]
______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic