[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] How anticipating a health data breach can boost security
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2013-05-21 6:40:05
Message-ID: alpine.DEB.2.02.1305210139540.8695 () infosecnews ! org
[Download RAW message or body]

http://healthitsecurity.com/2013/05/20/how-anticipating-a-health-data-breach-can-boost-security/

By Patrick Ouellette
Health IT Security
May 20, 2013

A healthcare chief information officer (CIO) saying that he expects to 
experience a health data breach is not only unusual, but may produce 
shock and awe in some parts of the healthcare industry. However, having 
this type of outlook, regardless of whether the CIO ends up having to 
deal with a breach or not, can prepare organizations for the worst types 
of viruses and help ensure that there are security policies in place as 
well.

At the Institute for Health Technology Transformation (iHT2) Health IT 
Summit a few weeks ago, Chuck Podesta, SVP and CIO of Fletcher Allen 
Heathcare, explained to HealthITSecurity.com why he falls under the 
category of fully anticipating a breach of some sort and being ready 
when one does come along. The value of taking a proactive approach was 
further established a few years ago when Podesta and his IT staff were 
up for 42 hours straights after going through a breach scare a few years 
ago. Fletcher Allen's email server was penetrated by a big virus that 
used algorithms to look for information and Podesta walked us through 
what happened and how the organization was able to manage the situation 
because it had put the work and time into its security measures before 
the virus came into play.


What were some of your first steps in handling the virus?

All of our applications still worked, but it was still going through our 
system. A nearby hospital a few weeks later got the same thing, but they 
didn't realize it because it didn't shut anything down and they were in 
a breach situation. We had McAfee's central hub that manages all your 
devices and keeps the anti-virus software updated – we realized that 
there were about 1,000 devices that weren't connected based on organic 
growth as well as other areas we had to shore up.

We were able to contain it quickly and didn't get into a breach 
situation, but scared the hell out of us. We had a command center and it 
cost us about $250,000-300,000 to remediate over a 2-3 week period 
because we found a lot of holes in our system.

[...]



______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 

[prev in list] [next in list] [prev in thread] [next in thread]