Are procedures a substitute for responsible and ethical behavior? The behavior of former secretary of State (and Presidential race loser) Hilary Clinton is an important example of how feeling entitled is not the exclusive domain of under 20-somethings. When we do a threat analysis of medical devices, we try to look beyond the technical security […]
Friday, today is the 14’th anniversary of the Al Queda attack on the US in New York on 9/11/2001. The world today is more connected, more always-on, more accessible…and more hostile. There are threats from Islamic terror, identity theft, hacking for pay, custom spyware, mobile malware, money laundering and corporate espionage. For those of us […]
A chain of risk analysis The HIPAA Final Rule creates a chain of risk analysis and compliance from the hospital, downstream to the business associates who handle / process PHI for the hospital and sub-contractors who handle / process PHI for the business associate. And so on. The first thing an organization needs to do is a risk analysis. […]
Dealing with DLP and privacy It’s a long hot summer here in the Middle East and with 2/3 of the office out on vacation, you have some time to reflect on data security. Or on the humidity. Or on a cold beer. Maybe you are working on building a business case for DLP technology like Websense or Symantec or Verdasys, or Mcafee or Fidelis in […]
Mobile security: Risks of 2014 and beyond These days the vast majority of us own mobile phones with some of us owning more than one, not to mention all of the PCs, laptops, tablets and watches that keep us connected to the wide world on a daily basis; we live our lives online, we chat online, meet new […]
The number of bring your own device (BYOD) workplaces is increasing. Hospitals are certainly no exception with nursing staff, doctors and contractors bringing their own mobile devices into the hospital – and in many cases, jacking into WiFi networks in the hospital premises. With mobile access points via your smart phone – you don’t even […]
The 6 key business requirements for protecting patient data in networked medical devices and EHR systems: Prevent data leakage directly of ePHI (electronic protected health information) from the device itself, the management information system and or the hospital information system interface. Data loss can be protected directly using network DLP technology from companies like Websense […]
From a recent article in Healthcare Global. Studies suggest that 30-50 percent of patients are likely to give up treatments early. Microsoft Research has developed an innovative, hand-held medical device called Anatonme to help patients understand their issue and complete their treatment plan more often. We’ve been doing research and development into private, controlled social […]
Beyond the firewall – data loss prevention What a simple idea. It doesn’t matter how they break into your network or servers – if attackers can’t take out your data, then you’ve mitigated the threat. Data loss prevention is a category of information security products that has matured from Web / email content filtering products […]
If a little compliance creates a false sense of security then a lot of compliance regulation creates an atmosphere of feeling secure, while in fact most businesses and Web services are in fact very insecure. Is a free market democracy doomed to suffer from privacy breaches – by definition? My father is a retired PhD […]
Follow