Privacy & Security

CISOs, CIOs and infosec pros gathered in Boston this week to tackle a range of security matters, from breach response to worsening cyberattacks to ways in which health IT pros are heroes. Here's a look at the highlights.

After his organization lost health data, Micky Tripathi discovered some hard lessons to breach reporting and recovery.

Over the course of just a few months, Massachusetts-based Partners HealthCare experienced four separate data breaches across its affiliate hospitals. That gave the health system some valuable real-world experience in breach response, said CISO Jigar Kadakia.  

Many security breaches begin with en email that allows malware enters the organization  healthcare institutions begin as a result of phishing.

Penetration or pen tests are an increasingly popular way to find the access points on a network that can be exploited by hackers.

A successful cyber-security program requires a comprehensive approach.

Hackers are getting in at the user level, but by using software-defined networking, organizations can reduce the amount of exposed information.

Focus on the patient experience. Embrace existing business models. Chase the Triple Aim. But avoid hospitals for pilot projects.

HHS Office for Civil Rights said the chances of getting audited are slim, but officials offered advice about what they're looking for when they do conduct an assessment.

When it comes to medical device security, the greatest challenge is equipment is running on outdated systems. The issue then becomes how to protect the data and determine whether the equipment is safe to operate.