Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog

David Finn, Symantec’s Healthcare IT Officer, sits down with Bernie Monegian, editor of Healthcare IT News, at the HIMSS’ Priva

Created: 10 Jan 2013 • 1 comment
Margaret Turano's picture
+2 2 Votes
Login to vote

Risk assessment today must focus on the data – not devices, in  new ways due to consumerization, patient engagement and changes in the care delivery and IT delivery models.

David Finn, Symantec’s Healthcare IT Officer, sits down with Bernie Monegian, editor  of Healthcare IT News, at the HIMSS’ Privacy and Security Forum in Boston.

Comments 1 CommentJump to latest comment

david_houlding's picture

Great points. Focusing on the data is becoming ever more important with the traditional security perimeter (healthcare organization firewalls etc) blurring with mobile health, cloud computing and other trends. Compounding this challenge are BYOD, personal apps and other tools empowering healthcare workers with new alternatives and workarounds to get their job done, and inadvertantly further dispersing the healthcare data. Discovering where the data is using tools such as DLP (Data Loss Prevention) is becoming a critical first step. With an accurate and up to date data inventory in hand healthcare organizations can identify unsecured PHI before a potential breach occurs, and take preventative action such as cleanup, encryption, or moving the unsecured data somewhere more secure. Also several good points about risk assessments in the interview with David Finn. Risk assessments can identify and prioritize risks, and (beyond regulatory compliance) can serve as a valuable tool to focus limited dollars for privacy and security to where they reduce the most business risk. Given all the locations of PHI and the myriad of possible ways it can be compromised, many healthcare organizations find that the number of hypothetical risks is daunting. In this case a useful best practice is to assign risks threat sources and use the threat source motivations, capabilities, avenues of attack etc to triage the real risks from the hypothetical risks. This enables healthcare organizations to focus those limited resources where they really count. More on this in another blog I did, and attached whitepaper.

Improving Healthcare Risk Assessments to Maximize Security Budgets.pdf 652.01 KB

David Houlding

Healthcare Privacy & Security Lead

Intel Healthcare IT

Login to vote