In this SecurityWeek article, Core Security's CEO, Mark Hatton, wonders about the lack of hype around HIPAA compliance.
Every Time Technology is Used for the Greater Good, We Must Remember There is Also a Group of Malicious Opportunists Waiting to Pounce...
I’ve written a good deal about hype in the past year or so, and how I believe the security industry does itself a disservice by continually playing up issues to serve its own short-sighted purposes. However, it’s also been my experience that, for one reason or another, there are segments of the security market that aren’t discussed enough. One of those segments is healthcare. While retail breaches continue to dominate headlines (most notably Target), healthcare security issues continue to fly under the radar.
During the past several months, it’s been hard to escape media coverage and updates about Payment Card Industry (PCI) compliance and how retail companies such as Neiman Marcus failed to meet the standards outlined by their governing bodies. What most people probably don’t know is that PCI as an industry standard doesn’t come close to containing the teeth of the compliance standards facing the healthcare industry, most notably HIPAA (Health Insurance Portability and Accountability Act). While security is serious business in every industry, and the failure to protect customer data can always have severe consequences, no security failures are as particularly devastating and far-reaching as they are in healthcare.
On the surface it may seem as though credit card information would be the most valuable asset for a would-be hacker, but in reality, healthcare records are the Holy Grail. I recently read that credit card information is selling for approximately one dollar per account on the black market, whereas a healthcare record goes for upwards of $50. Activity from hackers backs up this assertion as well. As with any business or enterprise, if you want the real story, follow the money. According to the Ponemon Institute’s Fourth Annual Benchmark Study on Patient Privacy and Data Security:
To read the entire article, please visit SecurityWeek at: http://www.securityweek.com/healthcare-security-wheres-hype-hipaa
Mark Hatton, President, CEO