Performing a risk analysis stands at the core of building a secure network, particularly regarding health care and Health Information Portability and Accountability Act audits, according to Health IT Security. In an interview with the health care news outlet, Edward Zacharias, partner and member of the Global Privacy and Data Protection Group at law firm McDermott Will and Emery, explained why it is so crucial to perform risk analysis.
According to Zacharias, there have been a large number of reported breaches lately. Companies need to become more proactive with how they address potential threats like a cyberattack or security breach. If they wait for a breach to happen, it will already be too late to quell the damage, and the Department of Health and Human Services will often step in and give penalties for the lack of security that caused the breaches, rather than the breaches themselves.
Zacharias adds that protecting mobile devices or laptops is also important. The health IT world is becoming more cloud-based than ever before, and this enforces a need to keep data that has been stored through easily accessible devices - a laptop with an easily hackable password, a smartphone or thumb drive - as safe as possible.
The best way to offer data protection is to begin analyzing the potential risks (high in the case of laptops), and to provide security at levels appropriate to the risk and degree of damage a breach might cause.
Security in the Cloud
A new study by the Ponemon Institute reveals that data stored in a cloud is not as secure as many might think, according to CNN. Many cloud-based servers do not use even the most basic protection.
"You would think that a higher percent of companies would have data encryption or a similar form of protection, because it does present a risk," said Larry Ponemon, lead author on the study and founder of the Ponemon Institute. "Especially if the data sent to them is confidential, as we found."
However, others believe that cloud security can be safe if the proper precautions are taken. George Kurtz, CEO and co-founder of security company CrowdStrike said that clouds are safe if the cloud service provider is secure. Such providers often have more resources than a business dedicated to other projects to keep their cloud-servers highly secure.
Assessing risk is important. In the case of cloud or other third party servers, risk can be determined through evaluating certifications and security standards, which the companies should offer.
