If companies that specialize in computer security get hacked, why are hospitals and doctors who do NOT specialize in computer security held to an even higher standard?
Criminal penalties against healthcare professionals and organizations are steep for computer data breaches at $100 per record with criminal penalties that can include fines of $250,000 and 10 years in prison.
Given such steep penalties, the assumption is that hospitals and physicians must be experts in computer and network security... even better than companies that specialize in this subject area... or can purchase one.
So who should healthcare organizations hire to secure their computers to avoid getting hacked as I can certainly tell you, they are most certainly not security experts?
Google? Symantec? RSA? Verisign? The pentagon?
They've all been hacked successfully... As such, how can we trust their security products?
The answer is simple... There is no company that can be contracted to provide bulletproof security.
The only way is to NOT use a computer at all!
So here's the interesting quandary...
The government is mandating hospital and physicians to transition to electronic medical records or start facing penalties for not doing so.
BUT, the electronic medical records must have bulletproof security or else criminal penalties and even jail-time can be had for any breaches.
With these mandates, the only thing doctors and hospitals can hope for is to not get noticed by hackers. Either get punished for not using a computer or get punished for not having a security system even better than the pentagon.
Source:
Why the security industry never actually makes us secure. CNET 3/3/12
HIPAA Violations and Enforcement. AMA
No comments:
CLICK to Post a Comment