Healthcare Information Security Podcast

Improving regulatory compliance and security training, as well as detecting and preventing breaches, are top priorities for 2013, the Healthcare Information Security Today survey shows. Sharp HealthCare CIO Bill Spooner tells why those issues are critical.

To ensure the security of sensitive patient information, healthcare organizations need to build a long-term user authentication strategy that creates a comprehensive framework, says Sam Curry, chief technologist at RSA.

Healthcare organizations need to stop offering what amounts to "HIPAA training light" and instead provide meaningful education on key information security issues, says Daniel Berger, CEO at Redspin.

NIST's Ron Ross sees complexity as the biggest risk enterprises face. To ease risk, Ross favors moving data to the cloud. Purdue's Eugene Spafford doesn't fully subscribe to Ross' plan. The two square off in this interview.

To meet the HITECH Act electronic health record incentive program's upcoming requirements for health information exchange, providers will need to use security best practices. David Kibbe, M.D., of DirectTrust, explains how his group is fostering those practices.

Kaspersky Lab has identified a new spear-phishing attack involving a Trojan designed to target Android devices. Researcher Kurt Baumgartner says organizations need to be prepared for more mobile malware attacks.

Intel has added privacy to the portfolio of its top information security executive, Malcolm Harkins, who says too many information security professionals are "color blind or tone deaf" to privacy, wrongly thinking strong data protection provides privacy safeguards.

Getting inspectors general and agencies' IT security heads to agree on how best to evaluate information security should strengthen U.S. federal government agencies' risk management frameworks, say former OMB leaders Karen Evans and Franklin Reeder.

The health advocacy group Genetic Alliance on April 5 will unveil a registry designed to enable patients to control how health information is shared with researchers. Spokesman Greg Biggers discusses privacy measures.

Computer networks in nations where the government has ratified international cyber-agreements have lower incidents of malware infection, says Paul Nicholas, Microsoft senior director of global security strategy and diplomacy.

The new Aurora Research Institute is taking multiple steps to protect the privacy of patients who participate in medical research, clinical trials and personalized medicine endeavors, says institute leader Randall Lambrecht.

The bad guys who attack information systems are getting better at what they do, making old threats even more dangerous, says Steve Durbin of the Information Security Forum.

Want to know how predictive analysis could work to defend your IT systems? Take a look at how American Navy SEALS found Osama bin Laden, says Booz Allen Hamilton's Christopher Ling.

What can organizations do to improve security after a network attack? Post-breach investigations help security leaders trace steps and strengthen weak points, says investigator Erin Nealy Cox.

What's the cost to an organization when it suffers a seurity breach and breaks trust with its own customers? Jeff Hudson, CEO of Venafi, presents results of a new survey on the cost of failed trust. Venafi has just partnered with Ponemon Group to release a new survey, "The Cost of Failed Trust". Among the key findings: $398M is the average loss facing every Global 2000 organization from attacks on trust assets. And so many of these incidents result from serious exploits of what could be described as common, easy-to-fix vulnerabilities.

The motive behind the cyber-attack on South Korean banks and broadcasters was atypical, as compared to most digital assaults that involve implanting malware on IT systems, says McAfee's Vincent Weafer.

How can healthcare providers help to ensure better medical device security? They need to put more pressure on device vendors at the time of procurement, says security researcher Kevin Fu.

It's a boom time for information security start-ups. But what unique qualities separate winners from losers? Alberto Yépez of Trident Capital describes the role of venture capital in today's market.

The Medical Device Innovation, Safety and Security Consortium is developing a tool to help providers select medical devices based, in part, on their security attributes, says Dale Nordenberg, M.D., executive director.

CIOs need to go beyond a short-term focus on securing individual systems and take a broader, long-term view on privacy and security issues, says Harry Greenspun, M.D., of the Deloitte Center for Health Solutions.