Healthcare Information Security Podcast

Healthcare breach statistics reflect an unfortunate trend: "IT security has not really kept pace with the progress that's been made in the adoption of electronic health records," says Dan Berger, CEO of Redspin.

Organizations that have experienced a breach report that three lessons they learned were to limit the amount of personal information collected, limit sharing data with third parties and limit the amount of data stored, a new survey shows.

The privacy risks involved in using social media in healthcare can be minimized through innovative staff education, says risk management expert Paul Anderson.

One reason why encryption is not more broadly used in healthcare is that so many organizations lack an updated risk assessment that identifies the role the technology can play in improving security, says attorney Amy Leopard.

Does the U.S. government's shuttering of the file-sharing website Megaupload.com show that new laws are not needed to battle intellectual property piracy? Brookings's Allan Friedman believes it does.

The recent breach that affected 24 million customers of Internet retailer Zappos.com should lead others to consider how much client information to store, says cybersecurity expert Fred H. Cate.

The Massachusetts eHealth Collaborative, a non-profit consultancy that experienced a health information breach, learned eight important lessons from the experience, says CEO Micky Tripathi.

Zappos was quick to communicate after discovering a data breach impacting 24 million customers. But did the online retailer respond appropriately, or make some missteps in its haste to notify? Francoise Gilbert of the IT Law Group gives a mixed review.

Security managers need the heads up from non-IT executives before they dismiss employees, some of whom might seek payback for their sacking by pilfering data or sabotaging systems, Carnegie Mellon University's Dawn Cappelli and Mike Hanley say.

The first step toward avoiding a data breach: Be aware of and learn from other organizations' mistakes. Listen to hear attorney David Szabo's top three tips for breach prevention and detection.

Criminal background checks for prospective employees - smart move, or discriminatory practice? Attorney Lester Rosen answers this question and details 2012's top 10 trends in background checks.

Notifying patients about a healthcare information breach requires a "difficult balancing act" by entities to ensure that risks are not exaggerated, says attorney Robert Belfort, an expert in HIPAA compliance, fraud and abuse.

To help prevent breaches, mobile devices should be encrypted even if storage of sensitive information on them is prohibited, says security expert Melodi Mosley Gates.

A national network of regional cancer hospitals that has relied heavily on laptop computers is slowly phasing in iPads and iPhones, taking steps to mitigate the security risks involved.

When it's time to stand up in court and discuss forensic evidence in a legal matter, you need someone who knows your business best, says Greg Thompson, VP enterprise security services at Scotiabank Group.

One good way to prepare for a HIPAA compliance audit is to read a recent government report that identified vulnerabilities discovered in seven audits, says attorney Timothy McCrystal.

As organizations move to the continuous monitoring of their IT systems to assure they're secure, they rely much more on automated processes. But don't forget the role people play.

Big data. Consumerization. Mobile growth. ISACA picks these as the top technology trends for IT and information security leaders to tackle in 2012. Robert Stroud offers tips to help manage the risks.

It's not a question of if employees will bring their own mobile devices to work and connect to your systems. It's a matter of when. But the benefits of BYOD outweigh the risks, says Malcolm Harkins, CISO of Intel.

Complexity is among the most significant information risk management challenges organizations face at the dawn of the new year.