Healthcare Information Security Podcast

Terrell Herzig, information security officer at UAB Medicine, discusses the steps he's taking in the wake of the attack against RSA's SecurID two-factor authentication products.

Marcus Ranum isn't just a well-regarded information security expert. He's also a customer of the RSA SecurID product, and he's got some strong feelings about the RSA breach and how the industry has responded to it.

Healthcare organizations should provide their staffs with training on how to guard against identity theft regardless of whether they must comply with the federal Red Flags Rule, says fraud prevention expert Jeremy Miller.

King says new guidance tackles data collected via call centers and other telephone communications.

The announcement by RSA that it had been a victim of an advanced persistent threat shook the global information security industry. Stephen Northcutt of SANS Institute and David Navetta of the Information Law Group offer insight on what happened, what it means and how to respond.

It's serious news that RSA's SecurID solution has been the target of an advanced persistent threat. But "It's not a game-changer," says Stephen Northcutt, CEO of SANS Institute. "Anybody who says it is [a game-changer] is an alarmist."

ChicagoFIRST's Brian Tishuk says local lessons can be learned from Japan, especially within the financial, government and healthcare sectors.

"Persistent" is the operative word about the advanced persistent threat that has struck RSA and its SecurID products. "If the bad guys out there want to get to someone ... they can," says David Navetta of the Information Law Group.

This week's top news and views: Health Net Breach Investigated; Insights From HIPAA Summit; OCR's McAndrew on Enforcing HIPAA.

A roundup of this week's top news: Hackers target RSA's SecurID products. Also, Japan's nuclear crisis: What do you need to know? Plus: New Health Net breach may be biggest ever.

Smartphones are ubiquitous in organizations today. But how secure are these devices -- and what are the security and liability vulnerabilities associated with their use?

Disaster recovery expert Regina Phelps says Japan's nuclear emergency puts local citizens at risk, but organizations globally can learn from the crisis. "I hope that all of us look at this and ask, 'What can I do to be better prepared?'"

Adequate funding for privacy and security measures is essential to the success of sharing electronic health records to improve the quality of care, says William Braithwaite, M.D., Ph.D.

Privacy and security specialist Phyllis Patrick offers practical tips on preparing for the upcoming federal HIPAA compliance audits.

Susan McAndrew of the HHS Office for Civil Rights discusses recent high-profile HIPAA cases, upcoming state attorneys general training and the pending HIPAA audit program.

Joy Pritts of the Office of the National Coordinator for Health IT says the office intends to develop standards that would give patients the ability to exclude clinicians from accessing certain portions of their electronic health records.

In the initial wake of Japan's devastating earthquake and subsequent tsunami, business continuity plans have been tested, and organizations now are dealing with severe aftershocks and a growing national crisis, says Alan Berman, executive director of DRI International.

This week's top news and views: State AGs to Get HIPAA Lawsuit Training; Eight Breach Prevention Tips; Evolving Uses for Smart Cards.

Domain Name Security - it's one of the most neglected aspects of information security, but critical to healthcare organizations.

Russ Jones of Albert Einstein Healthcare Network describes why the delivery system shifted from magnetic stripe cards to smart cards for a variety of applications.