Social media has taken the world by storm, but there are many instances when it has been used inappropriately to abuse privacy. Hospitals, especially, are in danger of this – the privacy levels required in a hospital are high and social media breaks down all barriers of privacy. Social websites like Facebook and Twitter, video websites like YouTube and even blogs have made it easy to pass on information, and since there is no one policing the information, boundaries are crossed easily. The HIPAA Security Rule can be easily broken. Social media security has become very important. Information Security policies are required for HIPAA risk requirements.
Imagine a situation where someone is ill and has to stay in the hospital for a few days. Or where someone is diagnosed with something that people treat as particularly embarrassing, or that holds the threat of death. All it takes is for one person to post a message or a picture taken in the hospital of the patient, and in minutes, the whole world will be able to access the information. If malicious things are said about this patient and they get to hear about it, it might harm their health further. A HIPAA security assessment would be required after such a data breach.
Hospital employees in particular need to be extra careful, because they can easily break the HIPAA Security Rules and get into legal trouble. Blogs where hospital employees meet are a great idea for them to discuss their work, but these same blogs can easily cross boundaries and find themselves discussing a particular patient. The hospital employee can be fired and sued. The hospital itself is in particular danger of being sued.
Social media has changed the way we communicate but we need to know when it’s appropriate and when it is not. In hospitals, in can be especially damaging if used in the wrong way. To stay out of trouble, hospitals need to have a clear policy on social media and how their employees use it and have consistent HIPAA risk assessments.
As the Internet and technology advances at increasing speeds, the concerns over security are keeping pace. New threats to security emerge every day. Check out the National Vulnerability Database . With access to the Internet expanding to various devices other than the laptop or desktop, there are more opportunities for attacks. With the ever increasing connectedness of our society, it is important to look at the Internet security trends 2013 and be prepared.
Each time you access the Internet, you are putting yourself and your technology at risk by exposing it to the security risks, known and unknown. The security trends for the coming year are looking to focus around a variety of threats including cyber conflict, ransomware, madware, social software and cloud-based cyber attacks. Like it or not, these concerns aren’t going away any time soon, so it is best to gain a baseline understanding of them so that you’ll be able to protect yourself in the coming year.
As you can see, each of the Internet security trends of 2013 pose a real threat to your security online. Now is the time to take serious steps to protect yourself from these emerging trends so that you will be able to start the new year off right. It may seem like these things will never happen to you, but usually these attacks come when you least expect it. Just like home invasion, if you’re an easy target, you’re more likely to get hit by any one of these threats. The best defense is a good offense and in this case. For help in cloud, network and social media security, contact us at KRAA Security.
In today’s world, more and more employees are using their own devices to access company websites and work screens. iPhones and iPads are two devices that are very popular now and being used as the all in one device for many people. They don’t realize that these devices may not be that secure and for a company, it can have very costly data breach situations. Healthcare companies are especially susceptible to HIPAA patient data loss implications. If you lose data that is federally protected, then you open yourself up to legal repercussions and lawsuits from individuals as well and potential monetary penalties.
Many companies have adopted bring your own device (byod) policies because a lot of employees would just as soon use their own equipment. After all, they already have it and they are quite used to using it in most aspects of their lives. While this may seem like a perfectly reasonable solution, it may not be wise unless companies have truly looked at the issues with their risk management team. Fines as high as $1.5 million dollarshave already been assessed in at least one situation in a teaching hospital that lost data on a mobile device that was unencrypted.
Companies are now required to perform a risk assessment and implement a data breach protection program, including for mobile devices. Those without a plan in place can be on the receiving end of some pretty hefty fines. Some important numbers that companies should be aware of are:
-84% of employees use their smart phone for everything, including work and personal use
-47% of all people don’t use a password protection on their mobile devices
-51% of companies have no ability to erase data from a lost or stolen device
-49% of employees have received no training at all on mobile device security from their company
These issues are going to need to be addressed by all companies if they truly wish to remain out of hot water and avoid these issues with HIPAA protected data loss. A BYOD policy may save money in not having to supply equipment to employees but it also may leave you open to lawsuits and big fines. Deciding which route they want to take should rely heavily on risk assessment.
Data needs to remain safe at all times and this needs to be addressed by technology companies as well. Being able to erase information from a lost device, over the air and remotely is a technology that is a must for these sorts of companies who handle sensitive materials. Companies should really explore all options in protecting and destroying data if they follow a BYOD policy.