Advanced Security Trainings For It Professionals In Healthcare Industry Can Help Reduce Security Bre

By Author: EC-COUNCIL
Total Articles: 68
Comment this article

The healthcare industry needs to adopt proper approaches to improve data security because as the health care industry increasingly adopts electronic health records, data breaches are also increasing.
Recently, the nonprofit Family Planning Council in Philadelphia reported that a USB flash drive containing information on 70,000 patients was stolen in December and has not been recovered. The council provides funding to Philadelphia-area health care organizations offering family planning and reproductive health services such as HIV and STD screening, cancer screening and teen pregnancy prevention.
A former Family Planning Council employee, Kelly Len Stanton, 41, was arrested and charged with burglary, theft, criminal trespass and receiving stolen property. Stanton's employment at the organization ended Dec. 28, the same day the breach was discovered.
The Family Planning Council incident is just the latest in a series of data breaches to be reported. Another health services provider, the Henry Ford Health System in Detroit, also reported the public of a lost flash drive containing information on 2,777 patients. ...
... The nonprofit health system, founded in 1915 by auto pioneer Henry Ford, serves 102,000 patients annually. The flash drive held patient names, medical record numbers, the number of tests ordered, test results, test dates and test locations. No Social Security numbers were on the drive, however. Following the breach, Henry Ford will suspend or terminate employees who leave computers, smartphones or flash drives unsecured, the hospital system reports.
"The security of our patients' health information is our top priority, but we need to do a better job of securing information stored on electronic devices," Meredith Phillips, Henry Ford's chief privacy officer, said in a statement. "Our patients deserve and expect that when we access their information or store it on an electronic device for work purposes, it's done appropriately and with the required security protections. Anything short of that breaches the confidence that Henry Ford has established with its patients for almost 100 years". This is the second patient data breach at the hospital in a year. In September, a Henry Ford employee's laptop was stolen from an unlocked office. The computer contained unsecured information related to prostate services that patients received between 1997 and 2008.
Saint Francis Health System in Tulsa, Okla., reported a major data breach, this one resulting from the theft of a PC containing personal information for 84,000 patients. The breach was notified immediately and police investigation is still under way. The theft occurred in a building that formerly housed the Saint Francis Broken Arrow outpatient facility, which closed in 2007. The building is now an imaging center, but the data center from the old outpatient branch remains in existence.
A letter the hospital mailed to patients and employees on Feb. 10 suggested that affected individuals watch their credit card statements, bank accounts, credit reports and health records for fraud. Patient records included names, Social Security numbers, addresses and pre-2004 diagnostic data. Meanwhile, the lost employee records held Social Security numbers, birth dates, salary information and mailing addresses. Despite the breach affecting 84,000 patients, Saint Francis says this number amounts to less than 5 percent of former patients in its database.
The alarming number of breaches shows a real need to take precautionary measures before these incidents occur. Health providers are often hesitant to implement security changes due to cost. Ponemon Institute did a study and interviewed 211 senior-level managers at 65 health care organizations. Of the health care facilities surveyed, 69 percent had insufficient policies and procedures to thwart a data breach and detect the loss of patient data.
In addition, 70 percent of hospitals did not find protecting patient data a priority. Health care organizations are leaving themselves vulnerable to collective losses of $6 billion a year due to data breaches, according to estimates in a benchmark study by the Ponemon Institute privacy and data-management research firm.
Organizations need to implement robust internet security initiatives, including hiring highly trained information security experts in order to avoid security breaches. Information security professionals can increase their information security knowledge and skills by embarking on highly technical and advanced training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of highly technically skilled information security professionals.
CAST will provide advanced technical security training covering topics such as Advanced Penetration Testing, Digital Mobile Forensics training, Application Security, Advanced Network Defense, and Cryptography. These highly technical and advanced information security training will be offered at all EC-Council hosted conferences and events, and through specially selected EC-Council Authorized Training Centers.
About EC-Council
EC-Council is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various other information security training programs offered in over 84 countries around the globe. EC-Council has trained over 90,000 individuals in technical security training and certified more than 40,000 security professionals. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency in the lack of highly technically skilled information security professionals.