skip navigation
Subscribe via RSS  


Tag Cloud
password management, hitech, data breach, breach, security, hipaa compliance, biometrics authentication, password sharing, security risk, security breach, secure authentication, data security, password policy, healthcare access management, user authentication, fingerprint biometrics, user access, data breaches, biometric authentication, healthcare single sign on, strong authentication, fingerprint biometrics,, hipaa, access management, single sign-on, onesign, application access, network access, proximity cards, insider breaches, compliance, authentication management, healthcare, emr, finger biometrics, two-factor authentication, security risks, biometric fingerprints, identity management, management, identity and access, secure application access, enterprise security, biometrics, application security, single sign on, mckesson insight conference, medical records, healthcare single sign-on, enterprise single sign on, single sign on technology, fingerprint biometric, identity and access management, biometric fingerprint, password policy management, himss 09, physical and logical convergence, two factor authentication, biometric identification, insider threat, events, user provisioning, electronic transactions, passwords, physical-logical convergence, physical logical security, esso, simple sign-on, sso, sso appliance, summit, keystone, 2008, authentication and access management, physical and logical access, authentication, physical/logical, asis, convergence, strong passwords, physical security, access and authentication, security breaches, secure access, sign-on


Archive
July 2010 (2)
June 2010 (3)
May 2010 (3)
March 2010 (4)
February 2010 (5)
January 2010 (1)
December 2009 (3)
November 2009 (3)
October 2009 (4)
September 2009 (4)
August 2009 (7)
July 2009 (4)
June 2009 (4)
May 2009 (1)
April 2009 (2)
March 2009 (2)
February 2009 (2)
January 2009 (1)
December 2008 (1)
November 2008 (2)
October 2008 (3)
September 2008 (4)
August 2008 (4)
July 2008 (6)
June 2008 (5)
May 2008 (8)


Authors
Michael Bilancieri
Dr. Barry Chaiken
Jim Whelan
Ali Pabrai
Tom McDermott
Jon Hamdorf
Chris Feeney
David Ting
Bill McQuaid
Jason Mafera
John Clark
Chip LeBlanc
Christopher Paidhrin
Rik Van Bruggen


Recent Posts
Even Spies Have Password Management Problems
HIT Policy Committee Consumer Choice Technology Hearing Recap
Major Healthcare Patient Data Breaches Nearing 100-Mark
PHI Access Requires Robust Security and Privacy
User Access Relevance in a HITECH Age


Chat Now
Chat Now
 


SSO and Strong Authentication: How OhioHealth Built a Paperless Hospital
In this case study presentation, Joe Greene, IT Security Director at OhioHealth, explains how he and his team approached employee access challenges when they laid the IT foundation at Dublin Methodist, a brand new paperless hospital. More than a year after the doors opened at Dublin, their project is a proven success and there are many best practices and lessons learned to be shared with viewers.  Download the webinar today!

Identity 360 - An Imprivata Blog



filter by tag: biometric fingerprints

Halloween Scary Security Stories – Healthcare Security Risks

October 30, 2009 at 11:28 AM by David Ting

 

 

This week, I took part in Network World’s annual real-life scary security stories podcast, a panel hosted by Keith Shaw that looks at some of the most frightful security incidents over the past year.  This year, I focused on some of the data security incidents that are becoming all too common in the healthcare industry.

 

It seems like we read about a new healthcare related data breach every other week – whether its celebrity records being exposed, or a case like the Virginia Department of Health exposing more than 8 million patient records.  For security officers and CIOs in healthcare, a bigger scare is found in the new fines imposed by states like California, where organizations are fined up to $250,000 for each data breach incident.

 

These incidents, and the harsh penalties being enacted, have forced the healthcare industry to take a closer look at their security practices.  Most organizations understand the need for strong authentication – using technologies such as biometric fingerprints to ensure that only the properly credentialed can access sensitive data.  While this prevents the wrong people from accessing your systems, it doesn’t address the growing concern of unintentional data breaches caused through inadvertent access.

 

Inadvertent access occurs when someone is authenticated into a system, but accidentally leaves the access open on the workstation they’re using.   Here’s one story I shared with Keith:

 

·         A customer I spoke with had a small clinical practice with 3 examination rooms – each containing a computer.  As the nurse walks in, she securely authenticates into the workstation to log patient data.  When she’s finished, she locks the stations and goes to get the doctor.  As the doctor comes in to see the patient, he re-authenticates into the system and adds in his patient notes and diagnosis, then leaves to check on another patient – leaving the system unlocked.   The patient now has access to his medical records and can see all the notes the doctor wrote – while having the ability to access other records in the system.

 

In the instance above, the healthcare organization was sued by the patient who actually looked at his own record and didn’t like the information the doctor wrote about them.

 

Scary stuff – despite properly authenticating users, unintentionally leaving the system open created a security hole that circumvented these controls.  I’ve blogged about the importance of walk away security in the past, which can close the other side of the security gate and prevent unintentional access from occurring.

 

Have a scary security story to share?  Email me and let me know.

 

Tags:  security risks, data security, strong authentication, biometric fingerprints

Tagssecurity_risks biometric_fingerprints strong_authentication data_security

FACEBOOK
LINKEDIN
DIGG
diigo itDIIGO
FURL
TECHNORATI
STUMBLE UPON
DELICIOUS
 
© 2010 Imprivata, Inc. all rights reserved | Sitemap