The task of managing security is complex. Over 32K security gaps are now documented as potential vulnerabilities and are growing alarmingly. The recently discovered vulnerabilities that were lying dormant for years, such as the Heart-bleed, shell shock, and poodle bugs, and the recent GHOST vulnerability have added new dimensions to the security gaps.
Many of the new path breaking technology developments, may not have factored the safety and security components adequately during their development, introduction in the market and their very fast acceptance due to their appeal. The interconnectivity of these new devices is leading us to voluminous data availability and exposure via, smartphones, Internet of Things (IoT), cloud -based – applications, authentication and storage solutions. Pieces of information picked up from these huge number of connected devices, and big data analytics could open new sources of information exploitation by the organized cyber criminals from volumes of information.
Over 92K checks must be performed to assess the status of security of your infrastructure across your physical and virtual networks, operating systems, databases, and Web applications.
With sophisticated tools, cyber-attackers unfortunately, have asymmetric advantages over businesses.
The need for security analyses stems from the regulatory requirement (45 C.F.R. §§ 164.302 – 318.) This is to help entities in identifying and implementing the most effective and appropriate administrative, physical, and technical safeguards to secure electronic protected health information (e-PHI).
All e-PHI created, received, maintained or transmitted by an organization is subject to the Security Rule. The Security Rule requires entities to evaluate risks and vulnerabilities in their environments and to implement reasonable and appropriate security measures to protect against reasonably anticipated threats or hazards to the security or integrity of e-PHI. Risk analysis is the first step in this process.
The penalties are severe; the second reason why organizations must do a security analysis. For instance, the end of 2014 saw Anchorage Community Mental Services (ACMHS) settlement for potential violations by paying $150,000 and adopt a corrective action plan to correct the deficiencies in its HIPAA Compliance Program. Read more…Download the whitepaper