The Price You Pay for a Security Breach

Over and above the monetary fines that your entity has to bear in the event of a breach, the number of hours spent on investigating, deliberating, notifying affected individuals, and then implementing new controls take away a lot of your entity’s time and effort. In addition to this, the reputation of your entity suffers. And regardless of whether an individual is personally affected by the breach, a security incident makes them wary of your entity, and as a result you may end up losing customers.

The Need for Continuous Improvement

While most experts emphasize the importance of having security policies in place, it is important to remember that policies are just the starting point. What is crucial is a continuous effort to improve your security programs because the security risk environment is always shifting, and therefore security efforts have to be ongoing.

A number of useful resources online can serve as a free guide for high quality advice on information security, ranging from non-technical user awareness and training to highly technical topics such as encryption of data. NIST’s Computer Security Resource Center is one such valuable source where topics such as security management and assurance have been covered. The Program Review for Information Security Management and Assurance (PRISMA) is a highly useful resource found on this site. This can help review the maturity of your information security program and enhance protection based on this review.

While there is no doubt that every healthcare entity requires a comprehensive, documented, verifiable, and effective information security program to ward off security incidents and breaches, the fact is that such a program cannot be a product of chance or occasional effort. Continuous effort is the key. Which is why, it is important for you to go beyond putting policies in place. Although policies are essential to set the tone and direction of your security program, without the right technology, procedures and training, policies cannot bring about the desired results.

Another ongoing concern that continues to plague healthcare is the failure to encrypt data. Although some entities and business associates have realized the need for encryption and routinely encrypt devices and media, many others are yet to move beyond the mere ‘policy’ to encrypt data and actually implement the policy. Such a deficient security program or inadequate workforce training/awareness can pose a significant threat to your entity and jeopardize its reputation. What your entity will thoroughly benefit from is a comprehensive solution such as Aegify Security Posture Management (ASPM) or Aegify SecureGRC. From providing a complete security and compliance framework, to conducting periodic risk assessments and training, and supporting your data encryption needs, these solutions offer the ideal means for continuous improvement of your security posture. They help you detect threats at an early stage and prevent security incidents, thus not only safeguarding health information effectively, but also protecting your entity’s reputation.

The post Insights as you Broach Breach Prevention in 2014 appeared first on Aegify.