Advanced Security Training For It Professionals In Health Care Industry Can Help Thwart Data Breach-www.ncss.org.cn

Computers-and-Technology Health care industry needs to adopt a proper approach to improve data security because as the health care industry increasingly adopts electronic health records, data breaches are also increasing. Recently, the nonprofit Family Planning Council in Philadelphia reported that a USB flash drive containing information on 70,000 patients was stolen in December and has not been recovered. The council provides funding to Philadelphia-area health care organizations offering family planning and reproductive health services such as HIV and STD screening, cancer screening and teen pregnancy prevention. A former Family Planning Council employee, Kelly Len Stanton, 41, was arrested and charged with burglary, theft, criminal trespass and receiving stolen property. Family Planning Council discovered the breach Dec. 28 and reported the incident to the Philadelphia Police Department Stanton’s employment at the organization ended Dec 28, the same day the breach was discovered. The Family Planning Council incident is just the latest in a series of data breaches to be reported. Saint Francis Health System in Tulsa, Okla., reported a major data breach, involving personal information for 84,000 patients. The breach resulted from the theft of a PC occurred in a building that formerly housed the Saint Francis Broken Arrow outpatient facility, which closed in 2007. The building is now an imaging center, but the data center from the old outpatient branch remains in existence. A letter the hospital mailed to patients and employees on Feb. 10 suggested that affected individuals watch their credit card statements, bank accounts, credit reports and health records for fraud. Patient records included names, Social Security numbers, addresses and pre-2004 diagnostic data. Meanwhile, the lost employee records held Social Security numbers, birth dates, salary information and mailing addresses. Despite the breach affecting 84,000 patients, Saint Francis says this number amounts to less than 5 percent of former patients in its database. Another health services provider, the Henry Ford Health System in Detroit, also reported the public of a lost flash drive containing information on 2,777 patients. The flash drive held patient names, medical record numbers, the number of tests ordered, test results, test dates and test locations. No Social Security numbers were on the drive, however. Following the breach, Henry Ford will suspend or terminate employees who leave computers, smartphones or flash drives unsecured, the hospital system reports. "The security of our patients’ health information is our top priority, but we need to do a better job of securing information stored on electronic devices," Meredith Phillips, Henry Ford’s chief privacy officer, said in a statement. "Our patients deserve and expect that when we access their information or store it on an electronic device for work purposes, it’s done appropriately and with the required security protections. Anything short of that breaches the confidence that Henry Ford has established with its patients for almost 100 years." This is the second patient data breach at the hospital in a year. In September, a Henry Ford employee’s laptop was stolen from an unlocked office. The computer contained unsecured information related to pro-state services that patients received between 1997 and 2008. The alarming number of breaches shows a real need to take precautionary measures before these incidents occur. Health care providers are often hesitant to implement security changes due to cost. Ponemon Institute did a study and interviewed 211 senior-level managers at 65 health care organizations. Of the health care facilities surveyed, 69 percent had insufficient policies and procedures to thwart a data breach and detect the loss of patient data. In addition, 70 percent of hospitals did not find protecting patient data a priority. Health care organizations are leaving themselves vulnerable to collective losses of $6 billion a year due to data breaches, according to estimates in a benchmark study by the Ponemon Institute privacy and data-management research firm. Organizations need to implement robust internet security initiatives, including hiring highly trained information security experts in order to avoid security breaches. Information security professionals can increase their information security knowledge and skills by embarking on highly technical and advanced training programs. EC-Council has launched the Center of Advanced Security Training (CAST), to address the deficiency of highly technically skilled information security professionals. CAST will provide advanced technical security training covering topics such as Advanced Penetration Testing, Digital Mobile Forensics training, Application Security, Advanced Network Defense, and Cryptography. These highly technical and advanced information security training will be offered at all EC-Council hosted conferences and events, and through specially selected EC-Council Authorized Training Centers. About the Author: 相关的主题文章: