Bridget Group on Legacy Data [Podcast]

07/20/21 • 11 min

Post By: Adam Turteltaub Legacy data is any data that your organization has lying around in obsolete formats that isn’t accessed regularly but is, instead, held for regulatory purposes. While that may sound innocuous enough, it can be an enormous problem for healthcare providers, says Bridget Group (LinkedIn), Corporate Counsel of Harmony Healthcare IT. Typically the data is held in systems which are long out of date and lack the security features that are prudent for the current environment. The hardware is equally problematic, tending to be unstable with long downtimes and high maintenance costs. That can make it hard to meet the requirements of HIPAA and the 21st Century Cures Act. So what should healthcare providers do to manage this challenge? First, she recommends setting up a registry of all the systems across the enterprise to get a handle on what data is available and where it is. The IT department and health information management team can both be helpful. Take the time to understand the retention requirements for the data under both Federal and State laws, the latter of which can be the more restrictive. Then, if you don’t have one already, set up a data governance board, with the charge to identify health information captured across the organization, understand the purpose of the data, who can access it and how long it must be kept for. The board can and should create policies for retention, destruction and access. Be sure also to train the workforce so it understands its obligations. Finally, she advises moving data into an archiving solution, the cloud or a data warehouse and off of those legacy systems. Listen in to learn more about how to keep legacy data from damaging your organization’s legacy.

Previous Episode

Nick Culbertson on Data Breaches in Healthcare [Podcast]

Post By: Adam Turteltaub Preventing data breaches is a critical task for all businesses these days, but it’s especially so in healthcare. No one wants to see health information disclosed, and the risks of a ransomware attack are enormous, literally putting lives at stake. And, of course, there are significant consequences under HIPAA. Nick Culbertson, CEO and co-Founder of Protenus, reports that there were well over 700 breaches in healthcare in 2020. Over 40 million records were affected. It’s a staggering number, and one such breach exposed over 3 million records. Breaches occurred in 49 of 50 states and Puerto Rico. In sum, nowhere is safe. What can healthcare organizations -- and others, too, for that matter -- do to protect themselves? He recommends taking a layered approach. That includes security measures such as strong firewalls but also extensive training of employees, penetration testing and audit log monitoring. In sum, embrace multiple layers of defense that can protect against a wide range of possible mishaps. In addition, as he explains in this podcast, it is important to take a broad view of the human risk elements. These range from snooping into records to find out if someone does or does not have COVID, to failing to dispose of paper records properly, to bad actors offering furloughed employees cash for their passwords and IDs. One other area to protect against: breaches through business associates. With increased integration of providers and their suppliers comes dramatically increased risk. The largest incident in 2020 was the result of one such breach. The bottom line, he reports, is that organizations need to invest more in their cybersecurity, but compliance and privacy teams also need to stay on the alert for simple, human failings. Listen in to learn more about how to protect your organization.

Next Episode

Jenny Radcliffe on People Hacking [Podcast]

Post By: Adam Turteltaub Liverpool-based Jenny Radcliffe, who leads Human Factor Security, is not your typical hacker, clad in a black hoodie and working out of basement. Rather than spending her time hunched over a keyboard, she seeks to hack people. What does that mean? As she explains in this podcast, she uses persuasion, psychology and influence methods to make her way into systems, and even into physical premises. She is often hired to break alarms and see if she can talk her way into a building. She does it by capitalizing on the all-too-human aspects of our personalities, and from her experiences she has learned how phishing emails and other techniques also capitalize on human weaknesses to enable hackers to breach computer systems. What’s both terrifying and fascinating, is how hackers take advantage of our weaknesses, tailoring their attacks, knowing that different scams work for different people and cultures. In fact, she explains that the organization culture you have, is the hack you invite. In a hierarchical organization the hacker will likely use authority principles. In a younger, less rules-driven culture attackers may use registration for a social activity as a way to steal passwords and IDs. Hackers also take advantage of human emotions and stress. As she memorably says, “Emotion kicks logic off the cliff.” That’s why techniques such as promising a prize or threatening the release of embarrassing information can be so successful in getting people to click where they shouldn’t. She advises companies create “cognitive firewalls” within their organization, helping employees to watch for red flags such as: Any approach via email, call or social media that makes the recipient emotional The mentioning of money The request to act, especially if asked to act quickly How else can you protect your organization? By making it safe for people to come forward when they make a digital mistake. The more comfortable they are coming forward, the faster they will and the sooner the breach is remediated. And how do you find the internal bad actor? That, she says, falls on the shoulders of line managers, who need to be on the lookout for changes of behavior that may indicate stress. Listen in to learn more, including the risks that can come as employees return to the workplace.