Data breach prevention top of mind for healthcare IT decision makers (WTN News)
According to the survey, 80 percent of respondents say securing patient information from unauthorized access and data breaches is a top priority, and 76 percent claim breach of confidential information or unauthorized access to clinical applications as their greatest security concerns – so much so that 97 percent say that HIPAA and HITECH Act regulations are driving their organization’s purchasing decisions. Seventy-four percent, meanwhile, say their organization will spend more on security in 2010 than it did in 2009.
via Data breach prevention top of mind for healthcare IT decision makers (WTN News).
PCI Update Gets Mixed Reviews
There’s one section in the standard that is more important than any other, says Tom Wills, security and fraud senior analyst at Javelin Strategy and Research. Requirement 6.2 – “apply a risk-based approach for addressing vulnerabilities” – needs to become the over-arching requirement in the entire standard, he says. “This would mean all security controls should be based on carefully assessed risk, and not on following a checklist.”
Security that’s based on actual risk, not on rote compliance, is the only effective strategy to control against financial losses that result from compromised data. Wills wants to see the PCI council take section 6.2 from the middle of the document and put it in a headline position, with every other requirement rolling up to that. “That would send a clear message to the PCI stakeholders that security does not equal compliance, and that putting security first is what we need.
via PCI Update Gets Mixed Reviews.
