Latest US Health Data Breaches Follow Worrisome Trends
Federal Tally Underscores Biggest Hacking Threats, Risks From Vendors
… Regulatory attention on the steady rise of business associate breaches appears to demonstrate that vendors are under closer scrutiny, says Susan Lucci, senior privacy and security consultant at consulting firm tw-Security. This is sending an important message to vendors, she says.
“As a result of this required higher level of standard security measures, business associates are far better prepared to understand and report a data breach than they might have been when the [HIPAA omnibus rule] became effective in 2013,” she says.
While some vendors are facing more scrutiny by their covered entity clients, other obstacles are also at play, says Tom Walsh, president of tw-Security.
“Many organizations – covered entities and business associates – rely on contract labor. This is especially true when unemployment is low and there are not enough qualified people to fill vacant positions,” Walsh says. “This creates challenges,” he says. For instance, by Internal Revenue Service rules, contractors must use their own equipment, such as workstations, laptops, tablets and smartphones, he says.
“When an organization owns and controls equipment, they can use technical controls to enforce written security policies or standards,” he says. “But it’s not that easy to control the contractor’s work environment and equipment. That is why vendor vetting and management are more important than ever.”