Blog

That's Right- We're Busy!

The first quarter has been quite the busy time for us at Axis, with much more to come this Spring. For starters, we've been pretty active with some industry events

The first quarter has been quite the busy time for us at Axis, with much more to come this Spring. For starters, we've been pretty active with some industry events. Last week we exhibited at SecureWorld Boston, and in late February we took part in DataConnectors Jacksonville. Later this month our own data masking expert Ilker Taskaya will be speaking at SOURCE Boston: Secure Outsourcing Success: Best Practices for Minimizing Data Risk Ilker Taskaya, Director of Security Strategy Tuesday, April 17, 2012- 5:30PM-6:00PM In addition to events, we've also been weighing in on some important data security topics that have been making headlines: InformationWeek- 8 Lessons From Nortel's 10-Year Security Breach SC Magazine- Social security risks Another subject that is still receiving lots of attention is e-records and HIPAA. I was recently quoted in Western Pennsylvania Hospital News for a story called, "Bullet Proofing Your Online Security:" “Healthcare costs continue to rise and many organizations want to adopt information technology to reduce those costs and improve the service they provide,” says Mike Logan, president of Boston, MA-based Axis Technology, a provider of IT consulting and data security offerings. “In the excitement to get these savings, special consideration should go to security. Addressing online security up front will prevent costly mistakes later.” Additionally, regulatory requirements such as the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 require you to consider online security as part of your risk based compliance efforts to secure electronic protected health information (ePHI). ... Online security breaches are becoming more prevalent across the board. This has directly affected the healthcare industry because they have become direct targets. Identity thieves look for systems that are insecure or using out-of-date software and attack them. Since most healthcare organizations need to use ePHI data, Logan says they must be vigilant and build in security from the start. When it comes to the increased practice of sharing electronic records, cybercriminals are definitely an issue, among other risks. With the data privacy compliance, state laws and federal standards craze occurring now, many believe that encryption will solve the world’s data theft problems. Logan says that in reality, encrypted information is merely a puzzle that takes a little time to decode if it falls into the wrong hands. “Additionally, it makes sharing necessary information difficult,” Logan says. ... The good news is that the technology exists to protect your organization from cyber attacks. Most organizations are familiar with tools that provide perimeter security such as virus scanners. It is important to realize that just buying some software does not make you safe. “Locking the front door doesn’t help if the back door is wide open,” says Logan. “One important thing to keep in mind is that you should reduce your risk by minimizing the number of places ePHI is stored. A well thought out approach to securing ePHI is needed.” Understanding your current state of online security is also critical. For example, who is managing your HIPAA Security compliance program; what risk based framework are you using as part of your assessment approach; how are you protecting PHI at rest and in transit on operational systems and supporting applications; and how do you maintain vigilance over monitoring who and what has access to your environment? ... The most successful solution that many companies are starting to deploy is new technologies that render data useless if a hacker or thief manages to break through perimeter security, such as data masking which manipulates data so that it’s still useable to doctors and nurses, but unable to be tied back to the individual patient. In short, if data is stolen, masked data is useless to a thief because it is out of context with no way to utilize it outside of the environment. “By using data masking, companies do not have to disclose if there is a breach because the private data is unable to be used by thieves, therefore eliminating the risk to the patient,” says Logan. “It’s an effective measure to protect against both cyber thieves and accidental losses caused by internal mishandling.” So, as the title of my post says, "we're busy!" Stay tuned for more to come...