Change Healthcare issued a statement last week, saying it has substantially completed its review of last year’s data breach that impacted an estimated 100 million individuals. The lesson learned: Regardless of your size, you need to be diligent in uncovering all your data risk points to the extent possible. And don’t assume IT has you covered.
Change Healthcare, it turns out, left an opening for a cyber attack, resulting in the mass theft of names, Social Security numbers, driver’s license numbers, health insurance information and more.
As reported on the website of the The Journal of the American Medical Association (JAMA), the attack ‘’has been attributed to the lack of multifactor authentication on a legacy server, a compliance failure.” As JAMA further observes, there is no security patch for human lapses.
Of course, missteps will always happen. The challenge is to have systems in place that reduce the likelihood of an oversight.
A diligent approach requires:
Systematic oversight of IT, with routine reporting to senior management. Keep in mind, it’s not up to IT to decide on what to report up to leadership. It’s up to leadership to specify the types of routine checks that must be completed and documented.
Given that network vulnerabilities commonly lead to data breaches, reports need to cover all points of potential entry into databases via networks. As a best practice, networks should be segregated to the extent possible.
Thorough and well-documented risk assessment, with high priority focused on the most important data protections. In addition to network security, such priorities include prompt software updates or patch applications, well-tested data backup and incident response plans, and password security and two-part authentication.
Think of it this way: If you rely on IT to tell you what you need to know, then that’s an upside down approach to management. And it can get you in trouble. Take it from Change Healthcare that detail matters in managing IT assets from the top down.
#Data ManagementLongTermCare
Kommentare