Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
SYS-CON.TV
Today's Top SOA Links


HITRUST’s Analysis of U.S. Breach Data Finds Little Progress and Concern for Un-reported Breaches

According to the Health Information Trust Alliance’s (HITRUST) analysis of U.S. healthcare data breaches from 2009 to the present, the healthcare industry has made little progress in reducing the number of breaches with troubling statistics seen from the same types of organizations, breaches and locations. The retrospective analysis of breaches affecting 500 or more individuals indicates a slight decline in the total number of breaches during the past three years, but overall the industry’s susceptibility to certain types of breaches has been largely unchanged since breach data became available from the U.S. Department of Health and Human Services (HHS) and the new HIPAA and HITECH Act regulations went into effect.

HITRUST periodically analyzes the breach data from HHS and other sources and makes it freely available to the industry to inform organizations of trends and continuing security and privacy risks, and to direct modifications to HITRUST programs and requirements.

“By conducting and publicizing this analysis, we believe that over time we can facilitate a fundamental shift in the healthcare industry toward achieving a state of security and privacy that is on par with other leading industries,” said Daniel Nutkis, chief executive officer, HITRUST. “While the data itself is not terribly surprising, it does serve as a critical reminder of the education and improvement that still needs to occur across the industry, regardless of organization type and size. I believe this is why HITRUST continues to see increasing adoption numbers for the HITRUST Common Security Framework (CSF) and participation in the CSF Assurance Program, especially from organizations that have made the commitment to train their security and privacy professionals so that they have the necessary knowledge and skills.”

A close look at the HHS data reveals that since 2009 the industry has experienced 495 breaches involving 21 million records at an estimated cost of $4 billion. With the annual number of total breaches remaining fairly consistent, hospitals and health systems is one of the few groups that can claim some improvements in protecting health information with the largest decline in reported breaches. This group experienced a decline of 71 percent from 2010 to 2011 in the number of breaches, and for the first two quarters of 2012 has only experienced 14 breaches (compared with a total of 48 for 2011). Health plans have also seen a steady decline in breaches since 2009 and have not had to post since the first quarter of 2012.

“We are seeing healthcare providers adopting the HITRUST CSF at a greater rate than other segments, which could be attributed to escalating pressures faced by this industry segment relating to the protection of health information,” said Nutkis. “This group is also leveraging guidance from the CSF Assurance Program that focuses on the high risks for healthcare such as unencrypted devices in support of their meaningful use attestations.”

In addition, HITRUST believes that Stage 1 meaningful use may have incentivized and/or raised awareness for the need for security, particularly in the most likely areas of laptops, desktops and mobile media. However, the data indicates that physician practices, which should be similarly motivated by meaningful use incentives, have continued to demonstrate a lack of progress. This is especially true of smaller physician practices where those with one-to-100 employees account for over 60 percent of the breaches reported in the segment. The analysis indicates that organizations such as these likely lack the awareness and resources in order to adequately recognize the issues and take actions to preempt future breaches. As the interconnectivity of organizations increases through community health records and health information exchanges, small practices may pose a new and significant risk to larger entities that have begun to get a handle on security and privacy.

HITRUST believes that in order for there to be a significant decline in the total number of breaches, the industry must find a way to reach physician practices and provide them with simple cost-effective solutions to their biggest challenges. A step in the right direction would be to provide these smaller organizations – and the industry as a whole – with education tailored to security in healthcare in conjunction with more automated and sophisticated methods to identify and correct risks. This enables small organizations to more easily acquire the necessary skills supplemented by technology so they too can be successful. The HITRUST report provides recommendations for physician practices needing to proactively address their security initiatives.

Surprisingly, reported hacking and malware infections remain low, accounting for a total of eight percent of the breaches. “Data we receive from other sources strongly indicates that U.S. healthcare organizations of all types are experiencing data loss due to viruses, attacks by cyber criminals, password sharing by clinicians, and the prevalence of vulnerabilities in electronic health record (EHR) technologies that are not communicated,” said Nutkis.

HITRUST recently launched the Cyber Threat Analysis Service (CTAS) in partnership with iSIGHT Partners to identify and analyze cyber threats to the U.S. healthcare industry. The CTAS has published more than a half-dozen reports of healthcare data being exploited in underground message boards by cybercriminals from the U.S., Russia and China that cannot be linked back to the reported breaches from HHS. In addition, the service has found that malware is present on approximately 30 percent of endpoint devices in smaller healthcare organizations.

A November 2012 report from the CTAS highlights this new dynamic in the cause for breaches with the observation that a database containing personally identifiable information (PII) and protected health information (PHI) was advertised for purchase on a prominent cybercrime forum.

HITRUST’s own assessment data suggests many breaches may go unreported or undiscovered. Nutkis continued, “because of the gap between the breach data and other sources, we believe the breaches being reported are not all inclusive. While we do not have a sense of the exact magnitude, given the cyber threats that healthcare and other industries face, we believe it must continue to be taken seriously.”

The HITRUST analysis also identified other areas of concern for the industry:

  • Even in this electronic age, breaches of paper records remain significant among the leading segments (providers, payers, government) with errors in mailing and disposal of records playing a substantial role in some of the highest profile paper-based breaches. Since 2009, paper records comprise 24 percent of healthcare breaches, second only to laptops.
  • Business associates continue to account for a significant number of breaches (21 percent) and are implicated in a majority of the records breached to-date (58 percent). This continues to be a problem across all organization types, with physician practices struggling the most.
  • The average time to notify individuals and HHS following a breach is 68 days, with over 50 percent of organizations failing to notify within the 60 day deadline set by HITECH.

The results of HITRUST’s analysis of breach data are influencing updates to the 2013 version of the HITRUST CSF – available in January 2013 – and modifications to the CSF Assurance Program. The program is being updated to align with Stage 1 and 2 meaningful use requirements, and provide adequate coverage for high risks, including endpoint security, third party assurance, and continued requirements for secure disposal. HITRUST is developing and will be releasing detailed illustrative procedures alongside the 2013 updates to provide standardized, industry-approved audit and assessment guidance to HITRUST CSF Assessors, covered entities and business associates.

The HITRUST report – “A Look Back: U.S. Healthcare Data Breach Trends” – is publically available for download at HITRUSTalliance.net/breachreport along with an infographic of the analysis. The report includes in-depth analysis of the breach data and provides recommendations for addressing issues relating to security for endpoint devices, mobile media, paper records, business associates and physician practices.

About HITRUST

The Health Information Trust Alliance (HITRUST) was born out of the belief that information security should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges. HITRUST, in collaboration with healthcare, business, technology and information security leaders, has established the Common Security Framework (CSF), a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health and financial information. Beyond the establishment of the CSF, HITRUST is also driving the adoption of and widespread confidence in the framework and sound risk management practices through awareness, education, advocacy and other outreach activities. For more information, visit HITRUSTalliance.net.

All product and company names herein may be trademarks of their respective owners.

About Business Wire
Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Web 2.0 Latest News
When people think of mainframes, they typically envision ancient, obsolete technology running arcane spaghetti code – systems that IT management would love to retire if only they could free themselves from the clutches of legacy. While there is an element of truth in this perspectiv...
Last week as I was writing Amazon Declares War on VMware, VMware was preparing to announce the acquisition of a pro services team to aid in cloud migration (see coverage in CRN): VMware Acquires Professional Services Firm To Boost Cloud Migration, DevOps Expertise. You can get my thoug...
Change is constant, and over the last decade the nexus of two trends in particular has transformed the enterprise. Mobile technology and cloud software are fundamentally changing the way we interact internally within businesses, and externally with partners and customers. Never befor...
So congratulations, somehow you've managed to wangle your way onto one of the many DevOps conferences being held around the world. Why not you might say? DevOps is not only hot it's the approach many enterprises are now exploring as the means to help accelerate the delivery of high qua...
What does the data landscape look like at Facebook with its 1.3 billion users across the globe? They classify small data referring to OLTP-like queries that process and retrieve a small amount of data, usually 1-1000 objects requested by their … MORE »
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021




SYS-CON Featured Whitepapers
ADS BY GOOGLE


ADVERTISE   |   MAGAZINE SUBSCRIPTIONS   |   FREE BREAKING-NEWSLETTERS!   |   SYS-CON.TV   |   BLOG-N-PLAY!   |   WEBCAST   |   EDUCATION   |   RESEARCH

.NET Developer's Journal - .NETDJ   |   ColdFusion Developer's Journal - CFDJ   |   Eclipse Developer's Journal - EDJ   |   Enterprise Open Source Magazine - EOS
Open Web Developer's Journal - OPENWEB   |   iPhone Developer's Journal - iPHONE   |   Virtualization - Virtualization   |   Java Developer's Journal - JDJ   |   Linux.SYS-CON.com
PowerBuilder Developer's Journal - PBDJ   |   SEO / SEM Journal - SJ   |   SOAWorld Magazine - SOAWM   |   IT Solutions Guide - ITSG   |   Symbian Developer's Journal - SDJ
WebLogic Developer's Journal - WLDJ   |   WebSphere Journal - WJ   |   Wireless Business & Technology - WBT   |   XML-Journal - XMLJ   |   Internet Video - iTV
Flex Developer's Journal - Flex   |   AJAXWorld Magazine - AWM   |   Silverlight Developer's Journal - SLDJ   |   PHP.SYS-CON.com   |   Web 2.0 Journal - WEB2
Apache   |   CMS   |   CRM   |   HP   |   Oracle Journal   |   Perl   |   Python   |   Red Hat   |   Ruby on Rails   |   SAP   |   SaaS

SYS-CON MEDIA:   ABOUT US   |   CONTACT US   |   COMPANY NEWS   |   CAREERS   |   SITE MAP
SYS-CON EVENTS  |  AJAXWorld Conference & Expo  |  iPhone Developer Summit  |  OpenWeb Developer Summit  |  SOA World Conference & Expo  |  Virtualization Conference & Expo
INTERNATIONAL SITES:   India  |  U.K.  |  Canada  |  Germany  |  France  |  Australia  |  Italy  |  Spain  |  Netherlands  |  Brazil  |  Belgium
 Terms of Use & Our Privacy Statement     About Newsfeeds / Video Feeds
Copyright ©1994-2008 SYS-CON Publications, Inc. All Rights Reserved. All marks are trademarks of SYS-CON Media.
Reproduction in whole or in part in any form or medium without express written permission of SYS-CON Publications, Inc. is prohibited.