CSO - Throughout the year, in such articles as " Medical identity theft a rising and significant threat" and " Healthcare security needs a booster shot," CSOonline has documented many of the challenges the healthcare industry faces in trying to keep its customers' records secure and to run its business-technology systems within regulatory mandates. This week we've turned to security expert Gunnar Peterson, managing principal at Arctec Group, a consultancy based in Minneapolis, MN. Peterson's specialty is on distributed systems security for large, mission-critical systems in the financial, healthcare, manufacturing, and insurance industries, as well as a number of start-ups. Peterson also blogs at 1raindrop and has a number of interesting thoughts on the special challenges of health care security.
CSO: How do you see healthcare data security as being different from securing other types of data and transactions from other industries?Gunnar Peterson: I think that the health care industry has a number of challenges that make the security architect's job, the CSO's job -- in all cases except for one -- much more difficult than in financial services and most other industries. The one thing that's more difficult in financial services is that they have ongoing determined attacks through fraud and other types of financial attacks. That's been with banks long before there were computers. I would argue that almost every other aspect of security is more difficult in healthcare.
It starts with the transaction. One of the nice things that security architects have in the financial world is a very black and white transaction model. The money is in my account, or it's in your account, or it's in the holding company's account. There is no gray area about who's got the money at any given period of time, or where the risk is at any given time. Relatively speaking these transaction models are brutally simple, because lots of players have to sign up for them and there's lots of standardization. And people have been tweaking these models for a long time. When you start a job as a CISO at a financial services firm you are given a transaction model manual, and it's fairly straightforward.
If you compare that to medical records, to healthcare insurance, or other things in that space, there is almost no uniformity, no standardization in how many of these interactions work. On your very first day as a security architect at a healthcare company, or somebody dealing with medical records, you are going to get either no guidance on the transactions model or thousands of pages of Byzantine, non-uniform protocols, data formats, things that don't reconcile -- and then you are going to have to figure out a way to secure this. So, in financial services, you have a nicely layered lasagna and then you have an endless and endless amount of spaghetti with ten different kinds of sauce in the healthcare world.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Something-something “LASER” something-something-something.
The MtGox Bitcoin exchange is bankrupt. Not a huge surprise, but insiders are also alleging chronic incompetence within the company, flowing from the CEO, Mark Karpeles. Supposed hackers have also leaked some PHP code that appears to substantiate those allegations. But could it all be an elaborate ruse to steal customers'
MtGox Co., Ltd. is now aiming for "civil rehabilitation" in a Tokyo District Court (similar to Chapter 11 bankruptcy protection in the U.S.).
In IT Blogwatch, bloggers release the frickin’ ill-tempered, mutated sea bass.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Accelerating Speed to Market in the Highly Competitive Automotive Industry
- This White Paper discusses how an Enterprise Project Portfolio Management solution optimizes project analysis, management, reporting and risk mitigation processes to accelerate new...
- ERP in the Cloud and the Modern Business
- View IDC's White Paper, to review IDC CloudTrack Survey findings, gain expert insight into the challenges and opportunities the cloud presents, and determine...
- Financial Security: What smaller Institutions can learn from DDoS attacks on big banks
- Since last fall, several waves of distributed denial of service (DDoS) attacks have targeted major players in the U.S. banking industry. JPMorgan Chase,...
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software
- See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in... All Financial IT White Papers
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
- Top 8 Communications Tools for Small Businesses Powerful technology is available to help your small business improve its communications with customers, employees and suppliers. View this free On-Demand Webcast produced...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- All Financial IT Webcasts