Q&A with Alan Kessler

by Lauren Dubinsky, Senior Reporter | April 22, 2015

But, there is a silver lining — our 2015 report shows data protection as the number one priority for IT security spending within healthcare organizations, with compliance at number two. When we issued this report in 2013, compliance was king of the hill. This suggests health care organizations are starting to “get it”, but they are still behind where they need to be.

Reports we received about health care breaches also indicate that the data stolen was not encrypted. It’s necessary to not only encrypt appropriately, but to do so both when it’s in motion (secure communications) and when it is at rest (on storage devices), so that you don’t have an Edward Snowden-type event, or have an attacker compromise a technical administrative account to get to health care data.

New Fully Configured 80-slice CT in 2 weeks with Software Upgrades for Life

For those who need to move fast and expand clinical capabilities -- and would love new equipment -- the uCT 550 Advance offers a new fully configured 80-slice CT in up to 2 weeks with routine maintenance and parts and Software Upgrades for Life™ included.

Using the right encryption techniques for data-at-rest (encryption with access controls) might have stopped the vast majority of recent breaches, or made them much less extensive. We are seeing more and more organizations coming to us with a need for just these capabilities. Companies want to be able to reassure customers that they have encrypted the most sensitive/critical data at their disposal.

In a nutshell, we’re seeing proactive organizations do the following: a) evolve from protecting the minimal/least amount of data they are required to protect (based on compliance) to an “encrypt everything” approach b) evolve from delivering the least amount of control mandated by compliance to implementing aggressive access controls c) prioritize platforms and products that can support multiple use cases in multiple environments.

This favorably influences not only the cost of the data security solution but also the ability to attract, train and retain professionals capable of deploying and managing the solution and d) heavily weigh the operational impact of the data security solutions they choose.

This is because the operational impact of an enterprise-wide deployment can be costly if done so without the right architecture and data security platform solution. Change is happening, albeit slowly. With this in mind, we think the next five years is a bit ambitious. It will likely take closer to a decade.

Back to HCB News


(1) Ulf Mattsson Users who manage IT infrastructure and have full access April 23, 2015 04:42 I agree that "The health care environment has grown more complex as the amount of data being exchanged has increased and the market itself broadened. Now included in the wider insider threat problem set are privileged users who manage IT infrastructure and have full access to the data on the systems that they manage." Ulf Mattsson, CTO Protegrity Log inor Register to rate and post a comment
You Must Be Logged In To Post A Comment Sign In If you've already created an account, use your email address and password to sign in using the form below. Login Problems: Click here if you are having login issues. Email address: Password: Forgot your password? Login Problems? View our Legal Notice and Privacy Notice Register Registration is Free and Easy. Enjoy the benefits of The World's Leading New & Used Medical Equipment Marketplace. Register Now!