Three weeks ago Internet users were notified en masse that a security vulnerability had been discovered in OpenSSL, a widely-used piece of open-source software that helps securely transport information around the web. The so-called Heartbleed bug forced healthcare IT vendors across the industry to perform internal forensic analyses to check whether they were sending vulnerable PHI across various internal and external networks.
Just one week later Microsoft announced that it had discovered a serious security vulnerability in its Internet Explorer browser. The issue was so severe that it prompted the federal government to tell citizens to use another browser until the flaw had been corrected. Once again, health IT vendors had to perform HIPAA-mandated security risk assessments to measure the severity and scope of the security incident.
Keeping the April security flaw theme going, just last week yet another vulnerability was discovered in a tool that many people use every day. The “Covert Redirect” vulnerability in OAuth, an open-source log-in tool used by such Internet titans as Facebook and Google, allows hackers to steal user data and gain access to secure websites. Again, vendors in the healthcare space with user-facing portals had to perform the same assessments to determine if their customer PHI had been compromised.
It was certainly an April to remember for health IT security professionals. Aside from countless hours of remediation and forensic efforts, these events should serve as a reminder of the risks associated with allowing a Business Associate to take custody of you patients’ PHI. Business Associate Agreements can be signed, and vendor assessments can be performed, but at the end of the day, you are placing yourself at the mercy of your provider’s security controls. And as the April security incidents have shown us, not even the vendors with the most
painstaking security checks will be 100% secure.Sometimes abstinence is the only means of prevention. Passing through the cloud avoids the Business Associate conundrum by never allowing your PHI to be stored or even passed through a vendor’s environment. How many assurance emails can you get from your IT vendors before it’s enough?
A lifelong communicator, this Tennessee native got his start in broadcast news before branching out into public media, corporate, communications, digital advertising, and integrated marketing. Prior to joining QliqSOFT as the company's first marketing team member, Ben shared his talents with organizations that include the University of Alabama, iHeartMedia, and The Kroger Company.
Engaging Patients and Connecting Care Teams Through Interactive Digital ConversationsLearn More
The Omicron variant has caused an extreme surge of patients across the U.S. According to a recent article by ABC News, the number of COVID-19-positive Americans hospitalized is now nearing a pandemic high of more than 138,000.
As 2021 comes to a close, many leaders are looking for effective strategies to bring joy back to the careers of healthcare professionals in the new year. In a recent study, 75 percent of healthcare workers reported exhaustion, depression, sleep disorders, and PTSD.
QliqSOFT, a leading healthcare technology company whose mission is to enhance the patient experience using conversational artificial intelligence, secure texting and automated workflows, announced today the addition of Edward Marx to its Advisory Board as Chief Transformation Officer. In this position, Marx will help guide the company’s versatile healthcare clientele on their digital transformation journeys in the current and post-pandemic environment.