From: InfoSec News (alertsinfosecnews.org)
Date: Fri Apr 20 2012 - 01:26:48 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.csoonline.com/article/704577/compliance-isn-t-security-but-companies-still-pretend-it-is-according-to-survey

By Taylor Armerding
CSO
April 19, 2012

It has become a cliche in information security: Compliance is not
security.

But there is still an unsettling amount of denial out there, based on a
recent study from HIMSS Analytics and Kroll Advisory Solutions.

According to the 2012 "HIMSS Analytics Report: Security of Patient
Data," increasingly strict regulation and increased compliance from
providers haven't slowed an increase in breaches over the past six
years.

Yet, respondents to the survey, which included CIOs, compliance officers
and HIMs, expressed confidence that they are better prepared for
attempted data theft -- in spite of evidence to the contrary -- because
they are in better compliance with regulations like the Health
Information Technology for Economic and Clinical Health (HITECH) Act of
2009.

This is the third of Kroll's biannual survey of healthcare providers
nationwide.

Along with numerous other security experts, Brian Lapidus, senior vice
president for Kroll Advisory Solutions, says being in compliance with
policy prescriptions is not the same as actually protecting personal
health information (PHI).

The results of that are predictable. The number of organizations
reporting breaches went from 13 percent in 2008 to 19 percent in 2010 to
27 percent in the past year.

[...]

_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]