This page contains a Flash digital edition of a book.
From Hackers to Hurricanes

These Common-Sense Strategies Can Keep Your Data Safe


HERE’S a lot that can go wrong with your data. If a major storm takes out power

to a cloud provider’s sole computer center, a hospital’s entire cloud-based system could go offline, hamstringing doctors indefinitely. Should a hacker decide to hit a data warehouse, the integrity of an entire healthcare network’s IT could be compromised. Kurt Hagerman, compliance director for Dallas-based cloud firm FireHost, has six key points that should be second nature to anybody concerned with securing their data from natural disasters or malicious cyber marauders.

Request a Copy Cat Many people see an attractive

solution in the cloud these days. But if the cloud should fail, hospitals are high and dry. Redundancy is something that clients should seriously consider, said Hagerman. “If you are going to work with a vendor who is providing cloud services, it’s great if they have the newest mousetrap from a technology perspective. But who is backing them


up from a hosting perspective?” Hagerman advises looking for hosts with tier four data centers, which have the highest level of redundancy. Hagerman added, “Tier one doesn’t have a lot of redundancy in terms of electricity or air conditioning.” But in a tier four system, “All the power is going to come from two separate power systems,” said Hagerman, “They might even have two separate battery backup systems. When you get to tier four, all the cooling equipment is dual-powered and everything is fully redundant. They might even locate their centers where they can sit on two different [power] grids.”

Sound Security Hospitals that want to stay on the

cutting edge should look into HITRUST, an organization that was founded a few years ago to help hospitals understand what their HIPAA responsibilities are. HITRUST has been adopted by

many large healthcare systems, and relies on accredited third-party auditors to provide high-quality assessments


of a hospital’s information security. Because there is no official Health and Human Services Office of Civil Rights (OCR) standard for IT security, and because it would be costly to retool a system that didn’t conform to a government-mandated rule set, how worthwhile of an investment is it to buy into an independent standard? Hagerman thinks that an OCR accreditation and one from HITRUST would be pretty similar. “Anybody who goes through the HITRUST process, although it’s not OCR-recognized, will find themselves in very good shape,” Hagerman said.

Keep IT Simple Without a comprehensive and easily

understandable security policy that is kept up to date, hospitals will find themselves falling behind. Hagerman said that a policy will fail if it’s pulled straight from a template and is too long to be remembered. Regular training along with a simple and clear policy can keep organizations from running afoul. Staying on top of training ensures

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36