[ISN] How IT security experts handle healthcare network access

http://healthitsecurity.com/2014/05/27/how-it-security-experts-handle-healthcare-network-access/ By Patrick Ouellette Health IT Security May 27, 2014 Healthcare network security has become more complicated over the years because of the explosion of mobile device connectivity. And because it’s so difficult for healthcare organizations to have a firm grasp on where their perimeters begin and end, they must look for new ways to ensure networks are secure both internally and externally. Panelists who took part in a talk titled “Data Security in the Cloud: Leveraging the Low-Cost Advantages while Managing Risk” at the recent iHT2 conference in Boston discussed how they perceive healthcare network security and access controls. John Meyers, PhD, Assistant Professor of Medicine and Director of Technology, Department of Medicine, Boston University Medical Center, sparked the talk by explaining how there’s occasionally there’s going to be some protected health (PHI) out there that shouldn’t be. But if an organization limits the number of users who have access to the data, it can help mitigate those risks. David Reis, PhD, CISO, VP of IT Governance, PMO and Security at Lahey Health explained how Lahey essentially stopped trusting its inside network two years ago in the same way it doesn’t trust everyone externally. When asked what this change in trust measures meant, Reis said there were a few different considerations involved, starting with no longer trusting internal users. […]