As a security consultant, I’ve been in a lot of hospitals, clinics and practices—and I’ve seen a lot of “worry” over the cybersecurity threat landscape. I’d like to see more of this worry translate into action, because it’s just not happening.Other than worry, what can healthcare institutions and their IT/IS leaders do to protect electronic personal health information (ePHI)? I have been part of three major healthcare breaches and post-breach forensics revealed that two of them could have been limited in scope if they had been actively monitoring and alerting to changes inside their IT networks.
