iris scab

Before there were ‘preppers’ there were the sign holders, who would boldly proclaim, “The End is Near” on street corners, in football stadiums, and in fact anywhere large crowds gathered. Today, there are pundits (and others) in the security industry heralding a similar message, the end, or to really put a fine point on it, the death of static passwords is near. No surprise, really, on all the reasons why… Read more


Why Telehealth Needs Secure Patient Identification Practices

I recently registered as a patient on a leading telehealth provider’s website. I was very surprised around the lack of identity assurance.  The only verification requested was my insurance card and I had the option of skipping that step since insurance is not a prerequisite for service. WOW! In an era of stolen credit cards, stolen identities and ever prospering cybercrime, this is really not acceptable. Telehealth can become a… Read more


Top 5 Security Stories in 2016

2016 was another stunning year in the battle against hackers. The bad guys were more than up to the task with new attacks and an endless display of innovation that challenged even the best security strategies. Yahoo’s topped their half-billion record breach with a billion-record breach, ransomware ran amok, DDoS attacks scaled to new heights, the endpoint grabbed major attention, and the U.S. political process ended up in Russia’s crosshairs…. Read more


GAO report on privacy and security: a wake-up call for HHS?

For years, I have been a vocal proponent of securing protected health information. It is no secret that The U.S. Department of Health and Human Services (HHS) swept security and authentication under the rug during the rollout of electronic health records (EHRs) as to not to impede adoption of electronic records by providers by making it difficult to use them. The current minimum requirements for identity assurance are set low, requiring… Read more


Too often security experts and security companies focus on the business to business (B2B) or business to government markets (B2G).  STOP. THINK. CONNECT.™ is the global online safety awareness campaign to help all digital citizens stay safer and more secure online addressing the consumer. Last month, the White House and the National Cyber Security Alliance (NCSA) launched “Lock Down Your Login,” a STOP. THINK. CONNECT.™ Initiative.  “We were basically approached by… Read more


Convenience Over Security is Often Not the Best Policy

Now NIST says SMS authentication is a “no-go” Forget your password?  No problem, just click “reset password” to receive a one-time code sent via SMS to your registered mobile phone.  From there you can create a new password to access your account. Inexpensive and Convenient?  Absolutely! Secure?  Maybe. Well, for federal agencies, “maybe” does not make the grade when it comes to security and the National Institute of Standards and… Read more


The impact of data breaches within the Healthcare Industry

The integration of technology within the healthcare sector continues to create seismic changes in how individuals receive medical care. Yet in their rush to adopt technology designed to improve the consumer’s experience, organizations within the healthcare industry face the very real threat of sensitive patient data ending up in the hands of cybercriminals. When it comes to the value of stolen data within the criminal underground, the more personal the… Read more


A Shift in the Wind – Securing Patient Portals

I thoroughly enjoyed my time at HIMSS16 in Las Vegas. It was great to be back, see old friends and make new ones. The landscape, as it relates to security has certainly changed since my first HIMSS Conference in 2008. I recall walking the exhibit hall discussing multi-factor authentication and identity management only to receive blank stares or interesting comments from prospective partners and customers.   I heard, “we use usernames and… Read more


On the road to trusted identities in healthcare, or just more compliance work?

On Feb 9th, the Senate health committee unanimously (22-0) approved wide-ranging legislation designed to improve health IT by modifying requirements relating to the development and use of electronic health records (EHR). Senate Bill S. 2511, “To improve Federal requirements relating to the development and use of electronic health records technology” is clearly a result of Congress’ displeasure with the lack of interoperability, data sharing and security in our healthcare system… Read more