Robert Michalsky, a cybersecurity principal at NJVC, has proposed a holistic approach to dealing with account takeovers, medical device intrusions, application break-ins, insurance fraud and other health information breaches.
Along with HIPAA compliance, healthcare providers must also practice good information security hygiene and address policy gaps, Michalsky said Friday at the annual HIPAA summit in Washington.
Health organizations should also consider hiring assessment parties to help identify security holes that could compromise patient data and lose health information to malware and other attack methods, he added.
“Establishing and maintaining compliance with the HIPAA security rule is absolutely necessary as it carries the force of law but it is not sufficient to ward off data breaches, whether caused by an accidental action of an insider or a malicious attack from a hacker,” Michalsky said
The 22nd National HIPAA Summit was held at the Hyatt Regency Crystal City from Feb. 5 to 7.