Security and Compliance Are Not The Same
Security and compliance are not the same, but they must have a collaborative and mutually beneficial relationship. Shannon Glass, AfidenceIT cyber security expert, was interviewed by WLWT about a possible data breach that affected UC Health patients. WLWT reports that a one letter mix up had the potential of costing UC Health the private medical information of many patients. Diana Lara, UC Health Spokeswoman, explains in the Media Release that UC had to inform 1,064 patients about the "incident involving some of their personal information.” Shannon Glass confirms,“We are a growing world of oversharing information. And as we overshare information, what’s happening is that we are becoming a little less vigilant about protecting our data,” which makes similar cases more common.
In this incident, the protocol allows UC Health to have 60 days to inform their patients of the breach. It took UC Health 57 days. Glass commented, “We have to allow companies the proper time to do the due diligence to understand the impact.” This is an important part of understanding the breach and how it may affect patients. WLWT reports that after an investigation, UC Health learned that as of right now it does not appear that the patient information was misemployed in any way.
9 Tips for Building an Effective Security Program
Shannon Glass offers 9 tips to for building an effective security program:
1.Start from the top: C-suite must champion Security initiatives
2. Understand your organizational drivers and core value chain
3. You must have a clear, documented, and proactive security program strategy
4. Make it sustainable, repeatable, effective and practical for your business needs
5. Define and publish a policy framework that supports your strategy
6. Make it measurable: show the value
7. Work in concert with your compliance team: know the obligations in your industry
8. Assess risk and balance it with operational effectiveness
9. Educate personnel and drive awareness of security concepts.