It’s Time For Healthcare CISOs To Close The Faucet Of Data Loss

By all accounts, we’re approaching a new order of integration between technology and medicine. Real-time medical diagnostic data obtained from our mobile phones will soon be integrated directly into our electronic medical records where clinicians can use the data to make more-accurate (and potentially dynamic) treatment plans. Hospital staff can communicate and react to changing patient conditions faster and with less disruption to the patient experience than ever before, thanks to increasingly integrated mobile messaging systems and other mobile applications (for both the patients and clinical staff).

Applying big data analytics to PHI promises to improve patient outcomes and lead to more efficient —and less costly — patient care. It’s hard not to feel a level of excitement as this convergence of healthcare, mobile technology, and big data progresses at an accelerated rate. However, with all of this new patient data being collected by insurance payers, medical providers, and third-party services, healthcare employee endpoints have become an especially vulnerable source of data loss.

In our recently published brief, “Stolen And Lost Devices Are Putting Personal Healthcare Information At Risk,” we present a number of findings related to healthcare data loss from our latest Forrester surveys as well as those from our data partners. Most notably:

Healthcare records are five times as likely to be lost due to device theft/loss.¹ If you’re a CISO at a healthcare organization, endpoint data security must be a top priority in order to close this faucet of sensitive data. Consequences will increasingly be more than just a mere slap on the wrist with fines, as consumers fight back.

Read more

Forrester’s 2014 Data Privacy Heat Map Highlights Rampant Government Surveillance And Increased Regulation Around The Globe

Corporations spend a lot of time and money to ensure their employee- and customer-facing technologies are compliant with all local and regional data privacy laws. However, this task is made challenging by the patchwork of data privacy legislation around the world, with countries ranging from holding no restrictions on the use of personal data to countries with highly restrictive frameworks. To help our clients address these challenges, Forrester developed a research and planning tool called the Data Privacy Heat Map (try the demo version here). Originally published in 2010, the tool leverages in-depth analyses of the privacy-related laws and cultures of 54 countries around the world, helping our clients better strategize their own global privacy and data protection approaches. 

 

              
 

The most recent update to the tool, which published today, highlights two opposing trends affecting data privacy over the past 12 months:

  • Increased government surveillance continues to impede the free flow of information. Corporations worry that storing or processing data within the borders of a country with high levels of governmental surveillance could place their intellectual property at risk. Notable additions to the tool's growing list of countries with lowered barriers to government surveillance include the US, Germany, and the UK.
Read more

Still On Windows XP? Time To Review Your Options

Does your organization still have a significant number of endpoints still running Windows XP? Don’t worry, you’re not alone: Forrester's Forrsights Hardware Survey, Q3 2013 shows that the average organization still has 20% of their employee endpoints running XP. Considering that most organizations spend 18 to 32 months when migrating to newer versions of Windows, many organizations will likely find themselves scrambling to batten down the hatches before Microsoft’s April 8, 2014 end-of-life deadline.
 
After this date, Microsoft will stop releasing security patches for the 13-year-old operating system, a terrifying situation for organizations still relying on XP. What can you do as an organization if you still have a substantial XP presence within your environment? You can:
 
  • Migrate to Windows 7 or 8 posthaste. Microsoft has come a long way in preventing certain classes of attacks, such as bootkit and rootkit attacks. In fact, Microsoft has told us that Windows XP is 21 times more likely to get infected with malware than Windows 8.1. To help our clients understand the pros and cons of Windows 8.1 security, I recently published a guide on this very topic.
  • Buy some extra time. For those that can afford it, Microsoft will offer “custom support” in the form of XP security patches past the April 8 deadline. I’ve spoken with a number of organizations that determined that it would be cheaper to pay this premium than to migrate away from XP. Of course, this is just prolonging the inevitable; custom support will not be available forever.
Read more

Orange Business Services Analyst Event 2013: The Cobbler Sticks To His Last

Brownlee Thomas, Ph.D., Dan Bieler, Henning Dransfeld, Ph.D., Bryan Wang, Clement Teo, Fred Giron, Michele Pelino, Ed Ferrara, Chris Sherman, Jennifer Belissent, Ph.D.

Orange Business Services (Orange) hosted its annual analyst event in Paris July 9th & 10th. Our main observations are:

Read more

Forrester’s 2013 Update To The Data Privacy Heat Map Shows Increasing Global Momentum Towards Data Protection Standards

As data flows between countries with disparate data protection laws, firms need to ensure the safety of their customer and employee data through regulatory compliance and due diligence. However, multinational organizations often find global data privacy laws exceedingly challenging. To help our clients address these challenges, Forrester developed a research and planning tool called the Data Privacy Heat Map (try the demo version here). Originally published in 2010, the tool leverages in-depth analyses of the privacy-related laws and cultures of 54 countries around the world, helping our clients better strategize their own global privacy and data protection approaches.

Regulation in the data privacy arena is far from static. In the year since we last updated the heat map, we have seen many changes to how countries around the world view and enforce data privacy. Forrester has tracked and rated each of these 54 countries across seven different metrics directly within the tool. Among them, seven countries had their ratings change over the past year. Some of the most significant changes corporations are concerned with involve:

  • New national omnibus data privacy laws spanning private and/or public industry. Data privacy regulation, when looked at globally, forms a spectrum of maturity beginning with spotty industry or situation-specific laws all the way to omnibus frameworks. As you might expect, responsible corporations prefer to engage in business practices where the data privacy laws are clearly-defined and transparent. For instance, countries such as Brazil and China are in the process of moving towards potential omnibus laws which will replace a multitude of sectoral and situation-based laws. Other countries, such as Colombia and Singapore, have recently passed far-reaching omnibus laws, also replacing a patchwork of prior sectoral laws.
Read more