Closing the Gaps: Healthcare Organizations, Third Parties and Data Security Risk

A Q&A with Antony Kim and John Wolfe of Orrick, Herrington and Sutcliffe
The recent HIPAA breach at St. Elizabeth’s Medical Center in Brighton, MA, brought some key issues to light. With the continual outsourcing of healthcare sector computing for ePHI data to external third-party clouds, it’s becoming increasing vital that the covered entity (CE) and/or business associate (BA) has a good handle on their cloud provider’s actual operational and data security practices. I talked to Antony Kim and John Wolfe of Orrick, Herrington and Sutcliffe about vigilance in the face of this vulnerability.

Continue Reading

The MIE Breach: Business Associates and Data Security Risks

A Q&A with J.T. Malatesta of Maynard Cooper & Gale
Medical Informatics Engineering and subsidiary NoMoreClipboard revealed a breach last month affecting up to 3.9 million Americans which has now resulted in a series of class action lawsuits on behalf of victims. The incident is causing headaches for risk managers in the healthcare sector, including their cyber liability insurers. This event underscores how a catastrophic breach for one dominant service provider (in this case, Medical Informatics Engineering, the software company that provides the NoMoreClipboard service) can create a domino effect that impacts multiple organizations. Many insurers are also rightfully concerned about aggregated risk, since they could have multiple insureds and claims stemming from a single event such as this one. I spoke with J.T. Malatesta, chair of the cybersecurity practice of Maynard Cooper & Gale, about the implications of this event and how organizations can better prepare for vendor breaches.

Continue Reading

No more posts.