In the wake of the disastrous hack of Anthem, the insurance giant, Brian Eastwood, writing in Hospital Impact, proposes some things hospitals should do, including:
* “Engage your board of directors with the chief information security officer.”
* “Use as many layers of protection as you can. Yes, this means encryption–of data at rest and of backups….”
* “Make penetration and application vulnerability testing an ongoing priority. You can do this by incorporating them these processes into operational analysis.”
* “Hire third parties to conduct your HIPAA risk assessment.” .
* ”Don’t use the cloud to store data from applications that require strict security standards. Store this data on company-owned storage.”
* “Follow Open Web Application Security Project (OWASP) standards if you develop applications.”