Lucile Packard Children's Hospital Information Security Officer Bill Lazarus is nothing if not frustrated with the string of data breaches that has plagued the Palo Alto, Calif.-based facility of late.
In a recent interview with HealthcareInfoSecurity, he talked about his facility's security plans, going forward.
"We do have an aggressive implementation under way to prevent vulnerabilities," Lazarus said. That includes administrative and technical controls, according to HealthcareInfoSecurity.
For instance, he said, the expanded security efforts at the children's hospital now include a mandatory encryption of mobile and fixed devices, including biomedical systems; a new mobile device management system; and a new security information event management (SIEM) system. The latter, he said, helps Lucile Packard at Stanford to monitor unusual activity on its systems, creating actionable alerts when, for example, a failed user login recurrence threshold is exceeded.
In addition to Stanford-issued mobile devices, all personally owned mobile devices used by Stanford Medicine employees must be encrypted, Lazarus said. Stanford Medicine, he added, also has implemented a new "mobile device management system" from to monitor whether encryption is implemented and enables remote wipe capabilities on mobile devices.
Earlier this month, it was reported that Lucile Packard suffered its third data breach in four years--and its second in six months--when a password-protected, non-functional laptop containing limited medical information was stolen from a secure part of the hospital between May 2 and May 8. The breach potentially impacted 12,900 patients.
In January, information for 57,000 Lucile Packard patients was put at risk when a laptop that contained mostly research and follow-up care information was stolen from an off-campus physician's car.
To learn more:
- read the article in HealthcareInfoSecurity