Healthcare Information Technology

Congress Advised to Offer Incentives to Improve Healthcare Threat Intelligence Sharing

Posted by HIPAA Journal

With the healthcare industry under a sustained attack and the cyber threat landscape constantly evolving, law enforcement, the government, and private industry need to collaborate to counter the threat of cyberattacks. Cybercrime cannot be effectively tackled by organizations acting in isolation.

The sharing of threat information is essential in the fight against cybercrime. Dissemination of this information makes it easier for law enforcement and government agencies to combat cybercrime. Accessing that information also allows healthcare entities to to take timely action to address vulnerabilities before they are exploited.

Government and law enforcement agencies are educating healthcare organizations on the importance of sharing threat intelligence, although currently too few entities are sharing threat information.

At a Congressional Energy and Commerce Committee hearing this week, cybersecurity experts made suggestions on how congress can improve threat information sharing and improve healthcare cybersecurity.

At the hearing, Denise Anderson, president of the National Health Information Sharing and Analysis Center (NH-ISAC), explained that failing to take action to combat cybersecurity threats is putting patient safety at risk. In some cases, this could be a life or death matter for affected patients.

Ransomware can prevent patients’ health records from being accessed by healthcare providers; however, Anderson explained that data manipulation could be an even bigger problem. If cybercriminals were to change medical records, they could then demand a ransom from the healthcare provider to divulge which records had been changed. Data manipulation could result in patients being incorrectly diagnosed or provided with the wrong medications. That could have fatal consequences.

The healthcare industry has many small to medium-sized healthcare organizations that lack the capital and resources to deal with cybersecurity issues. They cannot keep up with the practices that are required to keep patients’ data secured. Many are faced with a choice – purchase essential medical equipment or a new cybersecurity tool. There is little incentive to choose the latter.

Cybersecurity Incidents Often Go Unreported

The number of cybersecurity threats has increased significantly in recent years, as has the number of reported healthcare data breaches, yet those reported breaches are just a fraction of the security incidents that are now plaguing the healthcare industry. Many cybersecurity threats and security incidents go unreported.

Evidence gathered from normal security monitoring suggests there are far more breaches occurring than current data breach reports suggest. Terry Rice, vice president of IT risk management and chief information security officer at Merc, suggested that while laws are in place that require healthcare organizations to report security incidents, current disclosure laws have limited requirements for reporting incidents and many organizations are not submitting or delaying incident reports.

Threat Information Sharing is Critical

While it is important for further efforts to be made to educate the healthcare industry on the importance of sharing threat information, education alone is unlikely to solve the problem. Sharing threat information carries a cost that many small healthcare providers simply cannot afford.

Anderson suggests that while there are clear benefits to participating in information sharing efforts, threat intelligence sharing should not be mandatory. Healthcare organizations should be given a choice. However, healthcare organizations can be encouraged to share information if they are offered financial incentives for doing so.

She also suggested ISACs should be offered tax breaks, that information shared through ISACs should be protected, and that organizations that share threat intelligence should be provided with better legal protections.

Congress was also advised to create permanent cybersecurity liaisons and leaders. Those individuals should be experienced cybersecurity professionals that are aware of the threats, vulnerabilities and cybersecurity issues faced by the healthcare industry.

Michael McNeil, global product security and services officer for Royal Phillips pointed out that cyberattacks on medical devices pose a serious threat to patients and potentially place patients’ lives at risk.

He suggested medical device manufacturers should be included in conversations about cybersecurity and should ensure security is considered at every stage of the manufacturing process. Device manufacturers must also address cybersecurity issues at every stage of the product lifecycle, not just until their devices come to market.

Device manufacturers also need to collaborate and agree to a set of standards that can be adopted to improve cybersecurity. There should be regulatory requirements covering cybersecurity for device manufacturers.

The post Congress Advised to Offer Incentives to Improve Healthcare Threat Intelligence Sharing appeared first on HIPAA Journal.

Dr. Donald Rucker Named New National Coordinator for Health IT

Posted by HIPAA Journal

Dr. Donald Rucker has been named as the new National Coordinator of the Department of Health and Human Services’ Office of the National Coordinator for Healthcare Information Technology.

Nether the Department of Health and Human Services nor the Office of the National Coordinator for Healthcare Information Technology has officially announced the new appointment, although Dr. Donald Rucker’s name now appears in the HHS directory as National Coordinator.

Donald Rucker will replace acting National Coordinator, Jon White, M.D., who took over the position following the resignation of Dr. Vindell Washington in January 2016. White is expected to return to his former position as deputy national coordinator.

Prior to joining the ONC, Donald Rucker was an adjunct professor at the Department of Biomedical Informatics at Ohio State University’s College of Medicine. Prior to that appointment, Rucker was Chief Medical Officer at Premise Health for a year and CMO at Siemens Healthcare USA for 13 years.

While at Siemens Healthcare USA, Rucker led the team that designed the computerized physician order entry workflow that won the 2003 HIMSS Nicholas Davies Award for the best hospital computer system in the United States.

Donald Rucker has previously served as Clinical Assistant Professor of Emergency Medicine at the University of Pennsylvania Health System and as an Emergency Department Physician at Beth Deaconess Medical Center in Boston. Rucker has also practiced emergency medicine at Kaiser Permanente in California and at University of Pennsylvania’s Penn Presbyterian and Pennsylvania Hospitals. Rucker also worked at Datamedic in 1988 where he co-developed the first Windows-based electronic medical record system.

Donald Rucker graduated in Chemistry at Harvard University and medicine at the University of Pennsylvania School of Medicine, and also holds an MBA and a Masters in Medical Computer Science from Stanford University

This will be Dr. Rucker’s first government position.

The post Dr. Donald Rucker Named New National Coordinator for Health IT appeared first on HIPAA Journal.

WEDI Offers Healthcare Cybersecurity Tips to Improve Resilience Against Cyberattacks

Posted by HIPAA Journal

WEDI, the Workgroup for Electronic Data Interchange, has issued a new white paper exploring some of the common cybersecurity vulnerabilities that are exploited by threat adversaries to gain access to healthcare networks and patient and health plan members’ protected health information.

The white paper – The Rampant Growth of Cybercrime in Healthcare – is a follow up to a primer released in 2015 that explored the anatomy of a cyberattack.

WEDI points out the seriousness of the threat faced by the healthcare industry. Cyberattacks are costing the healthcare industry around $6.2 billion each year, with the average cost of a healthcare data breach around $2.2 million.

Cyberattacks and other security incidents having risen sharply in recent years. More records are now being exposed than at any other time in history and the number of healthcare data incidents being reported reached record levels last year.

The Department of Health and Human Services’ Office for Civil Rights received 315 reports of major healthcare data breaches last year and recent research by Fortinet showed that in the final quarter of 2016, the U.S. healthcare industry was being attacked more than 700,000 times per minute.

The healthcare industry is in a unique position. Healthcare organizations hold data that is more valuable to cybercriminals that held by other industries. Healthcare organizations also typically have a much larger attack surfaces to defend and more attack vectors to block.

WEDI points out that “attack surfaces have multiplied as organizations cobbled together a health information technology (health IT) infrastructure comprised of new components, legacy hardware and antiquated software from multiple vendors.”

Yet while healthcare IT systems require increased investment, many healthcare organizations are relying on basic security tools to defend their networks and keep data secure. Those tools focus on “antivirus, malware and firewall vulnerabilities, but lack a deeper set of prevention, encryption, detection, authentication and protection strategies.”

In the report, WEDI explores the most common types of threat adversaries, their characteristics and the level of threat that each poses. The report also details the types of vulnerabilities and attacks that most commonly occur, including zero-day vulnerabilities in software, phishing, spear phishing and whaling attacks, and malicious software such as viruses, worms, malware and ransomware.

WEDI sought advice from industry stakeholders in roundtable discussions between November 2015 and April 2016 and identified best practices that can be adopted by healthcare organizations to mitigate risk and keep networks and data secure.

WEDI suggests a cultural change is required and healthcare cybersecurity must have a higher profile. That process should start by raising awareness and educating stakeholders of the unique threats faced by the healthcare industry and the cost of cyberattacks and other data breaches.

Cybersecurity must become a C-suite matter, not an area dealt with by IT departments. Strategies must be effectively planned and sufficient resources devoted to protecting networks from attack. WEDI suggests healthcare organizations should also adopt cybersecurity frameworks to improve reliance against cyberattacks and apply the lessons learned from other industries.

The post WEDI Offers Healthcare Cybersecurity Tips to Improve Resilience Against Cyberattacks appeared first on HIPAA Journal.

NY State HIE Improves Care Quality and Operational Efficiency of Emergency Departments

Posted by HIPAA Journal

A recent study of the Health Information Exchange adopted in New York State has shown the value of investing in an HIE and the positive impact it has on patient outcomes and operational efficiency.

Following considerable investment in the New York State HIE, patient stays have been reduced, the likelihood of readmission has fallen, as have the number of physicians needed to examine patients in emergency departments. The study has shown that quality of care has been improved along with operational efficiency, resulting in considerable cost savings and improved patient outcomes.

The study examined almost 86,000 emergency department encounters over a period of 19 months between July 1, 2012 and January 31, 2014 at four emergency departments linked to the HealthLinkNY Health Information Exchange.

During that time, there were 46,270 patient visits which were attended by 326 physicians. Emergency departments were selected for the study as they are high pressure environments where physicians are required to treat patients with a wide range of medical conditions and must gather information on patients as quickly as possible.

Dr. Demirezen, Assistant Professor of Operations and Supply Chain Management at SUNY Binghamton’s School of Management, was a co-author of the study. He explained one of the key benefits of the HIE was the amount of physicians’ time that was saved, “If the attending physician has a question, the answer might already exist in the patient’s medical record. Looking up the record in the HIE saves a lot of time.”

The study focussed on three areas to measure efficiency and healthcare delivery quality:

Length of stay;

Readmission risk; and,

Number of doctors seen by each patient.

The study showed that following the adoption of the HIE there was a 7.04% decline in length of stays, a 4.5% reduction in the likelihood of readmission within 30 days, and a 12% drop in consultations by multiple physicians.

The average length of stay fell from 22 hours and 23 minutes to 20 hours and 48 minutes. The fall was explained by the reduction in the need for duplicate tests to be performed and the HIE allowing physicians to access information that can help them identify underlying causes and complications that could be contributing to patients’ condition.

Readmission rates were studied over a period of 60 days following discharge. The study looked at readmission to other healthcare facilities in the state, not just the emergency department where the patient was treated.

Physicians who encounter patients with medical conditions outside their area of expertise usually call on a specialist to evaluate the patient. However, access to the HIE allows physicians to check recent encounters with other physicians and specialists, reducing the need to call on specialists for second opinions in an emergency department setting.

It can take time for physicians to get used to using the HIE, but over time efficiency improves and they get better outcomes with experience. Dr. Demirezen said “The conclusion we drew is that providers should actively promote and support clinician use of the HIE and invest time and effort into training them on its use,”

Christina Galanis, President and CEO of HealthlinkNY, explained the significance of the results of the ground-breaking study and the benefits of implementing an HIE, “Now providers have the evidence they need to make HIE use a priority for their organizations. The study proves that New York State’s visionary investment in HIEs is really paying off.”

The post NY State HIE Improves Care Quality and Operational Efficiency of Emergency Departments appeared first on HIPAA Journal.

VA to Abandon EHR In Favor of Commercial EHR System

Posted by HIPAA Journal

The challenges of developing and maintaining a custom EHR system have proved too great for the Department of Veteran Affairs.

The VA developed its EHR system – VistA – in house; however, it was labor intensive, costly and time consuming to maintain and use. According to VA secretary, David Shulkin, the system is “too complex and too difficult to maneuver”.

A decision needed to be taken on whether to continue to plough money and resources into getting VistA to work as it should, or to call it quits and opt for a new, commercially available system. The VA has more important priorities than software development and has opted for the latter.

Shulkin wants veterans to have more choice about where they receive care. Having an EHR that allows data to be easily shared is essential to ensure veterans get the best medical treatment possible. Yet the VistA system often resulted in care being delayed which had a negative effect on patient outcomes.

The decision to ditch VistA has been a long time coming. The system has been extensively discussed at hearings and last year feedback was sought on the move to a commercially available system.

VistA has been beset with problems, requiring many expensive updates and modifications to be made, yet VistA still has severe limitations. Shulkin has now confirmed the decision to switch to an off-the-shelf EHR system has been made.

Shulkin said at a recent House Committee on Veteran Affairs hearing, “I have come to the conclusion that VA building its own software products and doing its own software development inside is not a good way to pursue this.” Shulkin went on to say, “We need to move towards commercially tested products. If somebody could explain to me why veterans benefit from VA being a good software developer, then maybe I’d change my mind.” The VA will be looking to work with “companies who know how to do this better than we do.”

The VA is likely to choose a FHIR system – the industry interoperability standard – to ensure it has the best possible chance of optimizing health data exchange across multiple providers.

While the decision has been taken to switch to an off-the-shelf EHR system, there are likely to still be challenges ahead. The move is clearly the way forward, but even when a new EHR is chosen, considerable tweaks will be required to get the new EHR to integrate with the VA’s legacy systems.

The post VA to Abandon EHR In Favor of Commercial EHR System appeared first on HIPAA Journal.

87% of Healthcare Organizations will Adopt Internet of Things Technology by 2019

Posted by HIPAA Journal

The healthcare industry is embracing Internet of Things technology. 60% of healthcare organizations have already introduced IoT into their infrastructure – The third highest adoption rate of any industry. According to a recent study by Hewlett Packard subsidiary Aruba, in just two years, 87% of healthcare organizations will have adopted Internet of Things technology.

The study revealed that the most common area where IoT is being utilized is for patient monitoring and maintenance. 73% of surveyed healthcare executives said they used IoT in this area, while 42% said this was the main use for IoT. The healthcare industry leads the way in this area with the highest adoption rate of any industry sector. 64% of respondents said they use IoT for patient monitors, 56% use IoT for energy meters, and 33% use IoT for imaging devices.

Remote operation and control was the second most common use of IoT, used by 50% of providers, while the third most common use is for location-based services, with adoption at 47%.

The benefits of IoT are clear. 80% of healthcare executives said IoT has improved innovation, 76% said visibility across their organization has improved, while 73% said they have enjoyed cost savings following the introduction of IoT.

57% of respondents believe workflow productivity will improve as a result of the adoption of IoT, resulting in considerable cost savings. 36% believe IoT will create new business models, while 27% said the use of IoT technology would improve collaboration with colleagues and patients.

However, there are disadvantages to introducing IoT. Adoption of IoT brings additional security risks, with healthcare organizations finding security a major headache. 89% of healthcare organizations that have adopted IoT said they have suffered a security breach as a result, while 49% said malware was an issue.

Even with the potential risks, healthcare organizations believe the benefits of Internet of Things technology outweigh the disadvantages.

While the benefits are considerable, any healthcare organization that has adopted IoT must implement appropriate safeguards to keep networks secure and prevent the devices from being used for malicious activities.

Chris Kozup, vice president of marketing at Aruba, said “If businesses do not take immediate steps to gain visibility and profile the IoT activities within their offices, they run the risk of exposure to potentially malicious activities.”

The post 87% of Healthcare Organizations will Adopt Internet of Things Technology by 2019 appeared first on HIPAA Journal.

Healthcare Industry Threat Landscape Explored by Trend Micro

Posted by HIPAA Journal

Trend Micro has issued a new report that explores the healthcare industry threat landscape, the new risks that have been introduced by the inclusion of a swathe of IoT devices, and how cybercriminals are stealing and monetizing health data.

Cybercriminals are attacking healthcare organizations with increased vigor. More attacks occurred last year than any other year, while 2015 saw a massive increase in stolen healthcare records.

While the health data of patients is an attractive target, health records are not always being sold for big bucks on underground marketplaces. Health insurance cards can cost as little as $1, while EHR records start at around $5 per record set.

However, cybercriminals are now increasing their profits by processing and packaging the stolen data.  Data are used to obtain government-issued iDs such as driver’s licenses, passwords and birth certificates. Farmed identities of individuals who have died are being sold, which can see prices of more than $1,000 charged per identity, or even more if IDs are also supplied. A large haul of health data from an EHR system can see cybercriminals make considerable sums, so it is therefore no surprise that healthcare organizations and their EHR systems are being targeted.

The report provides insights into the healthcare industry threat landscape and shows how healthcare organizations are allowing chinks to develop in their cybersecurity armor.

For the report, Trend Micro performed a scan of connected healthcare devices via the search engine Shodan, which revealed how visible healthcare networks are via the Internet and how easy it is for cybercriminals to identify targets.

Shodan can be used by anyone with an Internet connection. The search engine returns details of Internet connected systems such as EHRs, along with medical equipment, appliances, printers and copiers together with the names of the organizations that own the devices.

Hackers can use Shodan to find devices and try to login using default passwords. Default passwords for those devices are freely accessible online. Even when passwords are changed, they are often replaced with weak passwords that can easily be guessed. Once access has been gained, the device can be used as a launch pad for an attack on other parts of the network. Alternatively, the devices can be reconfigured to record information that can be used in further attacks.

The Shodan scan revealed 36,116 healthcare-related records. Trend Micro reports that out of those records, “6,502 originated from the top 10 U.S. cities with exposed healthcare facilities.” The main cities with exposed healthcare facilities were Bethesda, Collegeville, Houston, Portland, and Phoenix, each of those cities accounted for between 10% and 18% of exposed healthcare facilities.

Many of the exposed healthcare organizations were also using out of date and unsupported operating systems such as Windows Server 2008 R2 and Windows XP. The search also revealed that 1,067 healthcare organizations had out of date security certificates.

Trend Micro discovered patch management failures were allowing vulnerabilities to remain unaddressed. 10 devices were discovered that had not been patched to protect against the Heartbleed vulnerability, even though the vulnerability was discovered and patched over two years ago.

Healthcare organizations can spend money on advanced cybersecurity protections, but it is essential that basic cybersecurity controls are not missed.

Given the value of healthcare data and the ease at which potentially vulnerable devices can be found, healthcare organizations must ensure that their networks are made more secure. At the very least, default passwords should be changed on all devices with strong passwords set. Patch management policies must cover all devices, and plans should be put in place to upgrade all devices that are still running on unsupported software.

Trend Micro’s report, Cybercrime and other Threats Faced by the Healthcare Industry, can be found on this link.

The post Healthcare Industry Threat Landscape Explored by Trend Micro appeared first on HIPAA Journal.

Majority of Healthcare Organizations Struggling with EHR Interoperability

Posted by HIPAA Journal

A recent survey from Black Book Market Research has highlighted what hospital administrators and physicians know all too well. Great strides may have been made toward a fully interoperable healthcare system, but important medical data is still not accessible. There are still many problems getting hold of electronic health record data and making it accessible to the people who need it most.

Many EHR systems do not have the required connectivity. Even when data from healthcare providers’ EHR systems does get sent to other providers, the data are often in an unusable or difficult to use format.

3,391 users of EHRs were surveyed for the Black Book survey. 25% of respondents said they are unable to use any data sent by other healthcare providers, while 22% of surveyed hospital administrators said they receive medical record data from other healthcare organizations in a format that does not allow data to be easily incorporated into their own EHR systems. 70% of hospitals were not using external EHR information because the data were missing from their systems’ workflow.

Receiving data in a useful format is a problem, but so is sharing data with other providers that do not use the same EHR system. 41% of respondents said they struggle with sharing data with other healthcare providers, especially if they were using a different EHR system. 82% of independent physician practices said they were not certain they had the necessary technology or connectivity to bear the financial burden of quality payment programming.

The financial pressures under the Medicare Quality Payment Program are likely to force many smaller physician practices to look at mergers with larger integrated healthcare providers. 63% of independent physician practices said they were considering merging with larger providers for financial and reimbursement reasons, while 92% of hospital executives believed many physician and post-acute care providers would merge with larger providers in 2017 due to the financial pressures under the Quality Payment Program.

EHR systems that enabled data to be easily shared with other healthcare organizations are essential for population health management for value-based reimbursement. EHR providers that offer systems with the required degree of connectivity – for example those that use the HL7’s FHIR specification – may be preferable, yet many physician groups lack the finances to purchase those systems. Even when cost is not an issue, physician groups often lack the technical expertise to implement those EHR systems. That means they are unable to attain the higher reimbursements by public and private payers, according to managing partner of Black Book, Doug Brown.

While many healthcare organizations continue to struggle with interoperability due to their EHR systems and those used by other providers, the Black Book survey showed that at least some inpatient systems for medium and large-sized hospitals were performing well.

Part of the survey asked EHR users to rate their providers, allowing Black Book to compile a list of the top EHR vendors. According to users’ responses, the top EHR vendors were:

Black Book Top EHR Vendors

  • Evident CPSI (small/rural hospitals with fewer than 100 beds)
  • Cerner (Community hospitals with 101-250 beds)
  • Allscripts (medical centers with 250+ beds)
  • Cerner (Hospital chains, Hospital systems, and integrated delivery networks)

The post Majority of Healthcare Organizations Struggling with EHR Interoperability appeared first on HIPAA Journal.

IoT and Mobile Application Vulnerabilities Not Being Adequately Addressed

Posted by HIPAA Journal

Organizations around the world are taking advantage of IoT applications and mobiles to improve efficiency, yet too little is being done to ensure the applications are secure.

Organizations can benefit greatly from IoT and mobile technology, yet it is all too easy for major security risks to be introduced. Hackers are well aware of vulnerabilities in mobile and IoT applications and leverage those vulnerabilities to gain access to networks and sensitive data.

IoT infrastructure is vulnerable to attack, although the greatest risks are introduced by embedded software in gateways and the cloud. Many IT security practitioners are well aware of the security risks that can potentially be introduced, yet according to a recent survey conducted by the Ponemon Institute, little is being done to mitigate risk.

593 IT and IT security professionals were surveyed for the Arxan/IBM Security-sponsored survey, which set out to discover how companies are mitigating risk from mobile apps and IoT applications. The results of the survey are alarming. 8 out of 10 respondents said that while IoT applications are in use, their organization does not test them for security vulnerabilities. 71% or respondents said they use mobile applications that have not been subjected to vulnerability testing.

IT security professionals are aware of the risks and are concerned that vulnerabilities will be exploited. 58% of respondents said they were concerned that vulnerabilities in IoT apps would be exploited by hackers, while 53% expressed concern that mobile applications would be hacked. 75% of respondents said IoT apps increase security risk very significantly or significantly.

Malware is also a major worry. A lack of protection against mobile malware was seen as a problem by 84% of respondents, while 66% were concerned about the malware threat to IoT applications.

Part of the problem is a lack of understanding about how IoT and mobile applications should be tested. 55% of respondents said they lacked QA and testing methods for IoT applications.

In many cases, IT security professionals are unsure about how many apps are actually in use. 63% of respondents were not confident that they were aware of the mobile apps that were being used by employees, and 75% were unsure that they were aware of all the IoT apps that were being used.

The data security risks are very real. 60% of individuals surveyed claimed their organization had experienced a data breach or security issue as a result of a mobile app.

Even though there are known risks, 44% of respondents said their organization was not taking any steps to prevent an attack. Protecting these apps is simply not a priority at many organizations. Only 32% of respondents said their organization wanted to urgently secure mobile apps, while 42% said they wanted to urgently security IoT apps. Budgetary restrictions were seen as the main problem by 30% of respondents.

Larry Ponemon, chairman and co-founder of the Ponemon Institute, said “Without proper budget or oversight, these threats aren’t being taken seriously and it should come as no surprise for mobile and IoT applications to be the culprit of major data breaches to come.”

Organizational Complexity is Hindering Cybersecurity Efforts

The results of a separate study published earlier this month by the Ponemon revealed that the biggest barrier preventing adequate cybersecurity defenses from being implemented is organizational complexity.

The global Citrix-sponsored study was conducted on 4,200 IT security practitioners from Australia, Brazil, Canada, China, Germany, France, India, Japan, Korea, Mexico, New Zealand, the Netherlands, United Arab Emirates, the United Kingdom and the United States.

The survey revealed that 79% of respondents were worried about data breaches involving high-value, sensitive information. 71% of respondents said they their organization is at risk because they are unable to effectively control employee devices and apps. 74% of respondents said their organization requires a new IT security framework if they are to successfully manage risk and improve their security posture.

The biggest barrier that is preventing businesses from improving their security posture was organizational complexities. 83% of respondents said organizational complexities were hampering cybersecurity efforts. Corporate security policies are being ignored because they are hindering employees’ and preventing them from working in their preferred manner. All too often security policies have a considerable negative impact on productivity.

As employees try to get more work done, they look to go-arounds such as shadow IT and data are being stored on personal devices to speed up access. 87% of respondents said information is being placed at risk as a result of an increase in data assets.

Larry Ponemon said “The research reveals respondents’ awareness of the need to challenge the status quo of their IT security strategies and consider a new IT security architecture to safeguard their organizations from cyber risks.”

The post IoT and Mobile Application Vulnerabilities Not Being Adequately Addressed appeared first on HIPAA Journal.