Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

ANSI And Shared Assessments Launch Study On Financial Impact Of Breached Patient Data

Study could help healthcare companies justify additional security spending

The American National Standards Institute (ANSI) and the Shared Assessments Program this week launched a study to investigate the costs associated with healthcare patient data breaches and the impact of those breaches on the victims.

ANSI, via its Identity Theft Prevention and Identity Management Standards Panel (IDSP), is working with the Shared Assessments Program and its Healthcare Working Group to explore the financial impact of unauthorized personal health information (PHI) access. The goal of the "ANSI/Shared Assessments PHI Project" is to identify frameworks for determining the economic impact of any disclosure or breach of protected patient data.

The ANSI/Shared Assessments PHI Project, which met for the first time a week ago, brings together professionals from across the industry: data security companies, identity theft protection providers and research organizations, legal experts on privacy and security, standards developers, and others.

The initiative will culminate in a report targeted at those responsible for and entrusted with protecting and handling PHI. "The report will help inform the healthcare industry in making investment decisions to protect PHI, as well as improve responsiveness if and when this patient information is breached," the founders say.

The group says it plans to tackle the problem by identifying existing legal protections related to PHI, defining points of compromise in the healthcare ecosystem where there are risks of exposure, and assessing the financial impacts of the disclosure of PHI. Industry experts are invited to participate in the next meeting via a two-hour conference call on April 7 from 12 p.m. to 2 p.m. EDT. Interested parties can send an email to [email protected] to join in the work effort. There is no fee to participate, and most of the work will take place via conference calls during the next few months.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25159
PUBLISHED: 2020-11-24
499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
CVE-2020-25654
PUBLISHED: 2020-11-24
An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went throu...
CVE-2020-28329
PUBLISHED: 2020-11-24
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19.
CVE-2020-29053
PUBLISHED: 2020-11-24
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
CVE-2020-25640
PUBLISHED: 2020-11-24
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.