Matt Fisher, partner and chair of the health law group at Mirick O'Connell, says hospitals need to know the facts about HIPAA compliance (it does not gurantee security), risk analysis (it shouldn't necessarily be done alone), business associate agreements (read them, don't just sign them) and cyber insurance (it's not a panacea).
Read our coverage of HIMSS Healthcare Security Forum in Boston.
⇒ Healthcare must move from risk to resilience, Tom Ridge says
⇒ Equifax hack: What cybersecurity pros are saying about the breach
⇒ Slow breach detection, patching, operational snags handcuff healthcare security
⇒ As hackers become more destructive, security needs an all-hands approach
⇒ Obama's cyber czar warns of 3 troubling security trends
⇒ Old legacy devices pose greatest security risk, experts say
⇒ VIDEO: Former DHS Secretary Tom Ridge on what hospitals can learn from intelligence community
⇒ VIDEO: Penn Medicine CISO Dan Costantino on cybersecurity resource allocation
⇒ VIDEO: Healthcare attorney Barry Herrin on value of NIST Risk Management Framework
⇒ VIDEO: How to prevent social engineering attacks? Education and communication are keys