Experts Advise Adopting Risk-Based Approach to Cybersecurity

​Simply meeting the privacy and security requirements mandated by the Health Insurance Portability and Accountability Act (HIPAA) is not enough to protect health data from breaches, states a November 7, 2014, article in the Wall Street Journal. Healthcare organizations can do more to prevent breaches, such as by assessing and prioritizing cyber-security risks, according to Jim Routh, chief information security officer at Aetna Inc. "Cybersecurity threats change every 30 days," said Routh. Meanwhile, the regulatory frameworks intended to protect sensitive data have been in development for almost two decades. "They're not designed to be responsive to the changes in the threat landscape," said Routh.