Lysa Myers, security researcher at ESET (San Diego, Calif.): If attackers get any one piece of the puzzle, they should not be able to figure out the whole picture. For example, if user credentials are stolen through phishing or a lost/stolen device, there should be another factor of authentication in place so the attackers are stopped from logging in. If an attacker does manage to log in, there should be network segregation and limited privilege, so they cannot pivot into more sensitive databases or areas within an organization.
More articles on health IT:
Tracing the roots of major IT players: The meaning behind 5 company names
Beyond the financial ROI: Experts thoughts on EHR selection
1-in-3 health records will be compromised in 2016: 5 things to know
