Healthcare organizations should not assume that compliance with regulations, like HIPAA, automatically makes their organization secure, says Larry Hurtado, CEO of Digital Defense, a risk assessment firm in San Antonio, Texas.

“Organizations need a blended approach,” Hurtado says. “They need to balance out compliance with security.”

More than a decade ago, Digital Defense “cut its teeth” on providing security audits to financial institutions, but these days, the company has clients across all types of industries, including healthcare.

“More and more healthcare organizations are coming to us out of fear of making headline news, “ Hurtado says. “And, nine times out of 10, they are wanting to do the right thing to protect their patients.”

Digital Defense provides independent risk assessment, in addition to education to help organizations improve their security culture. “If you take a look at breaches across the board – healthcare and others – there is general recognition that employee awareness training is extremely important,” he says. “[The frequency of] stolen laptops is a clear example of a weak link in the security chain.”

In addition to boosting the culture of security within an organization and blending compliance with security, Hurtado offers these other tips:

• Know where all protected data is located. If an organization knows where that data is, it can expend its resources in the right direction, focusing on keeping the data secure.
• Don’t assume newly deployed IT is secure. It’s easy for organizations to assume that internal security mechanisms are performing as expected on the newly acquired IT. And, make sure it hasn’t negatively affected the security of the entire organization. Have it tested
• When making investments in the mobile sphere, make sure to factor in the cost of the security elements needed. In addition to encryption, make sure employees are aware of how to keep data on mobile devices secure.
• Be aware of passwords. New technology sometimes comes with default passwords. Don’t forget to change them. Default passwords are extremely attractive targets for hackers.