PerspectivePolicy

A cybersecurity primer for translational research

See allHide authors and affiliations

Science Translational Medicine  20 Jan 2016:
Vol. 8, Issue 322, pp. 322ps2
DOI: 10.1126/scitranslmed.aaa4493
  • Fig. 1. Comparing compliance and security.

    OECD, Organisation for Economic Co-operation and Development; ISO 27000, International Organization for Standardization information on security standards; HITECH (2009), Health Information Technology for Economic and Clinical Health Act.

  • Table 1. Six steps that will improve the cybersecurity posture of any organization.
    • Categorize and classify your systems and data
    according to risk of downtime, data loss, data
    destruction, and data theft
    • Grant access to systems and data only to
    those who truly “need to know.”
    • Work with your institutional security officer to
    select, implement, train, and routinely test ap
    propriate procedural and technical controls.
    • Assess the effectiveness of all controls via a
    third-party testing or audit.
    • Ensure that the security controls are monitored
    on a regular basis.
    • Have a clearly articulated incident-response
    plan and trained users.
  • Table 2. Ten of the largest HIPAA data breaches reported to the HHS database as of December 2015.
    OrganizationMethod/BreachDateNumber of
    records
    Location of
    breached
    information
    AnthemHacking/IT incidentMarch 201578,800,000Network server
    Premera Blue CrossHacking/IT incidentMarch 201511,000,000Network server
    Excellus Health PlanHacking/IT incidentSeptemberbreak/>201510,000,000Network Server
    Science Applications
    International Corpora
    tion (SAIC)
    LossNovember
    2011
    4,900,000Other
    University of California,
    Los Angeles Health
    Hacking/IT incidentJuly 20154,500,000Network Server
    Community
    Health Systems
    Professional Services
    Corporation
    TheftAugust 20144,500,000Network Server
    Advocate Medical
    Group
    TheftAugust 20134,029,530Desktop computer
    Medical Informatics
    Engineering
    Hacking/IT incidentJuly 20153,900,000Electronic Medical
    Record Network Server
    Xerox State HealthcareUnauthorized
    access/disclosure
    September
    2014
    2,000,000Desktop computer or
    other device
    IBMUnknownApril 20111,900,000Other

Supplementary Materials

  • Supplementary Material for:

    A cybersecurity primer for translational research

    Eric D. Perakslis* and Martin Stanley

    *Corresponding author. E-mail: eric.perakslis{at}takeda.com

    Published 20 January 2016, Sci. Transl. Med. 8, 322ps2 (2016)
    DOI: 10.1126/scitranslmed.aad5169

    This PDF file includes:

    • Table S1. NIST framework categories and definitions.

    [Download PDF]

Stay Connected to Science Translational Medicine

Navigate This Article