Sphere 3D Corp (ANY)

[derek32smith]

Though there is an old saying "Don't wrestle with a pig. You only get dirty and the pig likes it.", allow me address the article that our friend Donk likes to repost.

This is important to understand why the requirement for encryption - at the end point, server and in-transit, plus customer provided SSL certificates is so critical for success in the healthcare market. Frankly, the cavalier attitude and response from Bookman and Morelli regarding this issue during the Msft podcast was major red flag. Saying "we can write it or add it with a partner" does NOT convince a hospital CIO. This is a table stakes component of end user computing tech, and it is inexcusable to not have it "out of the box" after five years of development.

Per Bookman and Morelli, Glassware has no encryption. VMware Horizon does. Guess which solution Novarad sells?

And make no mistake, HIPAA violations are a BIG deal. See the attached links about a breach at Anthem. The company has spent $100 million on the cost to remediate a breach. Now, that may be chump change for some, but if I'm a shareholder of a healthcare company that would get my attention. And it's not just hospitals and doctors that are targets but all companies in the "healthcare food chain" including service providers, X Ray clinics, dentists etc. Yes, X ray clinics and X Ray devices like Novaglass.

Today, the agencies that enforce HIPAA violations do not track mobile devices like smartphones as a separate category, rather include them in "Other and Portable Devices". They also track laptops, and computers including desktops and servers. To date, the OCR reports 170 major HIPAA violations due to loss of these "portable" devices. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

Consider this article by the American Bar Association http://www.americanbar.org/newsletter/publications/aba_health_esource_home/aba_health_law_esource_1110_barrett.html

"Communicating with patients using mobile devices such as Blackberrys, iPhones, iPads, or Android phones is a fast-growing trend among healthcare providers.3 A recent survey of almost 3,800 physicians estimates “83% of physicians own at least one mobile device and about one in four doctors are "super mobile" users who leverage both smartphones and tablet computers in their medical practices.”

"Mobile devices are particularly vulnerable to loss and theft because of their small size and portability. The most common form of security breach is the theft of mobile devices. A recent survey of 600 U.S. hospital executives, physician organizations, health insurers, and pharmaceutical/life sciences companies found that theft accounted for 66 percent of reported data breaches over the past two years.

As an example, consider this case published in CFO. http://ww2.cfo.com/data-security/2015/03/calculating-colossal-cost-data-breach/

"If Anthem had done that two years ago, they might have avoided the recent mega-breach. The company had a wake-up call in 2013 when it was cited by Health and Human Services’ (HHS) regulators for not having completed a risk analysis after implementing a new consumer portal. It settled the case for $1.7 million. That’s a drop in the bucket compared with the costs of their 2015 breach involving 80 million people.

According to many media reports, Anthem will soon deplete its $100 million cyber-insurance coverage just to notify the victims and provide free identity-theft and credit monitoring. ww2.cfo.com/data-security/2015/03/calculating-colossal-cost-data-breach/

$100 MILLION, and they are not done yet. Minor issue? I don't think so. Do you think a healthcare CIO will deploy a system that does not encrypt and protect PHI data?

Not a chance.