In August, McAfee reported that hackers broke into the United Nations data system and hid there for two years unnoticed, Pabrai said.
"How do we know that someone isn't hiding in our systems, and how long have they been there?" Pabrai asked the audience. "Do we have appropriate controls? What is the state of our information security?" Do you have intrusion protection and intrusion prevention in place?
"This is not just a compliance issue," Pabrai said. "This will have significant risk to the organization and will impact your facility in the seven figures."
So what are the struggles today for privacy and security officers?
In some cases, many in these roles are performing too many tasks. For example, the privacy officer is also the health information management director, the security officer is also the compliance officer, or the compliance officer handles privacy complaints.
These multiple roles, if possible, should be avoided, said Phyllis A. Patrick, MBA, FACHE, CHC, president, Phyllis A. Patrick & Associates, LLC, Purchase, N.Y.