Top 25 Shameful Passwords of 2015

More and more passwords are becoming a daily part of your life. Considering that it is recommended to never use the same password at different sites or on different apps, it can become overwhelming. Despite that, there are just some things that you should not compromise for the sake of being easy. Below are the list of the top 25 worst passwords for 2015. Just as a quick reminder, while passwords are not the end-all-be-all in security, it pays to create secure ones. You should try to keep them at a minim ...

HIPAA Compliance – After the Risk Assessment, Then What? HIPAA Education

As we noted previously, there are numerous requirements for HIPAA compliance.   The next step we would suggest is HIPAA Training.  The Education of your staff regarding what is HIPAA and what does it require is top priority and government requirement.  This education can be training classes as well as knowledge of your organization’s policies and procedures. Staff Training: HIPAA Privacy and Security Training, for all employees, is required to be done soon after initial employment and then period ...

Cyber-Security: Best Practices – Short and Sweat!

Yes, that said swEAt, not swEEt.  If you think there is anything sweet about cyber-security you haven't been in it long enough.  The good news is the Australian government came up with a very short list of key strategies for cyber-security best practices.  This is straight from Marc Goodman's book Future Crimes. Application white listing - only allow specifically authorized programs to run on your system and block all unknown executable files and installation routines.  Doing so prevents malic ...

HIPAA Compliance – After the Risk Assessment, Then What? Breach Detection

As we noted previously, there are numerous requirements for HIPAA compliance.  A top priority after the risk assessment is cyber security to prevent and detect cyber breaches. In this age of data breaches – from cyber breaches to equipment theft/loss, addressing the issue of continuous monitoring of your network and your networked devices might be the second item to address on your list of HIPAA compliance activities.  The Office of Civil Rights (DHHS) states that security is now 80% of the requireme ...

Focus on Technology: Anti-Virus Software Fails Us

As computer users we've become acclimated to using anti-virus software to keep our systems secure. However, in recent years that's no longer enough. Based on the security industries' numbers, anti-virus software only catches 45 to 55% of viruses and malware. Marc Goodman, recognized cybercrime expert noted in his recent book “Future Crimes” university studies indicate that antivirus software captures only 5% of emerging malware. Add to that the antivirus software industry reports that between 100,000 to ...

Coffee Makers and World Mayhem!

We’ve all heard or read about cyber breaches and viruses taking down clouds of computers or stealing millions of customer records.  But have you ever thought about a virus shutting off your coffee maker.  You might ask, “Why would a criminal want to turn off my coffee maker?”  Well, you’re not thinking like a criminal or an aggressive nation.  Instead of thinking about it on a personal basis, “Why did these scums crash my computer and cause me to lose all my data!”, think about the pandemoni ...

HIPAA Compliance – How to Get Started?

You may have asked yourself – how HIPAA compliant are we really?  What constitutes HIPAA compliance?  How often do I need to check? There are numerous requirements for HIPAA compliance – performing an annual risk assessment, up-to-date training, maintaining current policies and procedures, having a contingency plan, having your data encrypted at rest and in motion, continuous monitoring of all networks and networked devices, just to name a few. Those are a lot of things to contend with but where ...

ePHI = Money = Thieves

Our compliance officer created this slide for a presentation recently and I thought, what a simple way to get the point across about Protected Health Information (PHI).  An individual's complete  ePHI records are worth up to $500 on the black market.  Cyber-criminals are not longer focused on credit cards as they can be readily cancelled.  They now want ePHI as evidenced by the fact that over 10 times more PHI records were stolen in the first three months of 2015 than were stolen in all of 2014! I bel ...

Third Rock – Our CEO was Security Panelist at Health Tech ATX

Robert Felps, Third Rock CEO, was one of three panelist for the Health Tech ATX conference in Austin, TX on October 7.  There were over 75 Healthcare executives and security experts in attendance.  One of the main focuses was on the extreme rise in Healthcare cyber-security breaches and how to address them.  HIPAA compliance was the number one response from the panelist.  You must do a Risk Assessment to know what issues you have and prioritize the remediation of those issues.  The changes brought abo ...

Humanizing ePHI, Forget the Numbers

Patients at the hospital consulting a doctor Let's take a minute and just say, screw the numbers! Yes, I said it. We all tend to get hung up on the numbers out there on cyber breaches, HIPAA fines, ePHI, etc. At some point you either get it or you don't.  For doctors and healthcare providers, the patient's welfare is their business. I am guessing that for most in this business, they really do care and it is not just about money. Now if you are all about the money, this blog post may not be for you. W ...

1 6 7 8 9 10 11 12 13 14 15