Cybersecurity Insurance – Will it pay when I get breached?

As a disclaimer, we are not an insurance company or insurance specialist.  We're a Cyber-Security firm that specializes in HIPAA compliance.  We strongly encourage our clients to purchase cyber-breach insurance.  We regularly blog on healthcare cyber security and compliance, often citing cyber-breach statistics.  It's likely you've been breached or will be breached in the near future.  So, it only makes good business sense to protect the investment you've made building your practice and transfer all ...

There is no way to stop a data breach

If you have been reading the news, you know cyber-breaches are getting out of control.  A recent article contained a statement of truth from Daniel Marvin, Cybersecurity Attorney, Stern & Montana.  He states “There is no way to stop a data breach. Hackers are smart, they are well-funded and they are relentless. You really can't build a firewall high enough to keep them out.”He's absolutely correct.  You MUST understand that preventative security measures reduce break-ins, but cannot s ...

Impact of a Healthcare Breach (2 of 3)

This article is the second in a three-part series from Third Rock, a leading HIPAA Compliance and Risk Management provider, that highlights the financial impact of a cyber-breach for healthcare organizations and why it is so important to protect your healthcare data.The impact from a healthcare breach has wide and significant impact to a healthcare organization, both small and large.  Here are some examples of the costs associated with healthcare breaches:Negative media/publicity is one of the fir ...

Cyber Breach – No One is Immune

This article is the first in a three-part series from Third Rock, a leading HIPAA Compliance and Risk Management provider, explaining the magnitude and business impact of cyber security breaches as well as steps you can take to protect your records and your organization.Recent headlines have reported that cyber breaches are occurring with greater frequency than ever before. Everyone is familiar with the cyber breaches of Target, Home Depot, JP Morgan, Sony, and most recently, the federal Office of Perso ...

Security Alert: Healthcare needs to learn from OPM Breach

HealthITSecurity wrote a good article on what Healthcare can learn from the US Office of Personnel Management (OPM) breach.  The key being that ALL businesses and organizations need to understand it is IMPOSSIBLE to keep the bad guys out of the castle, you WILL be breached sooner or later.  Therefore, they need to be prepared, by implementing multiple layers of cyber-security defense.  One part of the cyber-security they did NOT mention is a next generation solution that detects when unauthorized softwa ...

My EMR protects my ePHI, right? WRONG!

False Faith in your EMR/EHR It seems most doctors, practice managers, healthcare compliance officers and healthcare security officers put way too much faith in their EMR/EHR.  They think the EMR encrypts the data and therefore it’s secure and no more worries.  That’s a BIG mistake for the following reasons.Many EMRs do NOT encrypt the data in transit, on the local disk (cache) and/or do NOT auto timeout users. Leaving the ePHI available for easy cyber theft. Access controls are only as good as ...

HIPAA/HITECH, Is your practice compliant?

The new HIPAA/HITECH law has been in force for over two years.  However, most healthcare providers have yet to start addressing the new requirements.  It’s a daunting task for a risk assessment expert, professional project manager or even a CCO, CIO or COO, much less a practice manager.  There are various reasons for the delay: confusion, misinformation, cost and time.One of the most common sources of misinformation we've encountered in our clients is a belief that they are already in compliance!  ...

HIPAA Self-Assessment Validity

HIPAA Risk Assessment: Third party vs self-assessment Although the U.S. government allows healthcare providers under $5 million in annual revenue to perform a risk assessment themselves as part of the HIPAA requirements, is it a good idea?  The alternative is to pay an independent third party to perform the risk assessment.Many consider the Risk Assessment a necessary evil to avoid potential HIPAA fines.  It is important to remember the fundamental intent of HIPAA; protect the patient’s data, maint ...

HIPAA: Get off Windows XP Now! Seriously!

Ok, HEALTHCARE world, you have GOT to get with the program and MOVE forward.  We continue to go into healthcare providers of all kinds; hospitals, clinics, doctors, dentist, optometrist, dermatologist, etc and find these old, slow, archaic systems running Windows XP.  Here are a few reasons why you should PULL THE PLUG on Windows XP.Reasons to part ways with Windows XPNo longer officially supported by Microsoft. If you want any support, be prepared to open your wallet in a big way. Has know ...

The Breach is Only The Beginning

The scary thing about a cyber breach, is according to reports (Fire Eye Report), 97% of all networks have been breached. Think about that for a moment and realize that there is a good chance that your organizations network has been breached at some point. Now whether that breach was successful at gaining sensitive data, like ePHI, or not it is hard to tell. Which in its self is even more concerning than the fact that you had been breached. You just don't know and that is bad!You want to know what is tr ...

1 6 7 8 9 10 11 12 13 14