Healthcare Information Security: Have you been breached?

The Ponemon Institute1 reports that approximately 91% of healthcare organizations (“covered entities”) have experienced an information breach in the past year and an additional 38% have suffered more than five data breaches in the past two years! During the same time period, 59% of business associates have been breached, and 15% have been breached five or more times.* It is estimated that 20 to 30% of providers have been breached and may not yet even be aware that a breach has occurred. According to ...

Security Advisory: LastPass Compromised

According to LastPass their team found and blocked suspicious activity on their network. They claim that no evidence that any encrypted user vault data (where the passwords are stored) was taken. However they said that the investigation has shown that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised. "We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authent ...

They’re Here! OCR Launches Phase 2 HIPAA Audits. Are You Ready?

The Office of Civil Rights (OCR) is about to launch the next round of HIPAA audits, designated as Phase 2.  The initial phase of audits in 2011 and 2012 established that security compliance was woefully poor and expectations for these next round of audits are compliance hasn’t improved significantly.  Statistics recently published state that 90% healthcare providers have experienced a breach within the past year! It gets worse.  In 2014, 8 million healthcare records were improperly disclosed or stolen. ...

29 Million Health Records Exposed in 4 Years

If you had any shred of doubt that health care data breaches are a legitimate and major problem, those doubts have been laid to rest. Medical researchers published a study (link) showing that an astounding 29.1 million health records were compromised between 2010 and 2013. That DOES NOT INCLUDE the major breaches in 2014 and early 2015!! The majority of them (58%) were exposed through theft, but the rest were through hacks and un-authorized access. Providers are not happy, as seen in the opinion pi ...

Dental practice hacked – Healthcare practices under attack.

We've all read in the news about large healthcare providers and insurers being hacked and losing millions of patient records.  However, small practices need to realize why they too are targets for cyber attacks. Cyber criminals are breaching dentist, orthodontists, optometrists, ophthalmologists, nursing homes, assisted living facilities, home healthcare, hospices, CCRCs, chiropractics, therapists, and every other healthcare practice in addition to hospitals and insurance companies. If you're a healthc ...

US-CERT: Microsoft Releases Critical Security Bulletin

Microsoft has released Security Bulletin MS15-011 (link is external) to address a critical vulnerability in Windows. Exploitation of this vulnerability could allow a remote attacker to take complete control of an affected system. This security update contains a new policy feature (UNC Hardened Access) which is not enabled by default. To enable this feature, a system administrator must deploy the update, then apply the Group Policy settings described in the bulletin. For complete protection agains ...

Security Advisory: New Adobe Flash Vulnerability

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address a vulnerability that could be used to circumvent memory randomization mitigations on the Windows platform. Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player.  Additionally, we are investigating reports that a separate exploit for Flash Player 16.0.0.287 and earlier also exists ...

Worry-Free Compliance with Secure (Encrypted) Email

HITECH has added new requirements to the HIPAA regulations, one of which is encrypted email when sending or receiving PHI.  It’s important for healthcare providers to understand email is NOT secure, encrypted or safe for sending sensitive information.  It is easily intercepted and read by others, which is likely cyber criminals.  To protect information being sent via email a modified email service must be used.  There have been encrypted email solutions for years and Microsoft Office 365 and other clo ...

Hackers Pay 20-times More for Medical Information

According to Kelly Yee, Vice President at Penango, the secure webmail and encryption company, hackers are willing to pay 20 times more for medical information than credit card information! The main reason is medical records are a smorgasbord of information, including social security numbers, personal information, and medical history. With information like this they can apply for credit cards, gain access to prescription medication, and much more. With the valuation of stolen credit card information going ...

2015 – The Healthcare Hack

Just a short post before the New Year! The writing is on the wall. If you look at predictions and reports from all of the security organizations, the one thing that is clear is that Healthcare will find itself the major target of hackers in 2015. As of 2013, it is reported that 43% of all data breaches involved healthcare data. That is only going to get worse! Why is healthcare such a primer target? Simple, medical records contain a lot of information about your patients identity. This allows for iden ...

1 6 7 8 9 10 11 12