Focus on Security: Backups – The Ultimate Cyber-Security Weapon

Backups, we all believe and trust they are being performed regularly and will work if we ever need to restore our business after a natural disaster, malicious attack or cyber-attack, such as ransom-ware.  The reality is backups are not historically reliable and they become out of sight, out of mind!  You need to ensure they are being performed regularly and restoring from the backup media works. ePHI data is highly desirable by criminals because it is worth far more than credit card information on th ...

Focus on Technology: ePHI Encryption

Five years ago encryption was not common, nor cheap.  Today, it's everywhere and inexpensive to implement. Yet, healthcare still considers it a nuisance, ignores it or assumes their EHR or patient management software provides complete encryption. Consider the fact that ePHI is worth $500 per record and a credit card number is worth $0.50 (50 cents), it's time for healthcare providers and their business associates to batten down the hatches on their ePHI.  Cyber criminals want it and will find it.  Me ...

Data Hemorrhage – Find and Stop the Bleeding

We bleed data constantly. Data hemorrhage! Why? Because it is self-propagating. The more important the data, the faster it seems to reproduce. Important data has to be backed up. It will end up in the cloud, actually multiple clouds. I’ll print a copy and store it in my file cabinet, just in case. Probably be good to burn it on a CDROM as well for my long term records. High quality data is used for analysis via a spreadsheet, to project future business trends, revenue, and sales projections. You can make ...

Reduce the Burden of HIPAA While Increasing Your Protection

If you missed our recent webinar on Reduce the Burden of HIPAA While Increasing Your Protection you can watch it on-line now. Ed Jones, Third Rock's Chief Compliance Officer, keeps this presentation updated to help your stay current on HIPAA and cyber-security.  We offer the course to professional associations and local healthcare societies, board of directors and executives and as a Continuing Education (CE) course.  Contact us if you're interested in a private webinar with Q&A. Please join Ed ...

Macro malware hidden in Office documents makes a comeback

Just when you thought it couldn't get any worse, the cyber-criminals pile on more threats. More reason to train your staff on cyber-security and get your cyber-security in order before it's too late. Repost from FierceITSecurity ... The year 2015 saw the resurgence of macro malware hidden in seemingly legitimate Microsoft Office documents. To trick recipients of emails with infected files, attackers use social engineering techniques, such as naming the file "invoice details" or "resume," related se ...

ePHI – Defend, Detect, Defeat

Healthcare covered entities and business associates can reduce their cyber security risks by focusing on three areas – defend, detect, and defeat.  The cyber security industry refers to these areas with different words, but the same basic meaning.  Sometimes you’ll hear prevent, detect, respond, but we like defend to remind us we’re at war and defeat so we have a goal to stop data loss. Defend begins with governance, compliance and organization.  It involves assessing what you need to p ...

Healthcare Breaches Caused By Criminal Attacks

Last year the Ponemon Institute’s Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data revealed a shift in the root cause of data breaches from accidental to intentional.  This is worth noting for all healthcare providers, large and small.  It’s not enough to provide good, current cyber security training to all of your employees, but you must improve your overall cyber security to protect your highly valuable ePHI. FierceHealthIT wrote up a good summary on the report, read it ...

Is 2016 going to be “The Sequel” for Healthcare?

We all love sequels of our favorite movies. Unfortunately, when it comes to healthcare breaches, there is not much to love about the likelihood of a 2016 sequel to a record breaking 2015. At the end of 2014, which was recognized as the “The Year of the Cyber Breach”, many industry leaders, including Third Rock, predicted 2015 to be the year of the “Healthcare Breach.” It didn’t take long to for the prediction to come true. By the end of the first quarter, an estimated 91 million healthcare record ...

1 2 3 4 5