HIPAA/HITECH Security Risk Analysis Myths and Facts

As we continue to work with more health care providers, covered entities, and business associates we see confusion about HIPAA/HITECH compliance requirements. Some providers are even in denial. They believe they are being compliant by just having staff take short on-line "HIPAA" training courses.  But that falls well short of what is required to be compliant, and many of these on-line training courses are not up to date with current HIPAA regulations, nor do they cover cyber-security, which is now a must h ...

Just how HIPAA compliant are you? HIPAA Quick Check Stats

Healthcare organizations are focused on the health and welfare of their patients.  It is the very reason for their existence.  Today, patient “welfare” increasingly means protecting patient data.  It is daunting task given the complexity and ever-evolving requirements.  The industry and HIPAA regulations struggle to keep up with the rapidly evolving cyber thieve. Over a year ago we setup a HIPAA Quick Check site where organizations can take a few minutes to see just how well they actually stack ...

HIPAA: What was Reasonable and Appropriate is not Today!

If you are scared of the blunt truth, you really should read this anyway. You can no longer simply cover your ears and close your eyes. I’m sure HHS and OCR wish the phrase “reasonable and appropriate” wasn’t ever written into the HIPAA CFRs.  I can’t think of a vaguer and more meaningless phrase, except possibly “indescribably delicious”.  An attempt to instruct providers and business associates to install and maintain security safeguards that protect patient data within your practice’ ...

Healthcare Information Security: Have you been breached?

The Ponemon Institute1 reports that approximately 91% of healthcare organizations (“covered entities”) have experienced an information breach in the past year and an additional 38% have suffered more than five data breaches in the past two years! During the same time period, 59% of business associates have been breached, and 15% have been breached five or more times.* It is estimated that 20 to 30% of providers have been breached and may not yet even be aware that a breach has occurred. According to ...

Security Advisory: LastPass Compromised

According to LastPass their team found and blocked suspicious activity on their network. They claim that no evidence that any encrypted user vault data (where the passwords are stored) was taken. However they said that the investigation has shown that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised. "We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authent ...

They’re Here! OCR Launches Phase 2 HIPAA Audits. Are You Ready?

The Office of Civil Rights (OCR) is about to launch the next round of HIPAA audits, designated as Phase 2.  The initial phase of audits in 2011 and 2012 established that security compliance was woefully poor and expectations for these next round of audits are compliance hasn’t improved significantly.  Statistics recently published state that 90% healthcare providers have experienced a breach within the past year! It gets worse.  In 2014, 8 million healthcare records were improperly disclosed or stolen. ...

29 Million Health Records Exposed in 4 Years

If you had any shred of doubt that health care data breaches are a legitimate and major problem, those doubts have been laid to rest. Medical researchers published a study (link) showing that an astounding 29.1 million health records were compromised between 2010 and 2013. That DOES NOT INCLUDE the major breaches in 2014 and early 2015!! The majority of them (58%) were exposed through theft, but the rest were through hacks and un-authorized access. Providers are not happy, as seen in the opinion pi ...

Dental practice hacked – Healthcare practices under attack.

We've all read in the news about large healthcare providers and insurers being hacked and losing millions of patient records.  However, small practices need to realize why they too are targets for cyber attacks. Cyber criminals are breaching dentist, orthodontists, optometrists, ophthalmologists, nursing homes, assisted living facilities, home healthcare, hospices, CCRCs, chiropractics, therapists, and every other healthcare practice in addition to hospitals and insurance companies. If you're a healthc ...

US-CERT: Microsoft Releases Critical Security Bulletin

Microsoft has released Security Bulletin MS15-011 (link is external) to address a critical vulnerability in Windows. Exploitation of this vulnerability could allow a remote attacker to take complete control of an affected system. This security update contains a new policy feature (UNC Hardened Access) which is not enabled by default. To enable this feature, a system administrator must deploy the update, then apply the Group Policy settings described in the bulletin. For complete protection agains ...

Security Advisory: New Adobe Flash Vulnerability

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address a vulnerability that could be used to circumvent memory randomization mitigations on the Windows platform. Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player.  Additionally, we are investigating reports that a separate exploit for Flash Player 16.0.0.287 and earlier also exists ...

1 8 9 10 11 12 13 14 15