Your iPhone Is a Target for Criminals

Check Point Software released their April 2016 Threat Index revealing what we all know; cyber-threats are rising at alarming rates.  The report shows Apple's iOS devices are under heavier attack than reported in previous reports. Over 2,000 unique malware families were identified by Check Point during April, which they state is a 50 percent increase over March, and you thought rabbits multiplied rapidly!  The iOS issue comes from the fact they found XcodGhost had moved into the top three most common mobi ...

Making Your BOE a Priority

Do you keep good records?  When asked that question my mind races to the Federal Income Tax due date, April 15th and I get a knot in my gut.  I think of sorting through a box of receipts late at night feeling very rushed, tired and frustrated.  Each year I set the goal to be better organized for April 15th, but my life is far too busy to allow me to dedicate the time to organizing a solution. In my business life however, I do quite well thank you!  I maintain good records and well organized files.   ...

Primary Cyber Security Threats

We're often asked "How likely is it that we will be audited by the government (OCR) for HIPAA compliance?"  Our response is "It's highly unlikely to be selected to be audited by the OCR".  We immediately follow up with, "However, it's highly likely you will have a breach of PHI or ePHI, which will then trigger an audit by the OCR, and 15,000 audits were started because of someone reporting a practice to the OCR, either a patient, employee, or business associate."  Therefore, take steps to Protect you ...

What’s your security score?

  There are a number of ways to become the subject of an OCR HIPAA audit.  The most unlikely way is to be selected for a random audit and if that happens, go buy a lottery ticket! Complaints filed by dissatisfied customers and/or disgruntled employees resulted in about 15,000 investigations last year.  Suffer a breach and OCR will be knocking on your door.  As the number and severity of breaches continue to increase, third party companies are becoming much more efficient at identifying com ...

Avoid the HIPAA Wall of Shame

There are several things a healthcare covered entity or business associate needs to do to avoid HIPAA fines and the possibility of being listed on the wall of shame, but the immediate need is to perform a thorough risk assessment. And that usually means having a third party perform a credible risk assessment that includes privacy, security and technology assessments. Unless your organization has conducted a thorough risk assessment in the last 12 months and taken action to address issues, you're playing ...

Protecting PHI through mutual trust

The Office of Civil Rights (OCR) of the Department of Health and Human Services issued a warning stating that covered entities should expect and prepare to mitigate the damages of breaches as a result of their business associates (BA).  In an article published in Healthcare IT News by Jack McCarthy entitled “OCR cautions hospitals to prepare for breaches at business associates” , he quotes OCR that most covered entities (CE) don’t believe their BAs will notify them of a breach.  The CEs also sta ...

Anti-virus products, security devices affected by 7-Zip vulnerability

Two vulnerabilities have been uncovered by researchers in a open-source Windows utility called 7-Zip. This program provides compression and archiving tools for files. While many of our readers may not know what, or who, 7-Zip is, it is likely that other products that you do use or know about rely on 7-Zip in their programs. Some of the vendors that have 7-Zip integrated include FireEye, Malwarebytes, and Comodo. This means whether you use 7-Zip directly or not, you may be vulnerable. Cisco Talos re ...

OCR Levies fine for lack of business associate agreements

$1.55 million settlement and remediation  According to the HHS Office of Civil Rights, North Memorial Health Care of Minnesota failed to complete a security risk assessment or risk analysis nor did it have compliant business associate agreements.  The OCR considers these major cornerstones of HIPAA compliance.  The important thing to understand about the security risk analysis is that it now focuses on IT infrastructure.  Which means you must make sure you perform several key steps in the risk assessme ...

Protecting Patient Health Information

The Meaningful Use advisers at the North Texas Regional Extension Center have a lot of experience working with physicians and Patrick Casey makes some good points about the need to protect patient health information. Protected Health Information (PHI) is a hot commodity on the black market and well worth your time to learn how to protect.  It’s a quick read that healthcare providers (doctors, office managers and all staff) need to read and understand. Protecting Patient Health Information by Patri ...

Focus on Security: Backups – The Ultimate Cyber-Security Weapon

Backups, we all believe and trust they are being performed regularly and will work if we ever need to restore our business after a natural disaster, malicious attack or cyber-attack, such as ransom-ware.  The reality is backups are not historically reliable and they become out of sight, out of mind!  You need to ensure they are being performed regularly and restoring from the backup media works. ePHI data is highly desirable by criminals because it is worth far more than credit card information on th ...

1 2 3 4 5 6 7 8 9 10 11 14