HIPAA: Reducing Your Liabilities

As we perform more Security Risk Analyses, (we actually do privacy and security risk assessments), we continue to hear doctors, executives, and office managers consider HIPAA an onerous burden.  They tend to see it as painful compliance overhead and a total waste of time.  But, that is a very dangerous view of HIPAA compliance. HIPAA compliance is actually attempting to provide a guide for the healthcare industry to operate their business so they REDUCE LIABILITIES.  It reduces the likelihood of h ...

HHS Releases New Guidance on Ransomware

One of the top newsmakers of 2016 has been ransomware.  During the first half of this year, ransomware grew 300% to 4,000 daily attacks! But several high profile attacks of hospitals really put it in the spotlight.  Although it has been around for several decades, in the past 4 years, Russian groups have further developed its capabilities and propagated its use worldwide. The dark web or darknet also significantly contributed to the increase in ransomware attacks due to its black market for such products. ...

The Big Boys’ 2016 Cyber Security Reports

The "big boys" in cyber security have released their annual Cyber-Security reports, ugh or UGH.  Cyber security is so important now that some companies have jumped into the mix of providing a report.  AT&T released their first cyber-security report this year. Forbes has a great article by Steve Morgan, outlining all of the reports and providing links to download all of them.  I'll try to sum them all up in a short list here.  But, check Mr. Morgan's article out for more in-depth summaries and links ...

Focus on Security: Backups – The Ultimate Cyber-Security Weapon

Backups, we all believe and trust they are being performed regularly and will work if we ever need to restore our business after a natural disaster, malicious attack or cyber-attack, such as ransom-ware.  The reality is backups are not historically reliable and they become out of sight, out of mind!  You need to ensure they are being performed regularly and restoring from the backup media works. ePHI data is highly desirable by criminals because it is worth far more than credit card information on th ...

Road Blocks to Creating Your Contingency Plan

Why Everyone Needs Help Creating a BC/DR (Contingency) Plan Creating a contingency plan is a huge undertaking.  It’s a major project for any company, small or large.  It’s a major project for any company, small or large; an integration effort which requires a large amount of time from experts across the company and often outside the company, including executives, managers, staff, vendors and consultants. While creating a contingency plan for a large health care provider I realized part of the pro ...

BCDR is the operations plan

I have been involved with assessing Business Continuity and Disaster Recovery (BCDR) plans and their development for over 25 years.  It always seems that DR planning is an afterthought and starts with system backups.   Typically, companies build out their IT infrastructure based on the business requirements. When it's finished someone asks, "How do we recover this if something bad happens?"  That's not 100% true, but most companies don't really plan well for a major disaster.  The proliferation of netw ...