Focus on Security: In plain sight

Sometimes we tend to focus strictly on the technical side of security and compliance and fail to notice the very important issues hiding in plain sight. While a hacker breaking into your network and stealing ePHI is the threat that is being talked about the most, it is sometimes the overlooked old-fashioned threats that present the greater risk. Think about how many times a patient record has been sitting somewhere and how long does it actually take for someone to pick it up and walk off? What about allo ...

Closing the Cybersecurity Gap

As we hear more and more about breaches and ransomware in businesses and especially healthcare, it is becoming an even greater concern for healthcare business owners. It is no longer if you will be attacked, but when and how often. The first step in closing the cybersecurity gap is to realize that you can't do it on your own. Cybersecurity is not finding your basic "IT guy" that "can fix it". It is about obtaining the right resource whether that is a full time hire or a managed service. The next thin ...

HIPAA – Standard Operations for Business

HIPAA gets a bad rap - and deservedly so. However, most of that bad rap is because it is set up in a typical government fashion that is hard to understand and make sense of. When you look at the HIPAA laws and guidelines, it is not long before you become more perplexed than you were before. However, once you get past the government's idea of light reading, or by using our CompassDB tool which translates it into a humanly readable language, you realize that the HIPAA guidelines are not really all that cu ...

The greatest threat comes from within

Sometimes it is easy to forget that the greatest threat is from within. In today’s focus on cyber-security world, we tend to focus on keeping people out of our network as a primary method to keep our sensitive data, such as ePHI, safe. While that is incredibly important, we should make sure not to overlook the threat posed by those we do grant access. How much of a threat is it? Well, roughly half of all attacks originate from inside the company - and not all are with malicious intent. Part of the prob ...

5 Tips for Creating an Information Security Culture

Engaging clinical staff in information security can be an uphill challenge. For people doing the tangible, social, and physical work of healthcare, a Security Officer’s cautions regarding the invisible threat of cyber-theft can seem like science fiction paranoia. Further, among the healthcare practitioners who do recognize information security as a relevant concern, a substantial number still see it as an “IT issue.”  And finally, as if those barriers weren’t enough, the mere mention of “HIPA ...

Focus on Technology: Change Your Router Passwords!

One of the most common services in healthcare is the connection to the internet. With all the focus on security and cyber breaches, one of the most vulnerable pieces on your connection to the internet is what is called the router / gateway. The router / gateway connects your computers and devices to the public internet and in many cases provides the initial security or barrier through the use of a built-in firewall. The problem is, that while this is the door, the gateway to the internet, it is a two way ...

Why using Gmail, Yahoo Mail, or Hotmail in healthcare is bad

Time and time again we see healthcare organizations using free email accounts. While convenient, it is an extremely dangerous decision in a world where HIPAA fines are increasing in cost and occurrence. If you or your employees have access to or use the free email services from you organization’s network, either officially for business and/or for personal use, you are at an extreme risk of being breached! Why? Think about what can be sent via email. Whether you are using email to send patients r ...

Protect your patients, protect your practice, protect yourself.

The healthcare industry is beginning to realize that HIPAA is here to stay and they are probably going to be audited sooner or later.  What physicians and all healthcare providers need to understand is that if you don't protect your patients' PHI/ePHI the following can happen to your patients as a result of their identity being stolen and used. NOT Protecting Your Patients' (PHI/ePHI): You can cause them financial difficulties or even financial ruin. You can cause them undue stress, even a str ...

HIPAA Violation leads to jail time

An east Texas man, Joshua Hippler, was sentenced to 18 months in jail for violating HIPAA regulations. Basically, he was trying to sell PHI for personal gain.  He worked in a hospital and obtained PHI that he planned to sell.  The story here is not about Mr. Hippler, it's about you being held accountable for the protection of PHI.  It's important to understand that you can now serve jail time for NOT being HIPAA compliant. Yes, it's true, Hippler had criminal intent, but if you take HIPAA lightly and ...

Healthcare under attack by new strain of ransomware

FireEye Labs has identified massive email campaigns by cyber-criminals during Aug, 2016 containing the Locky ransomware embedded in DOCM attachments.  DOCM is Open XML Macro-Enabled Document file used in Microsoft Word.  Which means the file contains a macro which MS Word will execute when you open the file in MS Word.  Healthcare is the leading industry targeted by the campaign. The healthcare industry is now the "industry of choice" by cyber-criminals since Protected Health Information (PHI/ePHI) i ...

1 2 3 4 5 6