Healthcare under attack by new strain of ransomware

FireEye Labs has identified massive email campaigns by cyber-criminals during Aug, 2016 containing the Locky ransomware embedded in DOCM attachments.  DOCM is Open XML Macro-Enabled Document file used in Microsoft Word.  Which means the file contains a macro which MS Word will execute when you open the file in MS Word.  Healthcare is the leading industry targeted by the campaign. The healthcare industry is now the "industry of choice" by cyber-criminals since Protected Health Information (PHI/ePHI) i ...

Third Rock Announces – Custom HIPAA Policies and Procedures

FOR IMMEDIATE RELEASE   Austin, TX, Aug 25, 2016 – Third Rock, provider of HIPAA Worry-Free Compliance™, announced custom, online HIPAA Policies and Procedures as an additional capability of  their compliance management platform, CompassDB™.  This new capability is designed to address common issues associated with policies and procedures found in most healthcare practices; outdated paper documents collecting dust on a bookshelf. The overarching focus of CompassDB™ is to reduce the cost ...

Achieving Your HIPAA Gold Medal

With the 2016 Summer Olympics in full swing I thought it apropos to use the analogy of achieving a gold medal to obtaining HIPAA compliance.  I know, not really fair or nice to the Olympics and Olympians, but it makes a decent blog post and a good analogy.   So, bear with me and work on achieving your HIPAA gold medal. Vision You need a clear vision.  You will obtain your goal of being HIPAA compliant.  You need to clearly understand what that requires.  Take our Free Risk Assessment to better un ...

Is HIPAA Worth It?

HIPAA is yet another government mandate for American healthcare businesses to address.  We all know it's time consuming, requires a lot of effort to learn, stay current on and to implement.  Plus, it's costly.  But, is it worth it?  Does it truly help the covered entity or business associate in the long run.  You might be surprised by the answer. The simple answer is ABSOLUTELY. First, let's look at HIPAA goals. Basic Goals of HIPAA Portability: To allow patients to transfer their records ...

Third Rock Announces CompassDB™ – A Comprehensive Compliance Management Platform

Austin, TX, - Aug. 3, 2016 – Third Rock, provider of HIPAA Worry-Free Compliance™, announced CompassDB™ their compliance management platform.  CompassDB™ is designed to significantly reduce the cost and burden of HIPAA compliance for all parties involved.  Consulting firms who provide compliance services, and the clients, Covered Entities and Business Associates on which HIPAA regulations are focused, all will benefit. CompassDB™ is a cloud solution that provides safe, secure, web based s ...

HHS Releases New Guidance on Ransomware

One of the top newsmakers of 2016 has been ransomware.  During the first half of this year, ransomware grew 300% to 4,000 daily attacks! But several high profile attacks of hospitals really put it in the spotlight.  Although it has been around for several decades, in the past 4 years, Russian groups have further developed its capabilities and propagated its use worldwide. The dark web or darknet also significantly contributed to the increase in ransomware attacks due to its black market for such products. ...

HIPAA Crossword Puzzle

HIPAA Crossword Puzzle Third Rock We thought it might be good to have you learn more about HIPAA through a challenging crossword puzzle. We hope you enjoy completing the puzzle and learn a little about HIPAA in the process.  You can click the image below to download the PDF version and print it off. Answers Across: 2. PHI 3. backups 5. ice cream 6. HIPAA 8. risk assessment 10. covered entities 12. disaster recovery 15. PII 17. cyber breach 20. cyber security 21. audit 22. lemonade ...

Insider Breaches – A Risk that Shouldn’t be Overlooked

With all the headlines on cyber breaches and the cyber criminals trying to break into your digital environment, you may overlook a common and very real threat.  Accenture's recent security report said 69% of the people surveyed had experienced an insider attempt or success at data theft or corruption.  Many of the other cyber reports show the same types of stats.  It is reasonable to anticipate someone inside your organization may be planning or is actively stealing your company’s proprietary infor ...

Cyber-breaches: Don’t Lie to Yourself

We've heard many arguments for not addressing your HIPAA compliance by healthcare covered entities. Honestly, it's appalling to think a person that provides care to people doesn't care about protecting that person's personal information to prevent their customer from experiencing emotional and financial suffering and potential ruin.  The first issue for the healthcare covered entity is to understand it's not about the HIPAA audit but about being breached, losing ePHI and then being forced to be audit ...

Steps to Prepare for an OCR HIPAA Audit

We're often asked when helping clients with their HIPAA compliance, "What do we do if we're audited [by the OCR]?"  It is analogous to the old adage about buying a home; location, location, location.  In the HIPAA world, it's document, document, document! You must record your HIPAA compliance efforts, regularly contributing to the "body of evidence" that your practice is on the compliance path and making improvements.  Conversely, if you aren't documenting your efforts and you receive an audit not ...

1 2 3 4 5 6 7 8