Building a Privacy & Security Culture: Training is just the beginning!

The privacy and security practices required by HIPAA run counter to decades of habit! Paper charts stored in unsecured racks in public hallways, unsecured computer workstations, and open discussion of patient information in public areas have been the norm in many healthcare facilities despite the 1996 and 2003 HIPAA privacy requirements. The additional risks to patient information posed by new technologies also run counter to decades of thought. Caregivers accustomed to thinking of their facility as a rel ...

Top 25 Shameful Passwords of 2015

More and more passwords are becoming a daily part of your life. Considering that it is recommended to never use the same password at different sites or on different apps, it can become overwhelming. Despite that, there are just some things that you should not compromise for the sake of being easy. Below are the list of the top 25 worst passwords for 2015. Just as a quick reminder, while passwords are not the end-all-be-all in security, it pays to create secure ones. You should try to keep them at a minim ...

Cyber-Security: Best Practices – Short and Sweat!

Yes, that said swEAt, not swEEt.  If you think there is anything sweet about cyber-security you haven't been in it long enough.  The good news is the Australian government came up with a very short list of key strategies for cyber-security best practices.  This is straight from Marc Goodman's book Future Crimes. Application white listing - only allow specifically authorized programs to run on your system and block all unknown executable files and installation routines.  Doing so prevents malic ...

HIPAA Compliance – After the Risk Assessment, Then What? Breach Detection

As we noted previously, there are numerous requirements for HIPAA compliance.  A top priority after the risk assessment is cyber security to prevent and detect cyber breaches. In this age of data breaches – from cyber breaches to equipment theft/loss, addressing the issue of continuous monitoring of your network and your networked devices might be the second item to address on your list of HIPAA compliance activities.  The Office of Civil Rights (DHHS) states that security is now 80% of the requireme ...

Focus on Technology: Anti-Virus Software Fails Us

As computer users we've become acclimated to using anti-virus software to keep our systems secure. However, in recent years that's no longer enough. Based on the security industries' numbers, anti-virus software only catches 45 to 55% of viruses and malware. Marc Goodman, recognized cybercrime expert noted in his recent book “Future Crimes” university studies indicate that antivirus software captures only 5% of emerging malware. Add to that the antivirus software industry reports that between 100,000 to ...

HIPAA Compliance – How to Get Started?

You may have asked yourself – how HIPAA compliant are we really?  What constitutes HIPAA compliance?  How often do I need to check? There are numerous requirements for HIPAA compliance – performing an annual risk assessment, up-to-date training, maintaining current policies and procedures, having a contingency plan, having your data encrypted at rest and in motion, continuous monitoring of all networks and networked devices, just to name a few. Those are a lot of things to contend with but where ...

Focus on Technology: Anti-virus Maintenance

We see many covered entities that do NOT maintain their anti-virus.  It is EXTREMELY important that your IT staff (MSP) keeps the anti-virus definitions set for auto-update and that the anti-virus software itself is updated as needed.  We suggest that you have a monthly review of each computer and make sure the anti-virus software and definitions are current and working correctly. It's wise to review your anti-virus solution each year too.  There are usually a few top tier solutions that keep their so ...

Impact of a Healthcare Breach (2 of 3)

This article is the second in a three-part series from Third Rock, a leading HIPAA Compliance and Risk Management provider, that highlights the financial impact of a cyber-breach for healthcare organizations and why it is so important to protect your healthcare data. The impact from a healthcare breach has wide and significant impact to a healthcare organization, both small and large.  Here are some examples of the costs associated with healthcare breaches: Negative media/publicity is one of the fir ...

Cyber Breach – No One is Immune

This article is the first in a three-part series from Third Rock, a leading HIPAA Compliance and Risk Management provider, explaining the magnitude and business impact of cyber security breaches as well as steps you can take to protect your records and your organization. Recent headlines have reported that cyber breaches are occurring with greater frequency than ever before. Everyone is familiar with the cyber breaches of Target, Home Depot, JP Morgan, Sony, and most recently, the federal Office of Perso ...

Security Alert: Healthcare needs to learn from OPM Breach

HealthITSecurity wrote a good article on what Healthcare can learn from the US Office of Personnel Management (OPM) breach.  The key being that ALL businesses and organizations need to understand it is IMPOSSIBLE to keep the bad guys out of the castle, you WILL be breached sooner or later.  Therefore, they need to be prepared, by implementing multiple layers of cyber-security defense.  One part of the cyber-security they did NOT mention is a next generation solution that detects when unauthorized softwa ...

1 2 3 4 5