Maintain Security Awareness with Free 60-second video snippets

HIPAA Security compliance section 164.308(a)(5) defines periodic security reminder as an addressable action. How do you maintain information security awareness for your employees?

I just read a press release about a company in Orem, UT that produced a sequence of 60-second videos outlining best practices for healthcare practices to comply with technical HIPAA requirements. What a great idea!

While there are many approaches you can take to maintain security awareness– email alerts, scheduled online training, posters, screen savers, lunch and learns, etc. ...

Continue Reading
0

Are Your IT Acceptable Use Policies Up-to-date?

A catfish is someone who creates a false online identity.  Catfishing is common on social networking sites.  The catfish’s intent is to defraud a victim, seek revenge or commit identity theft.  The information obtained could be used to compromise your network.

One key element required by HIPAA is to document acceptable end user behaviors.  These documented behaviors are called IT Acceptable Use Policies.  One area requiring policy definition includes the degree of end user access granted or allowed to social media ...

Continue Reading
0

Healthcare IT Security Worse Than Retail, Study Says

Sometimes it is useful to compare your company’s security footprint to peers and other verticals. This provides a benchmark or standard when evaluating your progress. It you find you company falls short of the standard, you might take a more aggressive approach to improving your security footprint. The best run businesses set realistic goals and work to achieve those goals to improve their business performance and thus their profitability. Benchmarks help to set those goals.

A recent report from Information Week, ...

Continue Reading
0

Largest HIPAA $$ Violation Settlement to Date

HHS just handed out $4.8 million worth of HIPAA fines to New York and Presbyterian Hospital and Columbia University.  6,800 ePHI records were breached by poor server deactivation procedures exposing those patient records to internet search engines.  The organizations learned of the breach when a deceased patient’s partner found the former patient’s ePHI on the internet.  Poor risk management and a failure by the organizations to implement their own policies and procedures contributed to the huge fine.

Read the whole story ...

Continue Reading
0

The Devious Mind of a Hacker

Most of our customers just ‘take our word’ about their network security vulnerabilities.  While respecting our security credentials, some decide not to take preventative action.  They don’t fully understand how their vulnerabilities can be exploited by the bad guys.  One particular entrenched vulnerability is called distributed denial of service attack (DDoS).  In nontechnical terms, I’m going to explain how this vulnerability is now being used to steal your protected company information.

A DDoS attack is staged by a hacker using multiple ...

Continue Reading
0

FBI warns healthcare sector vulnerable to cyber attacks

The FBI’s perspective on Healthcare security? –  Vulnerable.  Why should you care?  Because, according to the FBI, healthcare data is far more valuable to hackers on the black market than credit card numbers because it tends to contain details that can be used to access bank accounts or obtain prescriptions for controlled substances.  Cyber criminals are getting paid $20 for health insurance credentials on some underground markets compared to $1 to $2 for U.S. credit card numbers.

Many doctors that manage their ...

Continue Reading
0

HITRUST – Health Information Trust Alliance

HITRUST is a resource I use to keep current on information security as it relates to healthcare. In addition, it is an organization that supports the belief that information security should be a “core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges.” HITECH has established the CSF (common security framework) that can be used by any and all organizations that create, access, store or exchange personal health information. It provides an even ...

Continue Reading
0
Page 6 of 6 «...23456