Workforce Security Awareness Training

Hackers are becoming increasingly proficient in detecting and exploiting security vulnerabilities in healthcare IT security.  In response, many healthcare organizations are preemptively working to identify and eliminate security vulnerabilities in operating systems, applications and configurations.  But in this quest for robust security controls, end-user practices can sometimes be overlooked. Employee carelessness, forgetfulness and lack of knowledge can create a huge gap in an otherwise secure setting. This gap can make an organization highly susceptible to cyber-attack, security breach, and ransomware.  It can also put an organization at risk for costly HIPAA violations that could generate negative publicity and reputational damage. 

In Security Awareness Training

Healthcare IT Cyber Security

News of a Healthcare security breach or ransomware incident has become almost commonplace.   Hackers have developed increased proficiency in identifying and exploiting security vulnerabilities in healthcare IT security, and environments that are otherwise considered “HIPAA compliant” are certainly not immune.   Protected Health Information (PHI) is a juicy target for hackers because it provides huge payoffs on the “dark web”, where hackers openly promote themselves and their stolen wares. 

In Cyber Security

Is Your Organization Ready for the 2016 OCR  HIPAA Audits?

If you are a covered entity or business associate, the Office for Civil Rights (OCR) may have you in its crosshairs.   In a recent interview, Devyn McGraw, OCR’s Deputy Director of Health Information/Privacy, announced that the new audit protocol is completed and will be released in April, with random audits to follow shortly thereafter.

In OCR Random Audits

Could your Organization be the next Ransomware victim?

Ransomware is a type of malware that restricts access to the infected computer system, and demands that the user pay a ransom to the malware operators to remove the restriction. Some forms of ransomware systematically encrypt files on the system's hard drive, then spread to any shared network drives and other computers, and make it difficult or impossible to decrypt without paying the ransom for the encryptionkey. Other forms of Ransomware may simply lock the system anddisplay messages intended to coax the user into paying to acquire the key. Ransomware typically propagates as a trojan, whose payload is disguised as a seemingly legitimate file.

In Ransomware

Don't Forget about HIPAA Privacy!

In today’s world of HIPAA regulations, not developing a plan for Privacy compliance is risky business for Healthcare providers. Multiple government agencies are actively enforcing these laws, and the penalty for non-compliance can be costly. With so much focus on HIPAA Security, the HIPAA Privacy Rule can sometimes go unheeded. Yet the government is just as serious about enforcing Privacy regulations, and enforcement is clearly within the scope of Office for Civil Rights HIPAA audits.

In HIPAA Privacy Compliance

Security Awareness Reminders to Help Avoid Common Scams

Healthcare organizations are facing a rising threat of malicious attacks that target protected health care information. The number of incidents that evade traditional security defenses are increasing at an alarming rate, and with the growing prevalence of EHRs, the playing field has become even more enticing to scammers. Couple this with tax season, and it seems like the email and phone scams increase substantially. While it’s always a good idea to be vigilant and help educate employees to be on guard, some extra reminders during this time of year can be a great benefit! Here are some common scams popping up again, as identified by the FTC: 

In Common Scams

Don't Get Hooked by a Phishing Expedition

In today’s fast-paced electronic world, Phishing attacks are once again becoming more prevalent. As companies shore up their security footprints, Hackers are forced to be more creative to get in, and usually try to prey on unsuspecting or unknowing users who they hope are too busy to pay attention to the details.

In Phishing

Password Strategies as Part of Your HIPAA Compliance Plan

There’s an old joke about passwords: 

During a recent password audit at our company, it was found that someone was using the following password:

MickeyMinniePlutoHueyLouieDeweyDonaldGoofyColumbus

When asked why they had such a long password, they said that they had been told that it had to be at least 8 characters long and include at least one capital!

While it’s easy to laugh at the punchline, password strength and complexity is no laughing matter to a Compliance Officer. Passwords are one of the primary security breach points, and depending on level of access, can sometimes be the keys to the kingdom.

In Password Strategies

Will you be audited for Meaningful Use?

The government is serious about enforcing Privacy and Security regulations.  In addition to potential HIPAA audits, any provider who receives an electronic health record (EHR) incentive payment for either the Medicare EHR Incentive Program or the Medicaid EHR Incentive Program may be subject to a Meaningful Use (MU) audit. In fact, each year, at least 1 in 5 eligible hospitals will be audited for Meaningful Use.   

In Meaningful Use