March 23, 2016 | by John Dimaggio
News of a Healthcare security breach or ransomware incident has become almost commonplace. Hackers have developed increased proficiency in identifying and exploiting security vulnerabilities in healthcare IT security, and environments that are otherwise considered “HIPAA compliant” are certainly not immune. Protected Health Information (PHI) is a juicy target for hackers because it provides huge payoffs on the “dark web”, where hackers openly promote themselves and their stolen wares.
March 16, 2016 | by John Dimaggio
If you are a covered entity or business associate, the Office for Civil Rights (OCR) may have you in its crosshairs. In a recent interview, Devyn McGraw, OCR’s Deputy Director of Health Information/Privacy, announced that the new audit protocol is completed and will be released in April, with random audits to follow shortly thereafter.
March 8, 2016 | by John Dimaggio
Ransomware is a type of malware that restricts access to the infected computer system, and demands that the user pay a ransom to the malware operators to remove the restriction. Some forms of ransomware systematically encrypt files on the system's hard drive, then spread to any shared network drives and other computers, and make it difficult or impossible to decrypt without paying the ransom for the encryptionkey. Other forms of Ransomware may simply lock the system anddisplay messages intended to coax the user into paying to acquire the key. Ransomware typically propagates as a trojan, whose payload is disguised as a seemingly legitimate file.
February 23, 2016 | by John Dimaggio
In today’s world of HIPAA regulations, not developing a plan for Privacy compliance is risky business for Healthcare providers. Multiple government agencies are actively enforcing these laws, and the penalty for non-compliance can be costly. With so much focus on HIPAA Security, the HIPAA Privacy Rule can sometimes go unheeded. Yet the government is just as serious about enforcing Privacy regulations, and enforcement is clearly within the scope of Office for Civil Rights HIPAA audits.
February 9, 2016 | by John Dimaggio
Healthcare organizations are facing a rising threat of malicious attacks that target protected health care information. The number of incidents that evade traditional security defenses are increasing at an alarming rate, and with the growing prevalence of EHRs, the playing field has become even more enticing to scammers. Couple this with tax season, and it seems like the email and phone scams increase substantially. While it’s always a good idea to be vigilant and help educate employees to be on guard, some extra reminders during this time of year can be a great benefit! Here are some common scams popping up again, as identified by the FTC:
February 2, 2016 | by John Dimaggio
In today’s fast-paced electronic world, Phishing attacks are once again becoming more prevalent. As companies shore up their security footprints, Hackers are forced to be more creative to get in, and usually try to prey on unsuspecting or unknowing users who they hope are too busy to pay attention to the details.
January 26, 2016 | by John Dimaggio
There’s an old joke about passwords:
During a recent password audit at our company, it was found that someone was using the following password:
MickeyMinniePlutoHueyLouieDeweyDonaldGoofyColumbus
When asked why they had such a long password, they said that they had been told that it had to be at least 8 characters long and include at least one capital!
While it’s easy to laugh at the punchline, password strength and complexity is no laughing matter to a Compliance Officer. Passwords are one of the primary security breach points, and depending on level of access, can sometimes be the keys to the kingdom.
August 25, 2015 | by John Dimaggio
The government is serious about enforcing Privacy and Security regulations. In addition to potential HIPAA audits, any provider who receives an electronic health record (EHR) incentive payment for either the Medicare EHR Incentive Program or the Medicaid EHR Incentive Program may be subject to a Meaningful Use (MU) audit. In fact, each year, at least 1 in 5 eligible hospitals will be audited for Meaningful Use.