Category: BAI Security Blog
Cyber Insurance

DOES YOUR ORGANIZATION NEED CYBER INSURANCE?

News about the damage associated with the Sony breach keep coming, and is most likely going to reach new heights over the Christmas break. Meanwhile, criminals keep conducting immensely successful hack attacks against huge brands that should have the financial assets and talent to protect against breaches. Has this risk management gone very wrong — accepting the occasional hack attack as a cost of doing business — or are we fighting a war we can’t win? We know that data/networks can and should be secured more effectively. While no security system will ever be 100% bulletproof, there are glaring bad practice issues in all of the recent high-profile breaches. We’ll look at why this might be happening in a follow-up

Read More »
BAI Security December 17, 2014
Data Privacy

THE NEW FEDERAL STRATEGIC HEALTH IT PLAN

The Office of the National Coordinator for Health IT, a unit of the Department of Health and Human Services, has issued its Strategic Health IT Plan for 2015 to 2020. The plan, developed in collaboration with more than 35 federal agencies, has five main goals: Furthering the adoption of health IT Improving the security and interoperability of health information exchanges Strengthening healthcare delivery Supporting and improving the health and wellness of individuals and communities Advancing research and innovation The last federal Strategic Health IT Plan was released in 2011. The new plan is similar to the 2011 plan, and could better be described as a position paper than as a tactical, visionary document. The Office of the National Coordinator for Health

Read More »
BAI Security December 11, 2014
C-Suite

FREE SECURITY AWARENESS TRAINING FOR FINANCIAL INDUSTRY EXECUTIVES

Security awareness will be a focus for banking regulators in 2015, with a focus on financial institutions’ C-suite executives and boards of directors. It’s likely that an in-depth refresher program will be a must for many, as new regulations are more complex and put a strong emphasis on cybersecurity preparedness. One resource that financial institutions may wish to consider when choosing training is the free cybersecurity education program supported by the Department of Homeland Security and the Federal Emergency Management Agency. (Thank you to http://www.bankinfosecurity.com for alerting us to this offering.) The newly updated cybersecurity curriculum is part of a series of courses offered by the National Cybersecurity Preparedness Consortium, a partnership between Texas A&M’s Engineering Extension Service, The University of San

Read More »
BAI Security December 9, 2014
Data Privacy

HIPAA, HEALTH TECHNOLOGY TRENDS, AND SECURITY THREATS

Most people in the U.S. say that care more about protecting the privacy of their healthcare data than they do about being able to conveniently access that information. That said, according to a recent PwC Health Research Institute report, privacy will be sacrificed to apps/services that collect and analyze personal health information. Do-it-yourself healthcare is going to be huge, according to PwC’s “Top Health Industry Issues of 2015” report: “U.S. physicians and consumers are ready to embrace a dramatic expansion of the high-tech, personal medical kit. Wearable tech, smartphone-linked devices and mobile apps will become increasingly valuable in care delivery.” The report also predicts that healthcare tech will move from mobile apps to medical devices to “make diagnosis and treatment more

Read More »
BAI Security December 8, 2014
Big Data

TOP CYBER SECURITY THREATS AND TRENDS FOR 2015

Predicting the future is easy – take a long look at what’s happening now and hit the mental fast forward button. But in 2015 the rewind button will be equally useful. We don’t have a fail-proof crystal ball but we suspect that old-school style hacktivisim will share the headlines with emerging threats against devices and virtual payment systems. And we think this might be the year when hackers and data scientists will wage their own personal war, with both sides using Big Data as their weapon of choice. Read on for the details and more of our predictions. Data Destruction Look for an increase in malware that extracts information and then destroys the systems that housed the data. This capability could be

Read More »
BAI Security December 4, 2014
Cybersecurity

FINANCIAL INDUSTRY IT SECURITY 2015 TO-DO LIST

The forthcoming cybersecurity guidance from the Federal Financial Institutions Examination Council is expected to focus on people and processes that defend against specific types of threats, Future IT examinations for all sizes of banking institutions will include reviews of employee awareness of security threats, the depth and breadth of an institution’s training programs, patching policies, and – especially – securing mobile banking. When will the guidance be released? There is no date set as yet for when the guidance will be issued, but all indications point to 2015. Congressional pressure on industries to address the growing numbers of data breaches, combined with the banking industry’s strong interest in delivering mobile services, will likely push the FFIEC to move forward comparatively quickly with

Read More »
BAI Security November 26, 2014
Audit

GET READY NOW FOR 2015 HIPAA AUDITS

A random audit program to gauge HIPAA compliance is expected to commence in early 2015. This round will include both on-site and off-site reviews. Your New Year will be happier if you start getting audit-ready now. We have provided you with tips below to make the process easier. Off-Site Audits Off-site audits focus on documentation reviews. These audits typically focus on one of the three mail HIPAA provisions – breach notification, security, or data privacy protocols. Documentation cannot be created after you receive the audit request, so review your policies and procedural documents to ensure they are current and comprehensive. Your documentation should cover the scope of your HIPAA compliance program and demonstrate how you have updated your policies and practices in

Read More »
BAI Security November 25, 2014
Compliance

PROTECTING ELECTRONIC HEALTHCARE DATA: THE NEW REALITIESTA

Almost half of all identity thefts in the U.S. are now stolen medical records, as reported by USA Today. While breaches of credit card data may grab the headlines (like last year’s fiasco at Target stores), a stolen credit card number usually reflects fraud quickly and can be cancelled rapidly. By contrast, a single patient’s full electronic medical record (EMR) typically includes the “identity theft trifecta” — birth date, Social Security number and home address — as well as their detailed medical history, which can be discreetly used (over months or years) to bill bogus medical charges or obtain prescription drugs which are regularly trafficked on the black market. As a result, the estimated “street price” of stolen EMRs can now be

Read More »
BAI Security November 19, 2014

OCTOBER IS CYBER SECURITY MONTH – CHECK OUT OUR DAILY TIPS

October 1, 2014 Links Can Be Misleading. Before Clicking On a Link, Take Another Look. Don’t just click on links that you have received through email or instant messenger. Even if the link text looks like a URL, the link could be going somewhere else. Instead, move your mouse pointer over the link without clicking on it. Look at where the link is going in the status bar. If the link is not going where it should be or is pointing to a file (such as a .exe), don’t click on the link. October 2, 2014 Sensitive Data Can Become Vulnerable When Accessed Through Public Computers. Never Access Workplace Information In These Locations. Whether you are in a café or a hotel’s business center, the

Read More »
BAI Security October 8, 2014
Breach

TARGET CORP DATA BREACH ISSUE MAY BE SPREADING…

One of the largest retail hacks in the United States, the breach on Target caught the attention of the world. The event itself proved how common these types of attacks are no matter the size of an organization. Just recently, the restaurant chain P.F. Chang’s China Bistro found themselves in a similar position as Target. Unfortunately, they had been too late and the payments breach had taken place before they were able to discover any suspicious activity. The breach had led to payment card fraud and subsequent poor headlines for the chain. Once an organization has a breach it must spend a great deal of money to launch an investigation as to what happened. There’s a long list of negative

Read More »
BAI Security June 16, 2014

Recent Posts

Keywords

CONTACT

READY TO LEARN MORE?

We’re here to discuss your upcoming IT security assessment and compliance audit needs.

CONTACT US
SCHEDULE A CALL

Let´s network on

Linkedin Twitter

BAI Security

ABOUT US

SERVICES

Contact