As post-pandemic life comes into view, healthcare looks to the future with telemedicine. Here’s a quick glance at expanding horizons for digital patient care & IT security.
In December 2020, the IT security world was rocked by an announcement from network management firm SolarWinds: they had suffered a devastating cyberattack.
Regulations are everywhere in the cybersecurity world, to address the vast array of risks that come about as technology expands into every industry.
You likely use third-party vendors to outsource your payroll, HR or IT infrastructure — all essential business functions. Unfortunately, in doing so, you’re giving multiple companies access to sensitive data, including private patient or customer information. In the event of a breach or leak of said sensitive information, it’s important to know where the chips fall and what liability you’re assuming when you outsource business efforts. Let’s take a look at how outsourcing significantly impacted the health insurer Aetna to assess opportunities and risks involved with hiring a third-party vendor. Aetna’s settlement If you’re unfamiliar with the backstory, Aetna made news for paying about $20 million in legal settlements from a case in 2017 concerning privacy violations of about 12,000
Healthcare providers face a unique challenge when it comes to data protection. Cybercriminals take one look at their assets — valuable personally identifiable information (PII) like social security numbers and medical information — and throw all they’ve got at their IT security systems. If you’re not doing everything you can to maintain and strengthen your IT security, then your organization is at risk. Let’s talk. Meet us at this year’s HIMSS Annual Conference and Exhibition in Las Vegas, Nevada, to hear how BAI Security’s award-winning suite of compliance, audit and IT security solutions can help you keep even the most advanced cybercriminals at bay. HIMSS18 is set to bring together over 40,000 health IT professionals, clinicians, executives and vendors from around the world, and
Often, we see phishing schemes being perpetrated by hackers seeking to steal information. Rarely do we discover a scheme that is essentially an elaborate marketing tactic. Healthcare Info Security reports that the Department of Health and Human Services (HHS) sent a warning to organizations in the healthcare system, alerting them to an unusual phishing attempt. Phishing, as we’ve previously written about, is a scam that uses seemingly legitimate links to take you somewhere you didn’t intend to go. This can be done by subtly changing a URL address, which is exactly what was done in this case. The Scam Per the HHS, this phishing email campaign masquerades as a message regarding HIPAA compliance audits from the HHS’ Office for Civil
Complying with cybersecurity regulation is at the forefront of many companies’ minds. Perhaps to their own detriment, according to David Glockner, the regional director at the U.S. Securities and Exchange Commission’s (SEC) Chicago Regional Office. Quoted in SC Magazine, Glockner encouraged attendees at an SC Congress meeting in Chicago to think about cybersecurity, “divorced from the regulatory landscape.” Instead, he made the case that companies should think about their cybersecurity from a business perspective. “What is your most sensitive information? What are your most sensitive operations and what vulnerabilities do you have? And thinking about how you protect what’s critical to your business operation in most instances is going to get you most, if not all of the way, toward
One data breach is enough to wreak havoc on any organization. The damage one could do to your relationship with customers could be catastrophic for your business, and the fallout can cause you to rethink your entire security strategy. To add insult to injury, there are also typically steep financial penalties. Healthcare Info Security recently reported on data breaches suffered by Oregon Health & Science University (OHSU) and the HIPAA settlement they will have to pay. OHSU now owes $2.7 million stemming from two 2013 data breaches that affected over 7,066 individuals. One breach involved the theft of an unencrypted laptop from a surgeon’s rental vacation home, while the other was from OHSU using a cloud storage system without the
The new Payment Card Industry Data Security Standard 3.0 (PCI DSS 3.0) that went into effect on January 1 contains significant changes. Some of the requirements will remain suggested best practices until July 1, 2015. After that, they too become mandatory. PCI 3.0 will have the greatest impact on e-commerce merchants who partner with third parties for payment card data collection, along with third party service providers who remotely manage merchant systems and networks. Up to version 2.0 of the PCI DSS, fully outsourcing an e-commerce payment system via a redirect payment company put the web environment out of scope. The web environment didn’t touch payment card data, and therefore did not have to meet PCI requirements. But now, under
A random audit program to gauge HIPAA compliance is expected to commence in early 2015. This round will include both on-site and off-site reviews. Your New Year will be happier if you start getting audit-ready now. We have provided you with tips below to make the process easier. Off-Site Audits Off-site audits focus on documentation reviews. These audits typically focus on one of the three mail HIPAA provisions – breach notification, security, or data privacy protocols. Documentation cannot be created after you receive the audit request, so review your policies and procedural documents to ensure they are current and comprehensive. Your documentation should cover the scope of your HIPAA compliance program and demonstrate how you have updated your policies and practices in
We’re here to discuss your upcoming IT security assessment and compliance audit needs.
