Tag: Healthcare

ephi

Mobile Devices and Healthcare: How to Protect Your Organization

In today’s world, almost every piece of technology comes equipped with the ability to access the internet. Phones, watches — even refrigerators — are built to connect. While the intent here is to make life a little easier, an unfortunate side effect is that these connections open up new pathways for cyber criminals. For organizations that acquire a large amount of sensitive data — health care organizations, for example — these openings become potentially business crippling pathways through which hackers can steal information. Today, we’re going to discuss what endpoints you need to be paying close attention to and how you can ensure your organization is protected against these threats. The Threat In their October newsletter, the Department of Health and Human Services’ Office

Read More »
Breach

Minimizing the Effects of a Breach: ABCD Pediatrics

Oftentimes, a prominent cyber-attack leaves us wondering why the targeted organization didn’t do more to protect themselves. And sometimes this is a correct response, like in the case of the infamous Yahoo breaches, where so many things could have been done differently to prevent the massive fallout that company has experienced as a result of these attacks. Of course, this isn’t the case with all breaches. An organization can take every appropriate step to protect themselves, yet still be a victim. This doesn’t mean that these efforts were a failure; in a world with rapidly increasing numbers of malware and daily cyber-attacks, managing to ward off any portion of an attack is a win. ABCD Pediatrics, a Texas-based practice, recently

Read More »
Cyber Attack

Anonymous FTP: Crippling Healthcare Organizations

If you’ve ever had to share a large number of files with people working remotely, odds are you’ve used a file transfer protocol (FTP) server to accomplish this. It’s an easy way that you and others can access and upload information with a username and password, without taking up your own valuable internal storage space. Unfortunately, most of these FTP servers are operated by only a few companies. I say unfortunately because it means they are large targets for hackers. A recent bulletin released by the FBI details how FTP servers used by healthcare organizations have seen a sharp jump in attacks by cyber criminals. Here’s what we know so far. Anonymous FTP These attacks, the FBI noted, are carried

Read More »
Healthcare

Go Beyond HIPAA: Strengthening IT Security by Sharing Information

HIPPA compliance for healthcare organizations is crucial – yet many still struggle with meeting even the most basic requirements. Furthermore, merely employing a security profile that just meets regulations does not provide adequate protection. But what does it mean in real-life terms to not meet these requirements, and what steps can you take right now to improve your security? A Taller Fence Hearing phrases like, “lacking IT security” can be somewhat vague if you don’t have a firm grasp on the particulars of your network security. So here’s an example that might help: Imagine your IT security system is a fence protecting your yard. The government requires you have a fence that stands 3 feet tall. Now this might be enough

Read More »
banks

Employers Beware: W-2 Scams Running Rampant

Employees count on their employers to keep their private information safe. This is especially true during one of the most information-sensitive times of the year: tax season. For attackers who rely on social engineering tactics, targeting organizations right now can be a potential goldmine. We’ve previously discussed how social engineering tries to trick members of your staff into giving out valuable information – oftentimes by posing as official sources who need the requested information now. This is a threat you should stay on high alert for year round, but recent news should have you more aware and wary of requests centered around employee tax information. A Common Scam A few high profile social engineering attacks have made the round recently, but let’s

Read More »
Breach

More Breach Investigations Coming?

We’ve written about the massive Yahoo data breach in this space a few times now. First there was the news of the breach itself and the potential fallout as far as consumer confidence and valuation for the business itself. Then we learned that the breach was even worse than originally reported, with the original breach going back years. At this point, it might seem like all the news has been had out of this particular attack. Well not so fast, as yet again the story of the Yahoo breach continues to provide valuable insights into what organizations might face should they too suffer a breach. Investigation Underway The two previously reported Yahoo breaches occurred in 2013 and 2014. The 2014

Read More »
Breach

The Anatomy of an Attack

Many times in this space we have discussed the results of an organization suffering a breach. These have included the fines an organization receives due to lackluster security practices, or the long-term damage a breach could potentially inflict on an organization’s reputation. Today, we’re going to move our gaze from the aftermath of an attack to it’s beginnings. What does a breach in real time look like, and what are the immediate steps an organization can take to remedy this attack? Meet the Attacker Since the summer of 2016, a hacking group known as “TheDarkOverlord” has been attacking businesses in the healthcare and financial sectors, grabbing private information and using it as a means of extortion. For example, in September

Read More »
Cybersecurity

Smarter Protection: 2016’s Worst Passwords and How to Improve Them

You’ve heard this before, but it’s such a pressing issue that we’ll repeat it again: you need to create safe passwords. That means not just coming up with one password with uppercase and lowercase characters, punctuation and numbers, then using it as your login everywhere. You need to create different passwords for every account you own. We bring this up for a good reason: people still aren’t taking passwords seriously. A study released by Keeper Security, a password management software vendor, detailed the 10 million passwords uncovered by data breaches in 2016. You can view the full list here, but examples from the top five include: 123456, 123456789, qwerty, 12345678 and 111111. Of course, the standard fallback of “password” comes in

Read More »
breach security

The Final Tally: Healthcare Breaches in 2016

The healthcare sector was dealt a rough cybersecurity hand in 2016. Department of Health and Human Services’, which tracks all reported breaches in the healthcare field, recorded 310 incidents for the year (affecting a minimum of 500 people in each case). All together, these breaches added up to affect a staggering 16.1 million people. The chart below, pulled from the Department of Health and Human Services, lists the 10 biggest healthcare breaches of 2016. Business State Individuals Affected Submission Date Type of Breach Banner Health AZ   3,620,000   8/3/16   Hacking/IT Incident   Newkirk Products, Inc.   NY   3,466,120   8/9/16   Hacking/IT Incident   21st Century Oncology   FL   2,213,597   3/4/16   Hacking/IT Incident  

Read More »
Compliance

A Different Type of Phishing

Often, we see phishing schemes being perpetrated by hackers seeking to steal information. Rarely do we discover a scheme that is essentially an elaborate marketing tactic. Healthcare Info Security reports that the Department of Health and Human Services (HHS) sent a warning to organizations in the healthcare system, alerting them to an unusual phishing attempt. Phishing, as we’ve previously written about, is a scam that uses seemingly legitimate links to take you somewhere you didn’t intend to go. This can be done by subtly changing a URL address, which is exactly what was done in this case. The Scam Per the HHS, this phishing email campaign masquerades as a message regarding HIPAA compliance audits from the HHS’ Office for Civil

Read More »