Tag: Healthcare
Banking

The Compliance Issue: Taking IT Security a Step Further

Complying with cybersecurity regulation is at the forefront of many companies’ minds. Perhaps to their own detriment, according to David Glockner, the regional director at the U.S. Securities and Exchange Commission’s (SEC) Chicago Regional Office. Quoted in SC Magazine, Glockner encouraged attendees at an SC Congress meeting in Chicago to think about cybersecurity, “divorced from the regulatory landscape.” Instead, he made the case that companies should think about their cybersecurity from a business perspective. “What is your most sensitive information? What are your most sensitive operations and what vulnerabilities do you have? And thinking about how you protect what’s critical to your business operation in most instances is going to get you most, if not all of the way, toward

Read More »
BAI Security November 10, 2016
BAI Security Compromise Assessment

Unseen Consequences: The Ripple Effects of a Data Breach

A data breach results in some obvious, immediate impacts. Your customers’ and/or patients’ data is exposed, for one. Even if you don’t lose their business, there will likely be some fences to mend to regain their trust. However, what often gets lost in the aftermath of significant breaches is the ripple effect these attacks can have on all levels of your business. These ripples are currently shaking an in-transition Yahoo to its core. Market Loss As you’ve probably heard, Yahoo recently announced that at least 500 million user accounts were breached in a late 2014 attack, making it potentially one of the largest cyber breaches ever. This news came at a particularly bad time, as Verizon was willing to bid

Read More »
BAI Security October 20, 2016
Banking

The Year of Ransomware

Ransomware is a threat you’ve probably heard a lot about in 2016. That’s not without good reason – it’s one of the main cybersecurity threats facing businesses today. Though preventative steps do exist, this is still an extremely effective attack method you can’t afford to ignore. One successful attack is all it takes to set your business back drastically. The Method Victims of ransomware receive demands for bitcoins, the volatile virtual currency whose value to real world dollars can rapidly change at any moment, making it even more difficult for a business to secure their data’s release. The standard attack goes like this: Online gangs of cyber criminals remotely encrypt and lock computers, leaving victims with a ransom screen they can’t

Read More »
BAI Security October 7, 2016
Breach

The Threat from Within

Previously we’ve written about breaches caused by outside sources: cyber criminals and the virulent programs designed to rob you of valuable information. These are faceless criminals off in the distance. But what happens when the source of the breach is closer to home? A Florida-based pediatric practice recently had to find out, as Bank Info Security reported. Stolen Information The Pediatric Gastroenterology, Hepatology & Nutrition of Florida recently had a former administrative employee indicted in federal court for alleged identity theft and fraud crimes. This employee, along with two other individuals not associated with the medical office, have been accused of stealing patient information. An indictment document cited by Bank Info Security notes that: “It was a part of the

Read More »
BAI Security September 22, 2016
Data breach

When Your Customers Suffer: The Banner Health Breach

According to Bank Info Security, Arizona-based Banner Health recently suffered a breach large enough to notify their 3.7 million customers. Banner, which operates 29 hospitals, discovered the attack on July 7th. The attackers gained access through payment card processing systems in some of their food and beverage outlets, after doing so the attackers also found a  door left open allowing access to  clients’ healthcare information. As Bank Info Security notes, the hack “exposed cardholders’ names, card numbers, expiration dates and verification codes as the data was being routed through the affected systems. Cards used at affected outlets between June 23 and July 7 were affected. Card transactions used to pay for medical services were not affected.” The full list of

Read More »
BAI Security September 1, 2016
Compliance

The Cost of Lacking Security: OHSU HIPAA Settlement

One data breach is enough to wreak havoc on any organization. The damage one could do to your relationship with customers could be catastrophic for your business, and the fallout can cause you to rethink your entire security strategy. To add insult to injury, there are also typically steep financial penalties. Healthcare Info Security recently reported on data breaches suffered by Oregon Health & Science University (OHSU) and the HIPAA settlement they will have to pay. OHSU now owes $2.7 million stemming from two 2013 data breaches that affected over 7,066 individuals. One breach involved the theft of an unencrypted laptop from a surgeon’s rental vacation home, while the other was from OHSU using a cloud storage system without the

Read More »
BAI Security August 18, 2016
BAI Security Audit

Securing Health Care Records

Insider negligence is no longer the number one cause of data breaches in the healthcare industry—cybertheft and physical theft have now claimed the dubious honor. The Ponemon Institute’s Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data shows that healthcare information has become a prime target for malicious hackers, with lone cybercriminals and nation-state actors eager to illegally access valuable data. According to the report’s synopsis: “Cyber criminals recognize two critical facts about the healthcare industry: 1) healthcare organizations manage a treasure trove of financially lucrative personal information and 2) they do not have the resources, processes, and technologies to prevent and detect attacks and adequately protect healthcare data.” The Ponemon study found that close to 45% of

Read More »
BAI Security September 4, 2015
Assessment

HIPAA Audits And Data Security

A random audit program to gauge Phase 2 HIPAA compliance is expected to be underway soon. This round will target business associates, including financial institutions that are typically exempted from HIPAA compliance when they provide what are considered to be typical banking services such as payment processing and credit/loans. But financial institutions that “create, receive, maintain, or transmit” protected health information may now have direct obligations under HIPAA. This round will include both on-site and off-site reviews. Off-Site Audits Off-site audits focus on documentation reviews. These audits typically focus on one of the three mail HIPAA provisions – breach notification, security, or data privacy protocols. Documentation cannot be created after you receive the audit request, so review your policies and

Read More »
BAI Security January 15, 2015
BAI Security Audit

Healthcare Records Theft On The RIse

Insider negligence is no longer the number one cause of data breaches in the healthcare industry – cybertheft and physical theft have now claimed the dubious honor. The Ponemon Institute’s new Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, shows that healthcare information has become a prime target for malicious hackers, with lone cybercriminals and nation-state actors eager to illegally access their valuable data. According to the report’s synopsis: “Cyber criminals recognize two critical facts about the healthcare industry: 1) healthcare organizations manage a treasure trove of financially lucrative personal information and 2) they do not have the resources, processes, and technologies to prevent and detect attacks and adequately protect healthcare data.” The Ponemon study found that

Read More »
BAI Security May 12, 2015
Data Privacy

THE NEW FEDERAL STRATEGIC HEALTH IT PLAN

The Office of the National Coordinator for Health IT, a unit of the Department of Health and Human Services, has issued its Strategic Health IT Plan for 2015 to 2020. The plan, developed in collaboration with more than 35 federal agencies, has five main goals: Furthering the adoption of health IT Improving the security and interoperability of health information exchanges Strengthening healthcare delivery Supporting and improving the health and wellness of individuals and communities Advancing research and innovation The last federal Strategic Health IT Plan was released in 2011. The new plan is similar to the 2011 plan, and could better be described as a position paper than as a tactical, visionary document. The Office of the National Coordinator for Health

Read More »
BAI Security December 11, 2014

Recent Posts

Keywords

CONTACT

READY TO LEARN MORE?

We’re here to discuss your upcoming IT security assessment and compliance audit needs.

CONTACT US
SCHEDULE A CALL

Let´s network on

Linkedin Twitter

BAI Security

ABOUT US

SERVICES

Contact