Tag: regulation

Compliance

A Different Type of Phishing

Often, we see phishing schemes being perpetrated by hackers seeking to steal information. Rarely do we discover a scheme that is essentially an elaborate marketing tactic. Healthcare Info Security reports that the Department of Health and Human Services (HHS) sent a warning to organizations in the healthcare system, alerting them to an unusual phishing attempt. Phishing, as we’ve previously written about, is a scam that uses seemingly legitimate links to take you somewhere you didn’t intend to go. This can be done by subtly changing a URL address, which is exactly what was done in this case. The Scam Per the HHS, this phishing email campaign masquerades as a message regarding HIPAA compliance audits from the HHS’ Office for Civil

Read More »
Banking

The Compliance Issue: Taking IT Security a Step Further

Complying with cybersecurity regulation is at the forefront of many companies’ minds. Perhaps to their own detriment, according to David Glockner, the regional director at the U.S. Securities and Exchange Commission’s (SEC) Chicago Regional Office. Quoted in SC Magazine, Glockner encouraged attendees at an SC Congress meeting in Chicago to think about cybersecurity, “divorced from the regulatory landscape.” Instead, he made the case that companies should think about their cybersecurity from a business perspective. “What is your most sensitive information? What are your most sensitive operations and what vulnerabilities do you have? And thinking about how you protect what’s critical to your business operation in most instances is going to get you most, if not all of the way, toward

Read More »
Compliance

The Cost of Lacking Security: OHSU HIPAA Settlement

One data breach is enough to wreak havoc on any organization. The damage one could do to your relationship with customers could be catastrophic for your business, and the fallout can cause you to rethink your entire security strategy. To add insult to injury, there are also typically steep financial penalties. Healthcare Info Security recently reported on data breaches suffered by Oregon Health & Science University (OHSU) and the HIPAA settlement they will have to pay. OHSU now owes $2.7 million stemming from two 2013 data breaches that affected over 7,066 individuals. One breach involved the theft of an unencrypted laptop from a surgeon’s rental vacation home, while the other was from OHSU using a cloud storage system without the

Read More »