Blog

  • 0

A Five Point Plan for Boards Addressing Cyber Risk

A Five Point Plan for Boards Addressing Cyber Risk

Simple, to the point, and certainly the absolute truth.   About a 30 second video that should change your perspective.

https://www.securityroundtable.org/a-five-point-plan-for-boards-addressing-cyber-risk/


  • 0

The 10 Security Commandments

  1. Thou shalt install security patches. Exploiting vulnerabilities is one of the main infection vectors. To prevent intrusions, keep the operating systems and all its applications always updated.
  2. Thou shalt audit. Keep a record of logs and everything that goes on in the systems in order to detect security gaps in servers and anything that has access to sensitive information.
  3. Thou shalt use security technologies. The basic combination of antivirus, antispam, and firewall software is only the starting point. They should be complemented with other tools, such as intrusion detection systems (IDS), honeypots, and encryption software.
  4. Thou shalt implement security policies. These documents define the best practices, limit the actions of users on information resources, and state their responsibilities towards them.
  5. Thou shalt use strong, unique passwords. These are the access keys to all resources such as servers, mail, data, and network gear. They must be strong and have to be stored in specialized password managers to minimize the risk of unauthorized access.
  6. Thou shalt grant your users limited rights. Administrative rights should be granted only to very small groups, as they could be exploited by malware to perform actions on the file system or install unauthorized programs.
  7. Thou shalt use legitimate software. Downloading applications from unknown or illegitimate sources may install trojanized software or malware.
  8. Thou shalt educate your users. User security training regarding the proper use of technologies, data protection and existing threats can be implemented through training talks, posters and login messages.
  9. Thou shalt not make unjustified exceptions. Security policies should be applied consistently throughout the whole network. Making unjustified exceptions for a manager, a friend, or a developer exposes company to Risk, even though the rest of the users comply with the policies.
  10. Thou shalt know the security trends. Cyberthreats and techniques are constantly evolving. Meanwhile, security measures are developed and improved to fight them.     Reading http://www.welivesecurity.com is as fine a start as any.

List adapted from http://www.welivesecurity.com/2016/07/29/10-security-commandments-every-sysadmin/


  • 0

Cybersecurity: Time to Move from Talk to Action

Cybersecurity as a business priority has been ignored for too long in too many cases.  Hence, the almost daily news releases of another breach, email hacking, or data loss.  Even the government and politicians are woefully behind the power curve and not paying attention with their actions showing what not to do and data leaking everywhere.

Healthcare is one of those businesses that to this day many feel “we are too small to be noticed” or “the cost of being secure is too much”.  Neither statement has any truth to it.  Healthcare providers are now the target of Cyber Criminals, and the smaller the operation the MORE attractive you are not less.  So you save a few bucks being careless until it hits and then you are paying Bitcoins to some mysterious criminal.  Thinking that is the end of it you find that the government was serious about security and privacy when it developed HIPAA and HITECH regulations specifically for healthcare.  They arrive at your door and begin an audit, and since you decided HIPAA  regulations weren’t  for you  the fines and possible criminal charges for Willful Neglect are in your future.  Lawyer fees and maybe the end of your practice is near.

The story doesn’t have to end that way, action can be taken today to protect  practices and patient privacy as prescribed as required by law.  It is a time to Move from Talk to Action.  Protect your investment, business, and livelihood.

Don’t be like these people and have your name and practice in virtual lights for all to see:

HHS and Office of Civil Rights Wall of Shame

https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

Or these people writing checks for simple things your office may be doing.

http://www.healthcareitnews.com/slideshow/6-biggest-hipaa-breach-fines?page=1

Call Us, we can help write a better ending to the story.


  • 0

Why are hacked healthcare records so valuable?

Many people still wonder why Cyber Security is pushed so hard when in reality it is what EVERYONE must do. Government involvement in regulations for HIPAA/PCI frameworks and such people think are extraordinary efforts when in fact they are just the basic common sense things to do. You don’t leave your house unlocked and should not leave computer systems that way either.

Identity theft is valuable, and if it has a full medical record to complete the package it may be difficult to get your identity back. Medical records have many items personal items about health, pharmacy, address, insurance company.

The public and keepers of information including the government need to wake up and do it today and take action.

Whiteboard can help you secure your assets and data.   Read below on what happens to stolen medical records.

http://Why are hacked healthcare records so valuable?