IT Solutions Blog

CryptXXX ransomware is bad news for healthcare organizations

Posted by Art Gross on May 2, 2016 9:22:26 AM

New ransomware is bad news for healthcare organizations

CryptXXX Ransomware provides the scenario we feared most.  Not only does CryptXXX encrypt a victims files, but it also copies data off of the victim's computer.  This can be consideered unauthorized access, and needs to be reported as a Data Breach.  The following article is written by Art Gross, our partner at HIPAA Secure Now. Read his article to learn more about this very dangerous new ransomware, and what you can do to prevent it.

Read More

Topics: HIPAA Compliance

Encryption Could Have Prevented Centene's Data Breach of 950,000 Patient Records.

Posted by Rose Doherty on Feb 9, 2016 3:27:23 PM

Encrypted Devices with PHI can be lost or stolen and it is not considered a Data Breach.  Encryption is like a Get Out of Jail Free Card!

Health Insurance credentials sell for $20 each on the black market, but when supplemented with personally identifiable information (PII) such as birth date, place of birth, social security number, it can yield over $1000 per record.  These are scary times, and Centene, a St. louis based health insurer is the latest victim of a data breach that will make your head spin.  The worst part is that it could have been easily prevented with one simple and inexpensive security measure.

Read More

Topics: HIPAA Compliance, Data Security

15 Things the OCR Will Ask For After a Breach.

Posted by Rose Doherty on Jan 6, 2016 3:00:00 PM

The documentation requested after a data breach may actually have prevented the breach in the first place.

2016 has just begun, yet speculators are already predicting this will be the year of the HealthCare Data Breach.  Without a doubt, implementing a strong HIPAA Compliance framework is your best plan to prevent a breach.  Understanding what the OCR will ask you for in the event of a Data Breach, and preparing all of this documentation ahead of time will give you a very good head start on HIPAA Compliance and may just prevent you from experiencing a breach.

Read More

Topics: HIPAA Compliance

What is a Business Associate?

Posted by Rose Doherty on Jan 4, 2016 1:55:38 PM

How to determine if a vendor needs to sign a Business Associates Agreement.

The HIPAA Privacy Rule allows covered entities and health plans to disclose protected health information (PHI) to business associates, but only if the business associate signs a Business Associate Agreement in which it assures that it will appropriately safeguard the PHI it receives or creates on behalf of the covered entity.  So, which of your vendors need to sign a B.A. Agreement?  Here is a helpful list of vendors that need to sign your Business Associates Agreement.  You may be suprised!

Read More

Topics: HIPAA Compliance

Cyber-Security Requires Training Employees

Posted by Rose Doherty on Dec 14, 2015 8:00:00 AM

Train your employees  is key to an effective Business Cyber-Security Plan.

Hackers are getting more sophisticated every day, and the ways they lure you to give them access to your computer are downright devious.  It is important that all employees are aware of these simple rules that will help prevent intruders from accessing your computer network.  

Read More

Topics: Security, HIPAA Compliance, Internet Security, IT Security

What is Data Encryption?

Posted by Rose Doherty on Dec 7, 2015 8:00:00 AM

Are You Responsible for Sensitive Data?

Here is what you need to know to protect your business from data loss or intrusion.

Read More

Topics: Security, HIPAA Compliance, Data Security, Mobile Device Management

Risk Analysis is #1 Meaningful Use Objective

Posted by Rose Doherty on Dec 2, 2015 12:33:38 PM

 Security Risk Analysis Moves from #9 to #1 in 2015

CMS recently released changes to the Meaningful Use Stage 2 program for 2015-2017,and the Security Risk Analysis is now the FIRST Objective.  Find out what this means to you.

Read More

Topics: HIPAA Compliance, Data Security

What is PHI?

Posted by Rose Doherty on Nov 23, 2015 8:00:00 AM

18 Identifiers That Define Protected Health Information (PHI)

Protected Health Information (PHI) is defined as information in any format that identifies the individual, including demographic information collected from an individual that can reasonably be used to identify the individual.  PHI is information created or received by a healthcare provider, insurance company, employer, or health care clearinghouse, and relates to the past, present, or future physical or mental health or condition of an individual.  

In order for Covered Entities and Business Associates to protect PHI, it is critical that you are aware of these 18 identifiers that constitute that the information qualifies as PHI. 

Read More

Topics: HIPAA Compliance, Data Security

5 Things to do Before a Data Breach

Posted by Rose Doherty on Nov 9, 2015 8:00:00 AM

5 Things You Will Wish You Had Done Before a Data Breach

The experts predict that it is not "if" businesses will be the victim of a data breach, it's is "when".  In fact, they believe that most businesses already have been victimized.  If the chances are that high, it would be a great idea to start thinking about what you will want to tell your customers when you notify them. Seriously, what will you want to be able to tell them about how you protected their personal information.

Read More

Topics: HIPAA Compliance, Data Security

Password Management Best Practices

Posted by Rose Doherty on Jun 15, 2015 7:30:00 AM

 Best Practices for Strong  Password Policies

News of a high profile hacking incident or a major data breach is becoming a regular event.   A good first step for companies looking to protect themselves from cyber threats is implementing strong password policies and procedures for their business.  

Read More

Topics: Security, HIPAA Compliance