Resources
8 Tips on Giving Patients Access to Their Records
HHS Points to Ways to Improve Compliance With HIPAA Requirements Under the HIPAA Privacy Rule, patients and their authorized representatives have the right to access their electronic or paper health records. Unfortunately it’s often easier said than done, and federal regulators want that to change. Complaints from patients about the lack of access to their records have remained consistently among the top five issues in HIPAA cases that are investigated and closed with corrective action by HHS’ Office for Civil Rights. In order to...
read moreHow Vulnerable Are Your ATMs?
Attackers are increasingly hacking into banks’ networks to gain access to the IT infrastructure connected to their ATMs. They then push malware onto the ATMs that allows a low-level gang member to walk up and enter a preset numerical sequence into the ATM to make it dispense all of its money in what’s known as a “jackpotting” or “cashing out” attack. Such attacks also allow them to steal card data from ATM machines. For attackers, the appeal is simple: It’s safer and easier than walking into a bank with a...
read moreMore ACH Changes Coming September 2017
The business world continues to evolve and banking is no different. There are two new rule changes being implemented in September this year. Beginning September 15, 2017, Same Day ACH will be available for debit entries, enabling the same-day processing of virtually any ACH payment. The Rule enables the option for same-day ACH payments through additional ACH Network functionality, without affecting previously available ACH schedules and capabilities: Originating financial institutions (ODFIs) are able to submit files of same-day ACH payments...
read moreCyberattacks Fuel 2017’s Biggest Breaches
With the exception of one large insider theft, hacker attacks, some involving ransomware, continue to be the method of choice behind the biggest health data breaches reported so far this year to federal regulators. As of July 3rd, 149 breaches affecting nearly 2.7 million people have been reported to the Department of Health and Human Services’ ‘wall of shame’. Of those 2017 breaches, 53 are listed as hacking/IT incidents. Even though that’s only 35% of breaches it represents almost 60% of the individual victims; 1.6 million in all....
read moreMississippi Medicaid Website Transmitted Unencrypted Email
Unsecure Email Incident a Reminder of Risks to PHI A breach report involving the transmission of protected health information via unencrypted email offers a reminder of the need to pay attention to safeguarding PHI no matter where it resides, including website forms used to collect information and smartphone apps. According to the HHS “Wall of Shame”, the Mississippi Division of Medicaid reported on May 26, 2017 to the U.S. Department of Health and Human Services the unauthorized access/disclosure incident that affected about 5,220...
read moreChanges to FFIEC Cybersecurity Tool help banks meet baseline.
A just released update to the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool will should help make meeting regulators’ demands for “baseline” cybersecurity more attainable. The changes only impact Appendix A of the tool but those changes make a difference for smaller institutions. For example, many smaller institutions were not able to meet the tool’s requirement for having a data-flow diagram. Many smaller institutions do not have data-flow diagrams. They may have network...
read morePhishing Incident Leads to $400,000 HIPAA Settlement
HIPAA Enforcement Agency Cites Lack of Timely Risk Analysis, Again Colorado-based Metro Community Provider Network is just another healthcare entity to learn a painful lesson from the Department of Health and Human Services Office for Civil Rights regarding the importance of conducting a timely and comprehensive risk assessment. The breach was reported in early 2012 after a hacker accessed employees’ email accounts and obtained 3,200 individuals’ electronic PHI through a phishing scam. The OCR found that MCPN took necessary...
read moreMessaging Apps Create New Privacy Headaches for Banks
Many businesses have benefitted from the proliferation of mobile devices and text messaging apps that facilitate quick, round-the-clock communications. However, these technologies can make it difficult to monitor and control the unauthorized distribution of confidential data. This is critically important in highly regulated industries like banking. To give you an idea of how messaging apps have caused headaches for banks, on March 30, UK regulators fined a former managing director of Jeffries Group for divulging confidential client...
read moreTexas Ransomware Attack Highlights Need For Legacy Data Protection
A ransomware attack on a Texas urology practice that could potentially affect nearly 280,000 patients ranks as one of the largest health data breaches of 2017. On January 22nd Urology Austin, suffered a ransomware attack that encrypted data stored on its servers. Among the information impacted by the ransomware were names, addresses, birthdates, SSN’s, and medical information. Their mitigation effort included restoring data from backups and wiping the servers clean. Executing this plan allowed Urology Austin to not pay the ransom. Although...
read moreNew Phone Scam Is Deceptively Simple
Don’t pick up the phone to answer calls from unknown numbers. Instead, let them go to voicemail. While many of us do that anyway, that’s now the FCC’s advice to all Americans in response to an ongoing series of attacks designed to trick victims into uttering a single word. According to a March 27th alert, this scam centers on tricking victims into saying the word “yes,” which criminals record and later use to attempt to make fraudulent charges on a person’s utility or credit card accounts. This scam begins when a...
read more