Resources

Resources

COVID-19 Ransomware Piles on to Seasonal Spike

Posted by on April 9, 2020 in Blog, Healthcare | 0 comments

Attackers are continuing to use concerns over COVID-19 to distribute ransomware and malware, including for smartphones. The healthcare sector continues to be the largest single target of cybercriminals, and they are exploiting the current situation. Culprits behind such attacks include cybercrime operators looking to make a fast buck as well as nation-states seeking to sow chaos. These attacks are hitting all levels of the U.S. healthcare sector. Recently the U.S. Department of Health and Human Services saw increased scanning of its network...

read more

Health Data Breach Tally: Trends in 2019

Posted by on April 9, 2020 in Blog, Healthcare | 0 comments

As of early December, the HHS “Wall of Shame” shows that 462 major health data breaches affecting a total of nearly 41 million individuals have been logged in 2019. By the numbers: • 272 breaches were reported as hacking/IT incidents, affecting a total of nearly 36 million people, accounting for approximately 88 percent of people affected by breaches. • 136 breaches were reported as “unauthorized access/disclosure” breaches, affecting a total of 4.6 million individuals, or about 11 percent. • 30 breaches were reported as...

read more

8 Tips on Giving Patients Access to Their Records

Posted by on October 1, 2017 in Blog, Healthcare | Comments Off on 8 Tips on Giving Patients Access to Their Records

HHS Points to Ways to Improve Compliance With HIPAA Requirements   Under the HIPAA Privacy Rule, patients and their authorized representatives have the right to access their electronic or paper health records. Unfortunately it’s often easier said than done, and federal regulators want that to change. Complaints from patients about the lack of access to their records have remained consistently among the top five issues in HIPAA cases that are investigated and closed with corrective action by HHS’ Office for Civil Rights. In order to...

read more

How Vulnerable Are Your ATMs?

Posted by on October 1, 2017 in Banking, Blog | Comments Off on How Vulnerable Are Your ATMs?

Attackers are increasingly hacking into banks’ networks to gain access to the IT infrastructure connected to their ATMs. They then push malware onto the ATMs that allows a low-level gang member to walk up and enter a preset numerical sequence into the ATM to make it dispense all of its money in what’s known as a “jackpotting” or “cashing out” attack. Such attacks also allow them to steal card data from ATM machines. For attackers, the appeal is simple: It’s safer and easier than walking into a bank with a...

read more

More ACH Changes Coming September 2017

Posted by on August 1, 2017 in Banking, Blog | Comments Off on More ACH Changes Coming September 2017

The business world continues to evolve and banking is no different. There are two new rule changes being implemented in September this year. Beginning September 15, 2017, Same Day ACH will be available for debit entries, enabling the same-day processing of virtually any ACH payment. The Rule enables the option for same-day ACH payments through additional ACH Network functionality, without affecting previously available ACH schedules and capabilities: Originating financial institutions (ODFIs) are able to submit files of same-day ACH payments...

read more

Cyberattacks Fuel 2017’s Biggest Breaches

Posted by on July 1, 2017 in Blog, Healthcare | Comments Off on Cyberattacks Fuel 2017’s Biggest Breaches

With the exception of one large insider theft, hacker attacks, some involving ransomware, continue to be the method of choice behind the biggest health data breaches reported so far this year to federal regulators. As of July 3rd, 149 breaches affecting nearly 2.7 million people have been reported to the Department of Health and Human Services’ ‘wall of shame’. Of those 2017 breaches, 53 are listed as hacking/IT incidents. Even though that’s only 35% of breaches it represents almost 60% of the individual victims; 1.6 million in all....

read more

Mississippi Medicaid Website Transmitted Unencrypted Email

Posted by on June 1, 2017 in Blog, Healthcare | Comments Off on Mississippi Medicaid Website Transmitted Unencrypted Email

Unsecure Email Incident a Reminder of Risks to PHI A breach report involving the transmission of protected health information via unencrypted email offers a reminder of the need to pay attention to safeguarding PHI no matter where it resides, including website forms used to collect information and smartphone apps. According to the HHS “Wall of Shame”, the Mississippi Division of Medicaid reported on May 26, 2017 to the U.S. Department of Health and Human Services the unauthorized access/disclosure incident that affected about 5,220...

read more

Changes to FFIEC Cybersecurity Tool help banks meet baseline.

Posted by on June 1, 2017 in Banking, Blog | Comments Off on Changes to FFIEC Cybersecurity Tool help banks meet baseline.

A just released update to the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool will should help make meeting regulators’ demands for “baseline” cybersecurity more attainable. The changes only impact Appendix A of the tool but those changes make a difference for smaller institutions. For example, many smaller institutions were not able to meet the tool’s requirement for having a data-flow diagram. Many smaller institutions do not have data-flow diagrams. They may have network...

read more

Phishing Incident Leads to $400,000 HIPAA Settlement

Posted by on May 1, 2017 in Blog, Healthcare | Comments Off on Phishing Incident Leads to $400,000 HIPAA Settlement

HIPAA Enforcement Agency Cites Lack of Timely Risk Analysis, Again Colorado-based Metro Community Provider Network is just another healthcare entity to learn a painful lesson from the Department of Health and Human Services Office for Civil Rights regarding the importance of conducting a timely and comprehensive risk assessment. The breach was reported in early 2012 after a hacker accessed employees’ email accounts and obtained 3,200 individuals’ electronic PHI through a phishing scam. The OCR found that MCPN took necessary...

read more

Messaging Apps Create New Privacy Headaches for Banks

Posted by on May 1, 2017 in Banking, Blog | Comments Off on Messaging Apps Create New Privacy Headaches for Banks

Many businesses have benefitted from the proliferation of mobile devices and text messaging apps that facilitate quick, round-the-clock communications. However, these technologies can make it difficult to monitor and control the unauthorized distribution of confidential data. This is critically important in highly regulated industries like banking. To give you an idea of how messaging apps have caused headaches for banks, on March 30, UK regulators fined a former managing director of Jeffries Group for divulging confidential client...

read more