Ransomware Defense: Anti-Virus, Backups and Cyber Insurance

Posted by Stephanie Hurd on Aug 29, 2019 8:53:43 AM

We recently used Presbyterian Health Services potential breach of protected health information (ePHI) as a case study in why employee behavior and training are key elements of security and compliance.

Not even a month later, and here we go again.

Last week, Grays Harbor Community Hospital in Aberdeen, WA issued a formal notice of a potential electronic protected health information (ePHI) breach. Like Presbyterian Health Services, this potential breach was the result of a phishing email. In this case, the attackers initiated a ransomware attack holding the organization’s medical records hostage and demanding a $1 million ransom to release the key to de-encrypt their data.

Grays Harbor seemed to have done everything right to prepare for this type of incident. They have an IT department, anti-virus solution, data backups, and even took out a $1 million cyber insurance policy.

Even though they seem to have followed the playbook, there are some lessons to be learned from this incident.

Read More

Topics: Technology Strategy, HIPAA, Threat Prevention

Employee Behavior is the Key to HIPAA Compliance & Data Security

Posted by Stephanie Hurd on Aug 12, 2019 8:27:36 AM

On June 6, 2019, Presbyterian Health Services, a health care system and health care provider in New Mexico, discovered a potential breach of protected health information (ePHI).

You might assume that a hacker breached their firewall or snuck into their network undetected. That was not the case. The breach occurred because well-intentioned employees fell victim to a phishing email.

Read More

Topics: HIPAA, Business Strategy, Cybersecurity, Threat Prevention

Email and HIPAA Compliance

Posted by Kayla Wharton on May 10, 2019 9:48:21 AM

When you think of email from a business standpoint you think of company announcements, junk mail, co-worker problem solving, and reminders that it's Jane's birthday. It is easy to get caught up in the flow of the business and overlook the full functions of this tool that you use every day. This is true even more so in health care because the focus tends to lean more on patient satisfaction than it does the technical aspects in the background. This is why email often gets overlooked when it comes to HIPAA compliance.

Read More

Topics: HIPAA

Is Windows 10 HIPAA compliant?

Posted by Kayla Wharton on Feb 6, 2019 1:44:48 PM

The short answer, it depends. The Health Insurance Portability and Accountability Act (HIPAA) is about more than just the tools you use, but how you use them. While some applications may never be HIPAA compliant, others that offer compliant features can still get you in trouble if your equipment is not physically secure, or if your employees are not trained to use the tools in a compliant way (i.e. walking away from a workstation without signing off or sharing passwords).

At a minimum, HIPAA compliance requires you use the Pro version of windows, as Home versions do not offer the functionality required for HIPAA compliance. Additionally, your operating system must be currently supported by the software vendor. Any version of Windows prior to Windows 7 is not compliant, and Windows 7 will not be compliant after the Windows 7 end-of-life date on January 14, 2020.  This article focuses on Windows 10 because other versions have reached or will soon reach end-of-life.

Read More

Topics: HIPAA, Microsoft Windows

IT Starts with Strategy

Tips to get the most out of business technology

Expert advice and best practices allowing you to leverage technology for business growth. 

Topics include:

  • Fusing business and technology strategy
  • Business operations
  • Budgeting and lifecycle management
  • Network security and compliance
  • HIPAA
  • Data security and backup
  • Hardware and infrastructure 
  • Phone systems
  • Printers and copiers

Subscribe Here!

Recent Posts