Category: BAI Security Blog
Healthcare

States Enact Even Tougher Breach Notification Laws than Federal HIPAA Requirements

Starting September 1, 2018, Colorado’s new Protections For Consumers Data Privacy law will require organizations to notify victims of breaches containing personal information within 30 days of determining that a breach occurred — 30 days before current federal HIPAA requirements. Like other state laws, Colorado’s newest approved bill signals to healthcare organizations that you can no longer wait for federal mandates to suggest how you protect your patients’ information. You must prepare for potential changes now or risk suffering the consequences. Here’s what we know about the new law and how it could affect your organization. Who is Affected? First off, it’s important to note that Colorado’s law will impact not only businesses located within its borders but also entities

Read More »
BAI Security June 20, 2018
cybercriminals

Whitepaper Download: Protecting Data in the Healthcare Industry

All it takes is one slipup to forever change the public’s outlook on your organization. This is especially true for healthcare providers. Your patients need to trust that your staff can provide them with the care they need and that your IT system won’t put their protected health information (PHI) at risk. There’s nothing like suffering a data breach to potentially lose that trust forever. HIPAA urges you to check for compliance once a year, but that simply isn’t good enough. Cyber-attacks are increasing every year. Data breaches are more prominent than ever. Cybercriminals are only growing bolder — we just recently detailed how one breach took down a major American city — for example. Ask yourself this: Are you

Read More »
BAI Security June 6, 2018
endpoint protection

A Recent Anti-Malware Victory

Cybercriminals make a lot of news by pulling off headline-grabbing data breaches. Often, this can make these attackers seem invincible, like there are no systems or good guys capable of standing up to them. This is, of course, anything but true. Cyber-attacks can be defeated and the criminals behind them can be apprehended. Today, we’re going to take a look at a recent win for the good guys. What Happened Recently, one of the key distributors of ransomware, tech support schemes and exploit kits known as “ElTest” was severely hampered by enterprising researchers. As a quick refresher, malware and ransomware are often installed on computers when users unknowingly visit infected sites. While oftentimes social engineering tactics are used to guide

Read More »
BAI Security May 22, 2018
BAI Security Audit

Insider Theft Leads to the Data Breach of 1.5 Million Bank Clients

Atlanta bank SunTrust recently announced that 1.5 million users have potentially been exposed to a criminal third party. Unlike most data exposures we’ve been hearing about, the source of SunTrust’s breach was not caused by cybercriminals, but rather a theft by an employee who gained access to sensitive client information without security clearance. Sources say the data theft could include information such as names, addresses, phone numbers and bank account balances of SunTrust customers. Simultaneously, SunTrust announced it will partner with Experian to offer identity protection for all consumer clients at no cost on an ongoing basis. Here’s what happened and how your organization can prevent falling victim to a similar scheme. An Untrustworthy Employee An ongoing investigation by SunTrust

Read More »
BAI Security May 8, 2018
endpoint protection

Next Up on the Ransomware Hit List? Cities

Usually, ransomware makes headlines when huge corporations or organizations are held captive. There’s the implicit threat of compromised data if the corresponding ransom isn’t paid or backups aren’t in place. It’s bad, but its impact on the average person can seem muted. What happens when the cybercriminals behind ransomware attacks set their sights a little higher? Recently, the city of Atlanta, Georgia found themselves victim to an infrastructure-crippling ransomware attack. Here’s what happened and why both private and public organizations should be concerned. The Attack This virus took Atlanta by surprise on March 22, leaving officials to tell city employees that they shouldn’t even turn on their computers and residents that they were unable to process electronic payments for water

Read More »
BAI Security April 11, 2018
Data breach

Be Careful with Legacy Systems

The popular travel site Orbitz recently announced that a hacker may have stolen the private information of up to 880,000 of their customers over the course of two years. While data breaches at major organizations like this are nothing new (and have become far too common in recent years), the method through which this attack was carried out should give all organizations a moment of pause and lead to some serious internal analysis. What Happened? In a statement released to the press, Orbitz singled out an old “legacy travel booking platform,” as the source of the breach. A legacy platform is a common term for any system or software still employed at an organization despite the fact it is likely

Read More »
BAI Security March 28, 2018
Compliance

Vendor Management Lessons from Aetna’s $20 Million Lawsuit

You likely use third-party vendors to outsource your payroll, HR or IT infrastructure — all essential business functions. Unfortunately, in doing so, you’re giving multiple companies access to sensitive data, including private patient or customer information. In the event of a breach or leak of said sensitive information, it’s important to know where the chips fall and what liability you’re assuming when you outsource business efforts. Let’s take a look at how outsourcing significantly impacted the health insurer Aetna to assess opportunities and risks involved with hiring a third-party vendor. Aetna’s settlement If you’re unfamiliar with the backstory, Aetna made news for paying about $20 million in legal settlements from a case in 2017 concerning privacy violations of about 12,000

Read More »
BAI Security March 20, 2018
healthcare breaches

Healthcare Breaches: The Newest Round of HIPAA Fines

A new HIPAA fine has been released, and it’s significant. Federal regulators have issued one of the largest HIPAA settlements ever in favor of 521 impacted individuals over Massachusetts-based healthcare organization Fresenius Medical Care (FMCNA). Cited specifically for a lack of risk analysis, FMNCA now ranks among one of the costliest HIPAA penalties issued, paying out $3.5 million to affected individuals. Fresenius first reported the breach on January 21, 2013. Data exposed included patient names, addresses, dates of birth, telephone numbers, insurance information and even some social security numbers. FMNCA committed an all too common theme among HIPAA violations, failure to conduct a thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of all its

Read More »
BAI Security February 27, 2018
Audit

BAI Security at HIMSS18

Healthcare providers face a unique challenge when it comes to data protection. Cybercriminals take one look at their assets  — valuable personally identifiable information (PII) like social security numbers and medical information — and throw all they’ve got at their IT security systems. If you’re not doing everything you can to maintain and strengthen your IT security, then your organization is at risk. Let’s talk. Meet us at this year’s HIMSS Annual Conference and Exhibition in Las Vegas, Nevada, to hear how BAI Security’s award-winning suite of compliance, audit and IT security solutions can help you keep even the most advanced cybercriminals at bay. HIMSS18 is set to bring together over 40,000 health IT professionals, clinicians, executives and vendors from around the world, and

Read More »
BAI Security February 8, 2018
backdoor

The Hidden Flaws

Cyber attackers are known for their persistence. If they hit a pothole trying to break into your IT network, they won’t just give up and move on to their next target. Instead, they’ll redouble their efforts and probe your infrastructure, looking for new ways to grab your valuable data. Unfortunately, sometimes these vulnerabilities can be a bit beyond your reach. Rather than weak points in your security infrastructure, they’re baked into the very devices your business depends on. As some researchers recently discovered, a new vulnerability found in Intel chips could pose a potentially catastrophic risk for your business. Here’s what you need to know about this flaw and how you can protect yourself. The Backdoor The first thing you

Read More »
BAI Security January 30, 2018

Recent Posts

Keywords

CONTACT

READY TO LEARN MORE?

We’re here to discuss your upcoming IT security assessment and compliance audit needs.

CONTACT US
SCHEDULE A CALL

Let´s network on

Linkedin Twitter

BAI Security

ABOUT US

SERVICES

Contact