Vendor Management Lessons from Aetna’s $20 Million Lawsuit

You likely use third-party vendors to outsource your payroll, HR or IT infrastructure — all essential business functions. Unfortunately, in doing so, you’re giving multiple companies access to sensitive data, including private patient or customer information. In the event of a breach or leak of said sensitive information, it’s important to know where the chips […]

BAI Security at HIMSS18

Healthcare providers face a unique challenge when it comes to data protection. Cybercriminals take one look at their assets  — valuable personally identifiable information (PII) like social security numbers and medical information — and throw all they’ve got at their IT security systems. If you’re not doing everything you can to maintain and strengthen your IT security, […]

A Different Type of Phishing

Often, we see phishing schemes being perpetrated by hackers seeking to steal information. Rarely do we discover a scheme that is essentially an elaborate marketing tactic. Healthcare Info Security reports that the Department of Health and Human Services (HHS) sent a warning to organizations in the healthcare system, alerting them to an unusual phishing attempt. […]

The Compliance Issue: Taking IT Security a Step Further

Complying with cybersecurity regulation is at the forefront of many companies’ minds. Perhaps to their own detriment, according to David Glockner, the regional director at the U.S. Securities and Exchange Commission’s (SEC) Chicago Regional Office. Quoted in SC Magazine, Glockner encouraged attendees at an SC Congress meeting in Chicago to think about cybersecurity, “divorced from […]

The Cost of Lacking Security: OHSU HIPAA Settlement

One data breach is enough to wreak havoc on any organization. The damage one could do to your relationship with customers could be catastrophic for your business, and the fallout can cause you to rethink your entire security strategy. To add insult to injury, there are also typically steep financial penalties. Healthcare Info Security recently […]

PCI DSS 3.0: Are You In Compliance Yet?

The new Payment Card Industry Data Security Standard 3.0 (PCI DSS 3.0) that went into effect on January 1 contains significant changes.  Some of the requirements will remain suggested best practices until July 1, 2015. After that, they too become mandatory. PCI 3.0 will have the greatest impact on e-commerce merchants who partner with third […]

Get Ready Now for 2015 HIPAA Audits

A random audit program to gauge HIPAA compliance is expected to commence in early 2015. This round will include both on-site and off-site reviews. Your New Year will be happier if you start getting audit-ready now. We have provided you with tips below to make the process easier. Off-Site Audits Off-site audits focus on documentation […]

Protecting Electronic Healthcare Data: The New Realitiesta

Almost half of all identity thefts in the U.S. are now stolen medical records, as reported by USA Today. While breaches of credit card data may grab the headlines (like last year’s fiasco at Target stores), a stolen credit card number usually reflects fraud quickly and can be cancelled rapidly. By contrast, a single patient’s […]

BAI Security – Mid-year Top-4 Security Risks

First, it should be noted that this list is compiled from IT Security Audits performed by BAI Security during January to July of 2013 and is not intended to be a comprehensive list of all security risks.  BAI Security specializes in auditing regulated organizations, such as those in banking and finance, pharmaceutical, healthcare, insurance, and […]