Compliance
HIPAA Violations: Know The Cost
Regulations are everywhere in the cybersecurity world, to address the vast array of risks that come about as technology expands into every industry.
BAI Security
June 18, 2020
Regulations are everywhere in the cybersecurity world, to address the vast array of risks that come about as technology expands into every industry.
Your organization’s finances can be affected by a variety of factors; everything from client engagement to marketing is critical to consider. But most recently, studies have shown that the most important issue for healthcare providers may also be the one you are least prepared to address: cyber attacks.
If you’ve ever had to share a large number of files with people working remotely, odds are you’ve used a file transfer protocol (FTP) server to accomplish this. It’s an easy way that you and others can access and upload information with a username and password, without taking up your own valuable internal storage space. Unfortunately, most of these FTP servers are operated by only a few companies. I say unfortunately because it means they are large targets for hackers. A recent bulletin released by the FBI details how FTP servers used by healthcare organizations have seen a sharp jump in attacks by cyber criminals. Here’s what we know so far. Anonymous FTP These attacks, the FBI noted, are carried
Suffering a breach is scary. The loss of crucial data and records can deal a crippling blow for any organization forced into extended downtime. But the worst part of a breach may not be the attack itself; the repercussions of this attack can have much further reaching effects. We’ve speculated about this effect in the past, but a new study by Carnegie Mellon University (reported on by The Register) confirms our suspicions: suffering a breach can cost you customers. Lack of Information Studies connecting consumer loyalty to breaches or fraud have been hard to come by in recent years, making this study especially noteworthy. Generally, we know that stock prices of organizations – especially financial institutions – take a hit after suffering breaches,
Employees count on their employers to keep their private information safe. This is especially true during one of the most information-sensitive times of the year: tax season. For attackers who rely on social engineering tactics, targeting organizations right now can be a potential goldmine. We’ve previously discussed how social engineering tries to trick members of your staff into giving out valuable information – oftentimes by posing as official sources who need the requested information now. This is a threat you should stay on high alert for year round, but recent news should have you more aware and wary of requests centered around employee tax information. A Common Scam A few high profile social engineering attacks have made the round recently, but let’s
We’ve written about the massive Yahoo data breach in this space a few times now. First there was the news of the breach itself and the potential fallout as far as consumer confidence and valuation for the business itself. Then we learned that the breach was even worse than originally reported, with the original breach going back years. At this point, it might seem like all the news has been had out of this particular attack. Well not so fast, as yet again the story of the Yahoo breach continues to provide valuable insights into what organizations might face should they too suffer a breach. Investigation Underway The two previously reported Yahoo breaches occurred in 2013 and 2014. The 2014
Many times in this space we have discussed the results of an organization suffering a breach. These have included the fines an organization receives due to lackluster security practices, or the long-term damage a breach could potentially inflict on an organization’s reputation. Today, we’re going to move our gaze from the aftermath of an attack to it’s beginnings. What does a breach in real time look like, and what are the immediate steps an organization can take to remedy this attack? Meet the Attacker Since the summer of 2016, a hacking group known as “TheDarkOverlord” has been attacking businesses in the healthcare and financial sectors, grabbing private information and using it as a means of extortion. For example, in September
You’ve heard this before, but it’s such a pressing issue that we’ll repeat it again: you need to create safe passwords. That means not just coming up with one password with uppercase and lowercase characters, punctuation and numbers, then using it as your login everywhere. You need to create different passwords for every account you own. We bring this up for a good reason: people still aren’t taking passwords seriously. A study released by Keeper Security, a password management software vendor, detailed the 10 million passwords uncovered by data breaches in 2016. You can view the full list here, but examples from the top five include: 123456, 123456789, qwerty, 12345678 and 111111. Of course, the standard fallback of “password” comes in
We have a habit of profiling major cyber crimes in this space. The breaches that grab our attention, foreshadow coming doom – and so on and so forth. It’s important to remember, however, that there are real people behind these attacks. Real people who can be caught red-handed. The Crime The London Metropolitan Police’s Falcon cybercrime unit recently announced the arrest of a British man for stealing up to £840,000 ($1 million) in an online banking fraud scheme. Tomasz Skowron launched a malware attack in December 2014, targeting computers around the world. Notably, several companies in Australia were affected and forced to make payments. To facilitate this, Skowron set up a “money mule” system of bank accounts to which the
We’re here to discuss your upcoming IT security assessment and compliance audit needs.
