Tag: IT Security
Compliance

A Different Type of Phishing

Often, we see phishing schemes being perpetrated by hackers seeking to steal information. Rarely do we discover a scheme that is essentially an elaborate marketing tactic. Healthcare Info Security reports that the Department of Health and Human Services (HHS) sent a warning to organizations in the healthcare system, alerting them to an unusual phishing attempt. Phishing, as we’ve previously written about, is a scam that uses seemingly legitimate links to take you somewhere you didn’t intend to go. This can be done by subtly changing a URL address, which is exactly what was done in this case. The Scam Per the HHS, this phishing email campaign masquerades as a message regarding HIPAA compliance audits from the HHS’ Office for Civil

Read More »
BAI Security December 20, 2016
best practices

A New Domino: Ransomware on Social Media

We’ve written a fair amount about the consistent threat ransomware poses to your business, and that’s because it’s a constantly shifting threat worthy of frequent updates. Once you think you have one attack method under wraps, another one pops up. It’s a lot like trying to plug holes in a leaky dam, desperately trying to prevent the whole thing from collapsing. Unfortunately, recent news has raised the specter of a new threat, one which could potentially have wide-reaching effects on your business. Social Media Threats Healthcare Info Security recently reported some less than ideal news: ransomware may have been found on Facebook. Facebook has disputed this claim, but reports are showing that a malicious image file is being spread through

Read More »
BAI Security December 8, 2018
Banking

The Compliance Issue: Taking IT Security a Step Further

Complying with cybersecurity regulation is at the forefront of many companies’ minds. Perhaps to their own detriment, according to David Glockner, the regional director at the U.S. Securities and Exchange Commission’s (SEC) Chicago Regional Office. Quoted in SC Magazine, Glockner encouraged attendees at an SC Congress meeting in Chicago to think about cybersecurity, “divorced from the regulatory landscape.” Instead, he made the case that companies should think about their cybersecurity from a business perspective. “What is your most sensitive information? What are your most sensitive operations and what vulnerabilities do you have? And thinking about how you protect what’s critical to your business operation in most instances is going to get you most, if not all of the way, toward

Read More »
BAI Security November 10, 2016
BAI Security Compromise Assessment

Unseen Consequences: The Ripple Effects of a Data Breach

A data breach results in some obvious, immediate impacts. Your customers’ and/or patients’ data is exposed, for one. Even if you don’t lose their business, there will likely be some fences to mend to regain their trust. However, what often gets lost in the aftermath of significant breaches is the ripple effect these attacks can have on all levels of your business. These ripples are currently shaking an in-transition Yahoo to its core. Market Loss As you’ve probably heard, Yahoo recently announced that at least 500 million user accounts were breached in a late 2014 attack, making it potentially one of the largest cyber breaches ever. This news came at a particularly bad time, as Verizon was willing to bid

Read More »
BAI Security October 20, 2016
Banking

The Year of Ransomware

Ransomware is a threat you’ve probably heard a lot about in 2016. That’s not without good reason – it’s one of the main cybersecurity threats facing businesses today. Though preventative steps do exist, this is still an extremely effective attack method you can’t afford to ignore. One successful attack is all it takes to set your business back drastically. The Method Victims of ransomware receive demands for bitcoins, the volatile virtual currency whose value to real world dollars can rapidly change at any moment, making it even more difficult for a business to secure their data’s release. The standard attack goes like this: Online gangs of cyber criminals remotely encrypt and lock computers, leaving victims with a ransom screen they can’t

Read More »
BAI Security October 7, 2016
Breach

The Threat from Within

Previously we’ve written about breaches caused by outside sources: cyber criminals and the virulent programs designed to rob you of valuable information. These are faceless criminals off in the distance. But what happens when the source of the breach is closer to home? A Florida-based pediatric practice recently had to find out, as Bank Info Security reported. Stolen Information The Pediatric Gastroenterology, Hepatology & Nutrition of Florida recently had a former administrative employee indicted in federal court for alleged identity theft and fraud crimes. This employee, along with two other individuals not associated with the medical office, have been accused of stealing patient information. An indictment document cited by Bank Info Security notes that: “It was a part of the

Read More »
BAI Security September 22, 2016
Data breach

When Your Customers Suffer: The Banner Health Breach

According to Bank Info Security, Arizona-based Banner Health recently suffered a breach large enough to notify their 3.7 million customers. Banner, which operates 29 hospitals, discovered the attack on July 7th. The attackers gained access through payment card processing systems in some of their food and beverage outlets, after doing so the attackers also found a  door left open allowing access to  clients’ healthcare information. As Bank Info Security notes, the hack “exposed cardholders’ names, card numbers, expiration dates and verification codes as the data was being routed through the affected systems. Cards used at affected outlets between June 23 and July 7 were affected. Card transactions used to pay for medical services were not affected.” The full list of

Read More »
BAI Security September 1, 2016
IT Security

Social Engineering: What It Is, and How You Can Prevent It

You’re probably aware of some standard IT security threats, like viruses, ransomware, various different kinds of malware and more. These make headlines and, more importantly, fit our conception of standard cyber-criminal attacks – programs designed to steal our data and information. However, there are arguably more pressing threats to your business that you may not be familiar with. From time to time, your security profile can fall under attack, and you won’t know until it’s too late. Meet one of the most pressing IT security threats facing the world right now: social engineering. The Threat Social engineering is a method of getting people to willingly give out valuable information about either themselves or a company that employs them. Classified as a

Read More »
BAI Security August 4, 2016
Data Privacy

THE NEW FEDERAL STRATEGIC HEALTH IT PLAN

The Office of the National Coordinator for Health IT, a unit of the Department of Health and Human Services, has issued its Strategic Health IT Plan for 2015 to 2020. The plan, developed in collaboration with more than 35 federal agencies, has five main goals: Furthering the adoption of health IT Improving the security and interoperability of health information exchanges Strengthening healthcare delivery Supporting and improving the health and wellness of individuals and communities Advancing research and innovation The last federal Strategic Health IT Plan was released in 2011. The new plan is similar to the 2011 plan, and could better be described as a position paper than as a tactical, visionary document. The Office of the National Coordinator for Health

Read More »
BAI Security December 11, 2014
Cybersecurity

FINANCIAL INDUSTRY IT SECURITY 2015 TO-DO LIST

The forthcoming cybersecurity guidance from the Federal Financial Institutions Examination Council is expected to focus on people and processes that defend against specific types of threats, Future IT examinations for all sizes of banking institutions will include reviews of employee awareness of security threats, the depth and breadth of an institution’s training programs, patching policies, and – especially – securing mobile banking. When will the guidance be released? There is no date set as yet for when the guidance will be issued, but all indications point to 2015. Congressional pressure on industries to address the growing numbers of data breaches, combined with the banking industry’s strong interest in delivering mobile services, will likely push the FFIEC to move forward comparatively quickly with

Read More »
BAI Security November 26, 2014

Recent Posts

Keywords

CONTACT

READY TO LEARN MORE?

We’re here to discuss your upcoming IT security assessment and compliance audit needs.

CONTACT US
SCHEDULE A CALL

Let´s network on

Linkedin Twitter

BAI Security

ABOUT US

SERVICES

Contact