Healthcare Cyber Attacks went up almost 90% in 2017

By Aris Medical Solutions

HIPAA Hacker

There were 132 reported breaches under investigation from Health and Human Services’ (HHS) Office for Civil Rights (OCR) in 2017 related to Hacking/IT Incident. As you review the report you can see how many were related to email and desktop computers.

https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf;jsessionid=34CACC192CA85D8251D7D788C11DAF6D

So how does this happen? More than likely it has been caused by an unsuspecting employee. Healthcare is typically targeted with ransomware through social engineering. Practices need to be vigilant in educating their staff to be extremely careful when it comes to clicking on emails or surfing the web with their work computers. That is why we always recommend work computers be used exclusively for work. Plus, personal email addresses should never be utilized to communicate with patients or vendors for a number of reasons, this being just one!

There were many server attacks as well. This can happen in the same manner, especially when someone is logged in with administrative rights when they should be logged in as a user instead.

When it comes to cloud storage or cloud based EHRs, these too can be hacked although it is not as common. Most of the time this is caused by a misconfiguration in the network.

What can you do to prevent this from happening to you?

First of all, conduct a full HIPAA Security Risk Analysis, you need to know where your data is in order to create a Risk Management Plan to protect your organization.
Secondly, continual education on new threats to inform your employees how to be diligent.
Most of all, make sure your IT professional is a network security specialist. Doing your own network security is not longer an option, you must utilize a professional to ensure your network is secure. This includes your websites and cloud services.

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

Two factor vs Two Step Authentications

By Aris Medical Solutions

HIPAA Username and Password

Sometimes these terms are interchanged which is is not exactly correct. Let us explain the difference!

Two factor authentication is typically a username AND a password. This can also be explained as who you are and something you know.

Two step is using two different types of authentication like a username and password PLUS a one time code that is text to your phone. Some providers permit the use of a fingerprint to authorize the second step.

The use of a security word is also used as a second step type of authentication so you need to be very careful about posting any type of personal information on social media. Aris suggests when the security question asks for your mother’s maiden name, make up a name! Just don’t forget what name you used!

No matter what type of the second step authentication that is offered, it is best to select whatever is offered because although a username and password is the most common type of authentication, it is also easily compromised.

People who work within the Health Care sector are heavily targeted since the type of data they access is very valuable on the dark web. Anyone who works with patient information or for a company that provides services to a medical facility can be targeted. Again, special care must be taken to ensure that patient information is not compromised.

First step in protecting patient data is conducting a HIPAA Security Risk Analysis. Know where your data is and understand how to protect it. Secondly, make sure you have a full set of Privacy and Security Policies and Procedures. Members of your staff need to know how important protecting patient data is and understand what they need to do to accomplish this.

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

©2022 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC