With higher education becoming increasingly more available, data breaches are on the rise as well. Colleges are responsible for compliance with security regulations, such as FERPA (Family Educational Rights and Privacy Act), as well as attempting to monitor use of personal devices as they have become a crucial component of classrooms and campus life. Hackers are targeting educational institutions more than ever, so effective data security is critical.
On February 5, 2016, the use of ransomware on Los Angeles' Hollywood Presbyterian Medical Center caused a shutdown of their systems and served as a reminder of the increasingly pressing issue of cyber extortion. The hospital released a statement reassuring that neither patient care nor employee or patient information were compromised during the attack. The statement also clarified that initial reports that the hospital paid $3.4 million to the hackers were mistaken, but the hackers walked away with just short of $18K, as it was deemed the "quickest and most efficient way" to obtain the decryption key so they could regain access to their systems. The issue with this statement is that paying the ransom does not guarantee the return of data. In fact, most IT and security resources agree that paying is confirmation to cyber attackers that they should return in the future.
Despite the advanced technology and insight into data breaches, many companies still find themselves victims of silent attacks conducted by hacking professionals. While there are few ways to prevent these attacks, there are multiple precautions you can take to protect your company and your customers.
Data breaches can occur when malware is downloaded onto a device. Malware consist of different viruses and software that collect private information without the target ever knowing. Most commonly, data breaches are performed using phishing, which occurs when one is sent emails or texts containing links to malware. They are cleverly disguised as normal emails that do not always look suspicious to the unsuspecting eye, or even appear "friendly," which are why many people fall victim.
Can you imagine a world where hacking was no longer a threat and security was stronger than ever? This is potentially the future of technology if efforts strive to invest time and money into a new generation of so-called "white hat" hackers.
In a recent article on Medical Economics' website, Giva proposes a 5-to-1 ratio of software developers to ethical hackers. This article calls for hefty fees that should be paid to registered ethical hackers for finding weaknesses or gaps in a company's system. Due to the good money opportunity by taking this path, it would persuade those with hacking skills to use their skills to improve technology instead of attacking it. A better future starts with the decision to work for it, and the development of an ethical hacking field is a crucial first step towards a brighter one.
Do you feel uneasy writing out all of your personal information in a hospital waiting room? You are not alone and your worry is not without reason. Data breaches are becoming more and more frequent, and identity theft has become a sustainable business that will not be eradicated at any time in the near future.
In Giva's recent article, "Healthcare Data Breaches on the Rise: Implications and Solutions" published by Becker's Health IT & CIO Review, a new solution is proposed in a way which renders the data "valueless" to hackers. The article explains a new system that, once implemented fully, would provide aliases for each patient so that hospitals and healthcare workers can focus on their already-challenging jobs instead of worrying about also protecting vast amounts of Protected Health Information (PHI).
In June 2016, a Canadian university found itself the victim of a ransomware attack. The malware encrypted all of the school's files as well as their email system, affecting professors, students, and administration. As a result of the widespread and urgent need to access the school's files and email system, the University paid the bitcoin ransom of $20,000 in exchange for the decryption keys in order to gain access once again.
If your company is bewildered with the relationship between the IT Infrastructure Library (ITIL) and security, you are not alone. Protecting any information is a daunting task, but ITIL can help to bring you to the finish line.
Giva's article, How can IT Infrastructure Library (ITIL) improve information security?, recently published by betanews.com, elucidates why ITIL is a very effective way to cork any security holes, and details which specific processes are the best for the task.
As of late, the healthcare industry has become the target to hackers trying to steal patients' private information such as social security numbers and health records. Now more than ever, healthcare organizations must do all they can to keep patient information secure. Using software in the cloud can provide many benefits, but with the sensitivity of healthcare records, organizations might be hesitant to move to the cloud. However, cloud software companies are rising to this challenge, making switching to using the cloud for health IT a more viable option.
HIPAA laws concerning the privacy and security of health information are quite strict. Currently, business associates of HIPAA covered entities must also be HIPAA-compliant. Most businesses are aware whether or not their company is a HIPAA covered entity or not, but what about a HIPAA business associate? If you signed a HIPAA business associate agreement (BAA), defined here, then you are definitely a business associate. The following are some of the instances where there might be some questions:
The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996. Coming up on twenty years later, HIPAA is not a new concept, but there are some ongoing issues. In 2009, HIPAA was joined by the Health Information Technology for Economic and Clinical Health Act (HITECH). This additional legislature brought changes to how HIPAA is enforced and the penalties that HIPAA non-compliance incurs. The Department of Health and Human Services has an Office of Civil Rights (OCR) that is responsible for enforcing HIPAA. Non-compliance with HIPAA is most evident after a data breach. Healthcare systems that suffer a data breach are investigated by OCR and fined large amounts of money for HIPAA violations. Let us examine healthcare and HIPAA data breaches and what they mean for the businesses that experience them.