Giva Blog
Help Desk, Customer Service, Cloud & Security Insights, with a Side of Altruism!

Why Succumbing to Cyber Extortion is Dangerous

Cyber Crime, Ransomware & Data Security

On February 5, 2016, the use of ransomware on Los Angeles' Hollywood Presbyterian Medical Center caused a shutdown of their systems and served as a reminder of the increasingly pressing issue of cyber extortion. The hospital released a statement reassuring that neither patient care nor employee or patient information were compromised during the attack. The statement also clarified that initial reports that the hospital paid $3.4 million to the hackers were mistaken, but the hackers walked away with just short of $18K, as it was deemed the "quickest and most efficient way" to obtain the decryption key so they could regain access to their systems. The issue with this statement is that paying the ransom does not guarantee the return of data. In fact, most IT and security resources agree that paying is confirmation to cyber attackers that they should return in the future.

[Read More]

3 Ways Companies Can Combat Phishing

Combating Malware & Phishing

Despite the advanced technology and insight into data breaches, many companies still find themselves victims of silent attacks conducted by hacking professionals. While there are few ways to prevent these attacks, there are multiple precautions you can take to protect your company and your customers.

Data breaches can occur when malware is downloaded onto a device. Malware consist of different viruses and software that collect private information without the target ever knowing. Most commonly, data breaches are performed using phishing, which occurs when one is sent emails or texts containing links to malware. They are cleverly disguised as normal emails that do not always look suspicious to the unsuspecting eye, or even appear "friendly," which are why many people fall victim.

[Read More]

The Benefits of Ethical Hacking

Ethical Hacking

Can you imagine a world where hacking was no longer a threat and security was stronger than ever? This is potentially the future of technology if efforts strive to invest time and money into a new generation of so-called "white hat' hackers.

In a recent article on Medical Economics' website, Giva proposes a 5-to-1 ratio of software developers to ethical hackers. This article calls for hefty fees that should be paid to registered ethical hackers for finding weaknesses or gaps in a company's system. Due to the good money opportunity by taking this path, it would persuade those with hacking skills to use their skills to improve technology instead of attacking it. A better future starts with the decision to work for it, and the development of an ethical hacking field is a crucial first step towards a brighter one.

New Ways to Combat Healthcare Data Breaches

Healthcare Data Breaches

Do you feel uneasy writing out all of your personal information in a hospital waiting room? You are not alone and your worry is not without reason. Data breaches are becoming more and more frequent, and identity theft has become a sustainable business that will not be eradicated at any time in the near future.

In Giva's recent article, "Healthcare Data Breaches on the Rise: Implications and Solutions" published by Becker's Health IT & CIO Review, a new solution is proposed in a way which renders the data "valueless" to hackers. The article explains a new system that, once implemented fully, would provide aliases for each patient so that hospitals and healthcare workers can focus on their already-challenging jobs instead of worrying about also protecting vast amounts of Protected Health Information (PHI).

University Hacking: What Can We Learn?

University Hacking

In June 2016, a Canadian university found itself the victim of a ransomware attack. The malware encrypted all of the school's files as well as their email system, affecting professors, students, and administration. As a result of the widespread and urgent need to access the school's files and email system, the University paid the bitcoin ransom of $20,000 in exchange for the decryption keys in order to gain access once again.

[Read More]

3 Tips to Prepare for 2016 HIPAA Audits

HIPAA Audits

The U.S. Health and Human Services (HHS) Office for Civil Rights (OCR) first began conducting HIPAA audits in 2014 and is continuing with phase two this year. The purpose of these audits is to ensure the protection of each individual's personal information. The second phase examines decryption and encryption, facility access controls, and additional high risk areas that have yet to be specified. If your company is being audited, it will receive an audit notification letter from the OCR and should plan for an estimated 30 to 90 day procedure.

With this knowledge, your company can begin to prepare for the assessments to make certain that you are ready.

[Read More]

Improving Information Security with IT Infrastructure Library (ITIL)

ITIL & Information Security & Protection

If your company is bewildered with the relationship between the IT Infrastructure Library (ITIL) and security, you are not alone. Protecting any information is a daunting task, but ITIL can help to bring you to the finish line.

Giva's article, How can IT Infrastructure Library (ITIL) improve information security?, recently published by betanews.com, elucidates why ITIL is a very effective way to cork any security holes, and details which specific processes are the best for the task.

Healthcare Cloud Security & Transparency Best Practices

Healthcare Cloud Security Best Practices

As of late, the healthcare industry has become the target to hackers trying to steal patients' private information such as social security numbers and health records. Now more than ever, healthcare organizations must do all they can to keep patient information secure. Using software in the cloud can provide many benefits, but with the sensitivity of healthcare records, organizations might be hesitant to move to the cloud. However, cloud software companies are rising to this challenge, making switching to using the cloud for health IT a more viable option.

[Read More]

Is Your Company a HIPAA Business Associate?

HIPAA Covered Entities & Business Associates

HIPAA laws concerning the privacy and security of health information are quite strict. Currently, business associates of HIPAA covered entities must also be HIPAA-compliant. Most businesses are aware whether or not their company is a HIPAA covered entity or not, but what about a HIPAA business associate? If you signed a HIPAA business associate agreement (BAA), defined here, then you are definitely a business associate. The following are some of the instances where there might be some questions:

[Read More]

Healthcare & HIPAA Data Breaches

Healthcare & HIPAA Data Breaches

The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996. Coming up on twenty years later, HIPAA is not a new concept, but there are some ongoing issues. In 2009, HIPAA was joined by the Health Information Technology for Economic and Clinical Health Act (HITECH). This additional legislature brought changes to how HIPAA is enforced and the penalties that HIPAA non-compliance incurs. The Department of Health and Human Services has an Office of Civil Rights (OCR) that is responsible for enforcing HIPAA. Non-compliance with HIPAA is most evident after a data breach. Healthcare systems that suffer a data breach are investigated by OCR and fined large amounts of money for HIPAA violations. Let us examine healthcare and HIPAA data breaches and what they mean for the businesses that experience them.

[Read More]

 

Newer Entires     1   2   3   4   5   6     Older Entries