Giva Blog
Help Desk, Customer Service, Cloud & Security Insights, with a Side of Altruism!

Report Analyzes Extent of Data Breaches in California

Interesting reading from the NYT this morning:

"The constant drumbeat of data breaches won't cease anytime soon, according to a new report from California's attorney general, Kamala D. Harris.

There were 167 data breaches reported in California last year, an increase of 28 percent from the 131 data breaches reported the previous year. The information of more than 18.5 million California residents was compromised in 2013, a significant jump from the 2.5 million compromised records in 2012.

Those numbers were skewed by two widespread breaches last year. At Target, personal records for 41 million people were compromised, and at LivingSocial, hackers gained access to 50 million records. According to the attorney general, each of these two breaches put 7.5 million California residents' information at risk.

The majority of breaches — 53 percent — were because of malware and hacking, while a smaller number, 26 percent, was attributed to the physical loss of a computer or device. The report reiterates what many already knew: There is much more information to be stolen through hacking than physical loss. The vast majority of the 17 million records compromised in California last year — 93 percent — were attributable to malware or hacking, whereas only 1.15 million records were compromised by the physical loss of an electronic device."

 

Read more at data breach study in California.

Are your cloud applications HIPAA Compliant?

Are You HIPAA Compliant? - The Rise of Healthcare Data Breaches

A recent report by the Identity Theft Resource Center should heighten the level of concern of a number of healthcare companies. According to statistics compiled in 2013, the healthcare sector now accounts for 43.8% of total reported data breaches. That is the most of any sector. The reason is likely two-fold. First, the healthcare industry is subject to some of the strictest reporting requirements in the U.S. economy. These strict regulations force healthcare companies to publicly report information on all large data breaches. Second, hackers are increasingly recognizing healthcare companies as a valuable source of personal information. Hacking accounted for over a quarter of reported data breaches in 2013. Healthcare companies must become more aware of these external threats.

The Health Insurance Portability and Accountability Act (HIPAA) along with other federal requirements make strict security measures and data encryption methods a necessity for healthcare companies. Failure to implement these standards leaves these companies vulnerable to an attack. Companies are subject to federal punishments if a data breach occurs due to relaxed security measures. These include large fines and financial penalties. Given that the healthcare industry is now a popular victim of hackers, healthcare companies cannot afford to assume their security measures are sufficient.

Thankfully, Giva makes HIPAA compliance very easy for our customers. The data center, hardware and software infrastructure of Giva's cloud help desk & customer service software meet the very strict HIPAA compliance regulations. For more information visit 7 Key Elements of Giva's HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.

Are You HIPAA Compliant? - Healthcare Information Safety

A recent report from the Washington Post offered some sobering news about the safety of information in the healthcare industry. According to the United States Department of Health and Human Services (HHS) 3.6 million patient records have been stolen from health firms via hackers since 2009. This statistic does not include the most recent hacking of Community Health Systems which lost 4.5 million records to a group of Chinese hackers earlier this year. Large data breaches are not the only concern. In 2012, HHS received 21,194 reports of small data breaches from healthcare companies.

Healthcare companies should be wary. According to a 2013 study conducted by the Healthcare Information and Management Systems Society only 69% of health security professionals said their company had established a data breach plan. The organization concluded that the healthcare industry has only reached an "average level of maturity" on security issues. This statement should be concerning to healthcare companies. Strict regulations in the Health Insurance Portability and Accountability Act (HIPAA) and further provisions tied to the 2009 stimulus require healthcare companies to comply with firm security measures. Companies that fail to comply with these measures and are subject to a data breach face many severe consequences. Large financial penalties are in place and companies often suffer backlash.

Fortunately, Giva makes HIPAA compliance very easy for our customers. The data center, hardware and software infrastructure of Giva's cloud help desk & customer service software meet the very strict HIPAA compliance regulations. For more information visit 7 Key Elements of Giva's HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.

Are You HIPAA Compliant?

Earlier this year medical records of 4.5 million patients were stolen from Community Health Systems (CHS) by a sophisticated group of Chinese hackers. According to the Washington Post the names, birth dates, telephone numbers, and social security numbers of patients were copied and transferred from the company's systems. This information has been protected under the Health Insurance Portability and Accountability Act (HIPPA) for the last decade. As required by federal law CHS notified all impacted patients and provided them with free identity theft services. The company’s liability insurance was expected to absorb the major financial impacts of the data breach. Their mandated Security and Exchange Commission Filing stating the consequences of the breach was published on August 18 and can be found here.The Health Insurance Portability and Accountability Act requires all companies contributing to healthcare services to protect patient’s personal health records with strict security and data encryption measures. Companies that suffer a data breach due to relaxed security measures can be found in violation of federal law. Penalties are strict. Significant fines that can jeopardize a company's financial standing and reputation are charged per incident. According to the FBI, the digitization of medical records has encouraged hackers to increasingly target healthcare companies. Strong security measures that align with strict HIPAA regulations are now required of all healthcare providers.

Fortunately, Giva makes HIPAA compliance very easy for our customers. The data center, hardware and software infrastructure of Giva's cloud help desk & customer service software meet the very strict HIPAA compliance regulations. Click on: 7 Key Elements of Giva's HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.

HIPAA Security For Help Desk, Change Management, Customer Service

Long before the commercial success of the Internet, Brian J. Fox invented one of its most widely used tools.

In 1987, Mr. Fox, wrote Bash, short for Bourne-Again Shell, a free piece of software that is now built into more than 70 percent of the machines that connect to the Internet. That includes servers, computers, routers, some mobile phones and even everyday items like refrigerators and cameras.

On Thursday, security experts warned that Bash contained a particularly alarming software bug that could be used to take control of hundreds of millions of machines around the world, potentially including Macintosh computers and smartphones that use the Android operating system.

The bug, named "Shellshock," drew comparisons to the Heartbleed bug that was discovered in a crucial piece of software last spring.

But Shellshock could be a bigger threat. While Heartbleed could be used to do things like steal passwords from a server, Shellshock can be used to take over the entire machine. And Heartbleed went unnoticed for two years and affected an estimated 500,000 machines, but Shellshock was not discovered for 22 years.

Many of the commercial tools that individual users and large corporations depend upon are built on top of programs that are written and maintained by a few unpaid volunteers in what is called the open-source community. That community, along with big companies like Google, adjusts and builds new things on top of older work. 

Sometimes there are flaws in that code. And over the years, the flaw becomes part of all sorts of products.

The mantra of open source was perhaps best articulated by Eric S. Raymond, one of the elders of the open-source movement, who wrote in 1997 that "given enough eyeballs, all bugs are shallow." But, in this case, Steven M. Bellovin, a computer science professor at Columbia University, said, those eyeballs are more consumed with new features than quality. "Quality takes work, design, review and testing and those are not nearly as much fun as coding," Mr. Bellovin said. "If the open-source community does not develop those skills, it's going to fall further behind in the quality race."*

Giva is a HIPAA compliant cloud provider for IT Service Management, Customer Service and Change Management. We reduce risk for companies by protecting their data and helping them exceed regulatory requirements. Naturally, we address vulnerabilities like Shellshock.

Give us a call to talk to one of our experts about how we address Shellshock and other vulnerabilities. Or, feel free to learn more about Giva HIPAA compliance on your own. 

* Attribution to the NYT

Experts Say 'Bash' Bug Is a Major Vulnerability

You may have heard the news about a vulnerability in Bash called Shellshock. Bash is a command processor that allows a user to conduct actions through a command-line interface for Linux environments. If the Shellshock vulnerability is exploited, a threat actor with access to a Linux server can run arbitrary commands. Many questions are emerging around how companies can protect their employees and customers.

We can help. Giva is a HIPAA compliant cloud provider for IT Service Management, Customer Service and Change Management. We reduce risk for companies by protecting their data and helping them exceed regulatory requirements. Naturally, we address vulnerabilities like Shellshock.

Give us a call to talk to one of our experts about how we address Shellshock and other vulnerabilities. Or, feel free to learn more about Giva HIPAA compliance on your own. We look forward to discussing this matter with you.

We take security seriously.

 

Newer Entires     1   2   3   4   5   6