Giva Blog
Help Desk, Customer Service, Cloud & Security Insights, with a Side of Altruism!

Job Loss From Data Breach

Data Breach

With new technology comes new dangers. Data breaches are a crippling threat to businesses nationwide for multiple reasons: business security has failed its customers and their information is unsafe (whether it be financial or medical), companies lose money when it is time to repay or monitor its customers by hiring third parties, and employees actually suffer job loss from these devastating breaches.

The Identity Theft Resource Center's Data Breach Reports defines a breach as "an incident in which an individual name plus a Social Security number, driver's license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure. This exposure can occur either electronically or in paper format." As of December 16th, the ITRC recorded 744 breaches with over 81 million informational records compromised. Big businesses such as Home Depot, Target, Michael's, Neiman Marcus, and Bebe are victims of data breaches.

Firstly, data breaches can cause massive monetary damage. Elizabeth Weise from USA Today says, "Companies need [breach insurance] because they have to pay up when their customers get hit." The average monetary loss is $188.00 per customer hacked, which the company is required to pay back. Even a small business of 1,000 customers is then required to pay $188,000. Breach insurance can be expensive, but so can being the victim of a cyber attack.

Insurance and monetary compensation are possible solutions. However, most people do not realize the effects of security breaches on those in charge of business security. Data attacks can result in job loss. These job losses include Beth Jacob, CIO of Target; Maricopa County Community College District director, Miguel Corzo; head of Utah's Department of Health's technology department, Stephen Fletcher; and an Accretive Health employee responsible for the loss of an unencrypted laptop filled with sensitive healthcare information on over 23,000 patients.

When it comes to data breaches, there seems to be a greater margin of job penalty in the field of healthcare. Aside from the few mentioned above, Goold Health Systems fired an employee this year for downloading patient information onto a USB drive and then losing it. Highmark, Inc. fired a mail room employee for an error which disclosed over 3,500 patients' Medicare information without authorization. Two Georgia Hospital employees were fired for improperly disposing of an unencrypted desktop including information on over 6,500 patients. Boston Medical Center fired a third-party vendor after realizing they had posted data from 15,000 patients to the website without password protection.

Whether via carelessness, accident, or the work of a hacker, customer information must be taken seriously, especially when it pertains to healthcare. The lack of security can result in job loss. This is not a new issue: in 2006, four healthcare employees of Providence Health Care were fired for the theft of 365,000 healthcare patients' medical records. Thankfully, a security vendor was hired, and patients could sign up for information restoration and monitoring.

However, the healthcare business demographic accounts for almost half of ITRC's recorded data breaches, with hacking as the cause for more than a third of these breaches. Healthcare records provide a wealth of information, making them a huge target for cyber attacks. Because of this, federal law and the Health Insurance Portability and Accountability Act (also known as HIPAA) require security methods such as encryption of medical data to ensure a company remains protected from a data breach.

Businesses are going to have to continue to be vigilant in implementing their security strategies.

With Giva, security is of the utmost importance.  This is why Giva is has worked to become HIPAA-compliant, with its cloud software complying with strict regulations, helping keep their healthcare - and all - customers' information safe.

Look for Hackers to Target Healthcare in 2015

Healthcare Data Hacking

Now more than ever, businesses need to be diligent about securing customer information. According to a recent news article, 2015 could be the "Year of the Healthcare Hack." Hackers could target both healthcare and insurance companies in order to secure customers personal information. The No. 2 U.S. health insurer, Anthem Inc., disclosed a breach of its database that has affected nearly 80 million records leading to investigations by state and local authorities. While in the past, cybercriminals have focused on the financial and retail sector; the new target is less-secure medical data. That being the case, many businesses are starting to focus more on security. According to research analyst Stephanie Balaouras at Forrester, "If your company execs are smart, they will make protecting customers' data and preserving their privacy one of their top business and social responsibilities in 2015." (Forrester)

With all the benefits of Healthcare Information Technology, the obstacle of cyber attacks must be addressed as well. Many businesses have prospered because of HIT and will continue to do so in the future.  However, being proactive in addressing this security issue must be a priority for all businesses in 2015 in order to secure customer information. The Reuters article above mentions that "UnitedHealth Group Inc. and Aetna Inc. have been warning investors about the risks of cyber crime since 2011." Warning investors is important; preventing hackers from stealing customer information is paramount. In meeting the strict HIPAA compliance regulations for cyber security, Giva can be the answer to businesses concerned about this problem. For more information read 7 Key elements of Giva's HIPPA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.

Value in Healthcare Information Technology (HIT)

Healthcare Information Technology

In a digitized world, one of the greatest conveniences is health information technology (HIT). Considering nearly everyone in the US is a consumer of healthcare, there are numerous benefits to adopting electronic health records. The evidence report, Costs and Benefits of Health Information Technology, outlines a few. Health information technology is a means of electronically storing, recording, accessing, or transferring a patient's medical records. This includes health and medical history. Not only is this paperless and perhaps more reliable, but it allows for "clinical decision-making and disease management." It also allows for prescription filling, test ordering, and care reminding. For example, the system can provide alerts for necessary patient vaccinations or send a prescription to be filled at a pharmacy convenient to the patient. Overall, health information technology improves the efficiency of healthcare - a highly profitable, nationwide business.

However, adopting HIT is costly and requires change in the organization. It is considered an investment, but perhaps a necessary investment in terms of economic advancement. In non-financially focused studies concerning adoption of HIT, areas of improvement included increased productivity by the healthcare provider, improved patient safety and, subsequently, fewer adverse drug events (ADE) and time spent in hospitals to treat ADEs, and better physician decision-making. For example, the ability to reduce the "ordering of redundant clinical laboratory tests could produce an annual savings of $35,000 in laboratory charges." It is economically beneficial to improve the efficiency of healthcare.

In a day and age where nearly everything is digitized, it is only fitting a business as widely used as healthcare should follow suit. Adopting health information technology will improve provider efficiency while increasing consumer centeredness. Electronic health records are more personalized, more organized and more efficient. Although implementation of HIT is an expensive adjustment, benefits for both provider and consumer are apparent. Healthcare efficiency is important to society as a whole.

With efficiency of digital access to healthcare records comes the necessity of increased data security measures. The Federal Health Insurance Portability and Accountability Act of 1996, known as HIPAA, was passed to establish a national framework for security standards and protection of confidentiality with regard to health care data and information. Fortunately, Giva makes HIPAA compliance very easy for our customers. The data center, hardware and software infrastructure of Giva's cloud help desk & customer service software meet the very strict HIPAA compliance regulations. See 7 Key Elements of Giva's HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.

Giva's Compliance with EU & Switzerland Safe Harbor Framework

Giva Safe Harbor Compliance

In October of 1998, the European Commission created a Directive on Data Protection, which prohibits transferring personal data to non-European Union countries that do not meet a certain level of privacy protection. The EU felt this was necessary as it and the United States approach handling data privacy in different ways.

In order to allow US companies to quickly comply with EU standards, the European Commission and the U.S. Department of Commerce worked together to provide a framework by which organizations could certify their compliance. The program is called the U.S.-EU Safe Harbor program, and certifying to the framework allows U.S. organizations to join this program.

With Switzerland, their Federal Data Protection and Information Commissioner also worked with the U.S. Department of Commerce to create a separate "Safe Harbor" framework, for the same purposes as the EU "Safe Harbor" framework.

Giva values the privacy of its users and visitors, and Giva respects the privacy definitions of not only the U.S., but the other organizations around the world that have decided upon their own standards they feel are best for the people they represent. With this, Giva has completed the self-certification process as defined in the Safe Harbor framework for both the European Union and Switzerland.

For more information about Giva's Safe Harbor compliance, please visit our Privacy Policy page.

Report Analyzes Extent of Data Breaches in California

Interesting reading from the NYT this morning:

"The constant drumbeat of data breaches won't cease anytime soon, according to a new report from California's attorney general, Kamala D. Harris.

There were 167 data breaches reported in California last year, an increase of 28 percent from the 131 data breaches reported the previous year. The information of more than 18.5 million California residents was compromised in 2013, a significant jump from the 2.5 million compromised records in 2012.

Those numbers were skewed by two widespread breaches last year. At Target, personal records for 41 million people were compromised, and at LivingSocial, hackers gained access to 50 million records. According to the attorney general, each of these two breaches put 7.5 million California residents' information at risk.

The majority of breaches — 53 percent — were because of malware and hacking, while a smaller number, 26 percent, was attributed to the physical loss of a computer or device. The report reiterates what many already knew: There is much more information to be stolen through hacking than physical loss. The vast majority of the 17 million records compromised in California last year — 93 percent — were attributable to malware or hacking, whereas only 1.15 million records were compromised by the physical loss of an electronic device."

 

Read more at data breach study in California.

Are your cloud applications HIPAA Compliant?

Are You HIPAA Compliant? - The Rise of Healthcare Data Breaches

A recent report by the Identity Theft Resource Center should heighten the level of concern of a number of healthcare companies. According to statistics compiled in 2013, the healthcare sector now accounts for 43.8% of total reported data breaches. That is the most of any sector. The reason is likely two-fold. First, the healthcare industry is subject to some of the strictest reporting requirements in the U.S. economy. These strict regulations force healthcare companies to publicly report information on all large data breaches. Second, hackers are increasingly recognizing healthcare companies as a valuable source of personal information. Hacking accounted for over a quarter of reported data breaches in 2013. Healthcare companies must become more aware of these external threats.

The Health Insurance Portability and Accountability Act (HIPAA) along with other federal requirements make strict security measures and data encryption methods a necessity for healthcare companies. Failure to implement these standards leaves these companies vulnerable to an attack. Companies are subject to federal punishments if a data breach occurs due to relaxed security measures. These include large fines and financial penalties. Given that the healthcare industry is now a popular victim of hackers, healthcare companies cannot afford to assume their security measures are sufficient.

Thankfully, Giva makes HIPAA compliance very easy for our customers. The data center, hardware and software infrastructure of Giva's cloud help desk & customer service software meet the very strict HIPAA compliance regulations. For more information visit 7 Key Elements of Giva's HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.

Are You HIPAA Compliant? - Healthcare Information Safety

A recent report from the Washington Post offered some sobering news about the safety of information in the healthcare industry. According to the United States Department of Health and Human Services (HHS) 3.6 million patient records have been stolen from health firms via hackers since 2009. This statistic does not include the most recent hacking of Community Health Systems which lost 4.5 million records to a group of Chinese hackers earlier this year. Large data breaches are not the only concern. In 2012, HHS received 21,194 reports of small data breaches from healthcare companies.

Healthcare companies should be wary. According to a 2013 study conducted by the Healthcare Information and Management Systems Society only 69% of health security professionals said their company had established a data breach plan. The organization concluded that the healthcare industry has only reached an "average level of maturity" on security issues. This statement should be concerning to healthcare companies. Strict regulations in the Health Insurance Portability and Accountability Act (HIPAA) and further provisions tied to the 2009 stimulus require healthcare companies to comply with firm security measures. Companies that fail to comply with these measures and are subject to a data breach face many severe consequences. Large financial penalties are in place and companies often suffer backlash.

Fortunately, Giva makes HIPAA compliance very easy for our customers. The data center, hardware and software infrastructure of Giva's cloud help desk & customer service software meet the very strict HIPAA compliance regulations. For more information visit 7 Key Elements of Giva's HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.

Are You HIPAA Compliant?

Earlier this year medical records of 4.5 million patients were stolen from Community Health Systems (CHS) by a sophisticated group of Chinese hackers. According to the Washington Post the names, birth dates, telephone numbers, and social security numbers of patients were copied and transferred from the company's systems. This information has been protected under the Health Insurance Portability and Accountability Act (HIPPA) for the last decade. As required by federal law CHS notified all impacted patients and provided them with free identity theft services. The company’s liability insurance was expected to absorb the major financial impacts of the data breach. Their mandated Security and Exchange Commission Filing stating the consequences of the breach was published on August 18 and can be found here.The Health Insurance Portability and Accountability Act requires all companies contributing to healthcare services to protect patient’s personal health records with strict security and data encryption measures. Companies that suffer a data breach due to relaxed security measures can be found in violation of federal law. Penalties are strict. Significant fines that can jeopardize a company's financial standing and reputation are charged per incident. According to the FBI, the digitization of medical records has encouraged hackers to increasingly target healthcare companies. Strong security measures that align with strict HIPAA regulations are now required of all healthcare providers.

Fortunately, Giva makes HIPAA compliance very easy for our customers. The data center, hardware and software infrastructure of Giva's cloud help desk & customer service software meet the very strict HIPAA compliance regulations. Click on: 7 Key Elements of Giva's HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.

HIPAA Security For Help Desk, Change Management, Customer Service

Long before the commercial success of the Internet, Brian J. Fox invented one of its most widely used tools.

In 1987, Mr. Fox, wrote Bash, short for Bourne-Again Shell, a free piece of software that is now built into more than 70 percent of the machines that connect to the Internet. That includes servers, computers, routers, some mobile phones and even everyday items like refrigerators and cameras.

On Thursday, security experts warned that Bash contained a particularly alarming software bug that could be used to take control of hundreds of millions of machines around the world, potentially including Macintosh computers and smartphones that use the Android operating system.

The bug, named "Shellshock," drew comparisons to the Heartbleed bug that was discovered in a crucial piece of software last spring.

But Shellshock could be a bigger threat. While Heartbleed could be used to do things like steal passwords from a server, Shellshock can be used to take over the entire machine. And Heartbleed went unnoticed for two years and affected an estimated 500,000 machines, but Shellshock was not discovered for 22 years.

Many of the commercial tools that individual users and large corporations depend upon are built on top of programs that are written and maintained by a few unpaid volunteers in what is called the open-source community. That community, along with big companies like Google, adjusts and builds new things on top of older work. 

Sometimes there are flaws in that code. And over the years, the flaw becomes part of all sorts of products.

The mantra of open source was perhaps best articulated by Eric S. Raymond, one of the elders of the open-source movement, who wrote in 1997 that "given enough eyeballs, all bugs are shallow." But, in this case, Steven M. Bellovin, a computer science professor at Columbia University, said, those eyeballs are more consumed with new features than quality. "Quality takes work, design, review and testing and those are not nearly as much fun as coding," Mr. Bellovin said. "If the open-source community does not develop those skills, it's going to fall further behind in the quality race."*

Giva is a HIPAA compliant cloud provider for IT Service Management, Customer Service and Change Management. We reduce risk for companies by protecting their data and helping them exceed regulatory requirements. Naturally, we address vulnerabilities like Shellshock.

Give us a call to talk to one of our experts about how we address Shellshock and other vulnerabilities. Or, feel free to learn more about Giva HIPAA compliance on your own. 

* Attribution to the NYT

Experts Say 'Bash' Bug Is a Major Vulnerability

You may have heard the news about a vulnerability in Bash called Shellshock. Bash is a command processor that allows a user to conduct actions through a command-line interface for Linux environments. If the Shellshock vulnerability is exploited, a threat actor with access to a Linux server can run arbitrary commands. Many questions are emerging around how companies can protect their employees and customers.

We can help. Giva is a HIPAA compliant cloud provider for IT Service Management, Customer Service and Change Management. We reduce risk for companies by protecting their data and helping them exceed regulatory requirements. Naturally, we address vulnerabilities like Shellshock.

Give us a call to talk to one of our experts about how we address Shellshock and other vulnerabilities. Or, feel free to learn more about Giva HIPAA compliance on your own. We look forward to discussing this matter with you.

We take security seriously.

 

Newer Entires     1   2   3   4   5   6   7