HIPAA’s Impact on Your Healthcare IT Operations

Data Security Measures

Electronic Health Records Solutions

Healthcare Providers Beware: Cybercriminals Targeting Covered Entitites (CE) with Malware and Data Breaches

The cyber crime landscape is rapidly growing more dangerous and complex for organizations of all sizes. Reports of security incidents are growing 66 percent each year, with the average cost of a data breach estimated at $3.5 million. 

While organizations in any industry are at risk of cyber crime from outside attacks or insider perpetration, many small and medium-sized businesses (SMB) lack the infrastructure to adequately plan and prepare defenses for common threats. One rapidly growing information security threat that repeatedly poses a threat is Cryptowall, a increasingly common form of ransomware.

What is Cryptowall?

Cryptowall, formerly known as Trojan.Cryptowall, is a “Trojan Horse” virus that encrypts files on an infected computer. To unlock the files and retrieve access to critical information, users are asked to pay a “ransom” of at least several hundred dollars via a text document message. The attackers commonly ask for the payment to be made in Bitcoins, and direct users to complete the payment online via a secure Tor browser. In many cases, the ransom demands can increase in amount if the fee isn’t paid quickly.

If you’re curious whether someone on your staff with above-average computer skills can unlock your files, the answer is unfortunately no. As soon as files are encrypted, much like a bank vault, they will then require a key to be unlocked… And that key is what must be purchased from the cybercriminals themselves.

The head of cyber security at the US FBI recently stated that he usually advises victims of Cryptowall and other forms of ransomware to “just pay the ransom.” The FBI has yet to find a definitive solution to Cryptowall because it’s a highly effective form of extorting money out of healthcare organizations, SMBs and other companies.

How Do I Prevent a Cryptowall Attack?

The single most important action companies of any size can take to prevent terrible repercussions from a ransomware attack is regular data backups. Keep in mind, Cryptowall will also lock up data on any mapped drives, including external hard drives. The only guaranteed way to keep your information safe is investing in a secure, comprehensive backup solution that won’t be affected by the virus. (Keep in mind that the intervals of regular, ongoing backups can also be crucial to minimizing data loss).

Ransomware viruses can enter a company through a number of means, including file-sharing, email and RDP ports. While training your employees on information security best practices can protect against phishing attacks or unsafe file downloads, the most important step you can take is to develop a comprehensive information security practice and policy. By partnering with a professional IT services firm, you can benefit from having easy access to a dedicated a team of experts who are committed to keeping your patients, providers and practice safe.

Conclusion

Cryptowall attacks can have a devastating impact on healthcare providers and covered entity organizations of any size.

By working stategically with a dedicated IT services team, you can get started implementing the right defensive strategies to help protect your patients, practice and sensitive data such as PHI. 

Get started on your data security roadmap with the healthcare information technology experts of San Francisco today with your free onsite technology assessment and rest easier knowing your patients’ data is protected from being held ransom by cybercriminals. 

How HIPAA Affects Office IT, the Business Operations of Healthcare Providers and Overall Patient Care

From its inception, the Health Insurance Portability and Accountability Act (HIPAA) has had many ramifications for healthcare providers, and when it comes to technology management and IT support, it’s easy to feel overwhelmed.

When HIPAA affects how and where your office utilizes its IT devices and systems, your business operation methods and the manner in which patients are cared for. This is a brief look at some of the ways HIPAA may modify the workings of your healthcare enterprise.

Protecting Your IT Devices

Your IT provider’s healthcare IT help desk service in the Bay Area can inform you about procedures such as data encryption and decryption, unique user identification and audit controls, all of which are required under HIPAA. But physically safeguarding workstations that have access to electronic protected health information (ePHI) is also a requirement.

Reception areas are one of the places where inadvertent disclosure of PHI may occur, and simple solutions such as privacy panels at right angles to the reception and scheduling counters, and asking queuing patients to stand away from the worktops, are all that may be needed.

Furthermore, when computer monitors are used in open-bay setups (such as dentists’ chairs), best practices require that care be taken to ensure that screens displaying patient information are not left facing other patients or passing foot traffic.

Who You Do Business With

HIPAA regulations not only cover your healthcare organization (known as a covered entity), but your Business Associates (BA). These are entities or individuals who you may release PHI to, including attorneys, accountants, cloud storage companies, web hosts, IT vendors, email encryption companies, consultants and healthcare clearing houses who deal with claims. As part of your path to harmony with HIPAA, you and your BAs are required to sign a Business Associate Agreement (BAA).

Navigating Office Administration While Caring for Patients

 Regular routines are also affected by HIPAA regulations. For example, what happens with standard appointment reminders?

The University of Texas Health Science Center states that as long as patients are aware of this routine and the reminders are generic in form, that is, don’t necessarily state the name of the practice or clinic, appointment prompts are allowed under HIPAA. The same applies to sign-in logs in reception areas: no confidential medical information should be listed.

Helping your office navigate HIPAA-related Healthcare IT solutions are one of the specialties of Bay Computing– So get in touch with the Bay Area team of experts today and schedule a free onsite assessment to get your strategic technology plan started!

As Cyberattacks Continue to Skyrocket, DYRE Malware Grew 125% in Q2 Alone.  Are You Prepared for the Latest?

Both consumers and organizations of all sizes are at increased risk for DYRE malware attacks in the months to come. TrendLabs reported a 125 percent increase in DYRE attacks in the second quarter of 2015, proving that criminal interest in stealing user credentials is growing.

Simultaneously, attacks against healthcare organizations have grown 600 percent, and these organizations are 74 percent more likely to be targeted by phishing emails than other industries.

 Despite the increased climate of threats, small and medium-sized businesses (SMBs) can take the right steps to protect their finances and their customers’ sensitive data against DYRE and other phishing attacks.

What Is DYRE Malware?

DYRE malware typically enters a business network through a phishing email, which is designed to look like an important communication from a bank, the IRS, or another business entity. An example shared by TrendLabs included a subject line pertaining to a tax levy and an important-looking attachment with body copy that indicated immediate action was necessary. When employees click the link in the body of the email or open the attachment, the malware gains access to the system.

What Are the Repercussions of a DYRE Attack?

DYRE works quickly once it gains entry and performs “man in the middle attacks.” According to TrendMicro, it may perform browser screenshots and steal personal certificates to obtain password credentials to protected information. DYRE also works to avoid detection by disabling information security measures organizations may already have put into place, including firewalls and anti-malware protections.

Among private consumers, DYRE attacks are typically focused on stealing banking credentials so cybercriminals can gain access to an individual’s money. In healthcare organizations, the focus is usually to obtain protected patient or customer information so identities can be resold at a profit or ransomed back to the victim.

How to Protect Yourself Against DYRE and Other Phishing Attacks

To prevent a DYRE attack, phishing awareness among your employees is critical. A full-featured anti-malware solution and password change policies can help organizations get started protecting against the “dire” effects of this unfortunate information security trend.

In order to stay safe, all individuals at your organization need to be aware of how to detect a potential email attack, and who to notify if an email ever appears suspect… And for many small and medium businesses and practices, identifying the right resource to reach out to for technical help may not always be clear.

Despite increased threats, information security for SMBs and healthcare organizations isn’t impossible. Working with an expert managed services provider with years of experience helping with strategic information security enables you to identify your organization’s primary vulnerabilities, establish much-needed policies, and perform ongoing training to allow you to avoid the costly cleanup and customer defection that follows a major cyberattack.

Information security (IS) should be a key priority at organizations of any size. Gartner reports the average company dedicates just five percent of its budget to protecting customer data.

The staggering costs of a cybercrime attack can be particularly devastating to small and mid-sized businesses (SMB). Gain insight into the state of cybercrime and what SMB need to know to protect themselves.

1. Attacks Are Increasing

The average business doesn’t feel prepared for the current IS climate. In fact, 56 percent doubt they would even be able to detect a sophisticated attack.

3. Vendors Are Ignored

Many SMBs fail to realize that vendor security issues can lead to risks. Perhaps more concerning, 33 percent are not sure if they have a security agreement in place with their vendors.

4. Your Employees Are a Risk

Data breaches can occur due to cybercriminals, but the vast majority of security incidents are caused by employees. In many cases, this is due to a lack of knowledge on security best practices.

5. Companies Are Spending More

Sixty-two percent of companies of all sizes are choosing to proactively protect themselves against risks by spending more of their IT budgets on security, which can include bringing on professional help by working with a professional IT services provider.

6. Attacks Are Very Expensive

The average security attack worldwide costs $3.5 million dollars, which can cover the costs associated with fines, fees, notifying customers, and related charges. Each lost or stolen customer identity comes to around $145.

7. Companies Aren’t Testing Enough

Forty-nine percent of companies fail to complete “fire drills” to determine just how effective their data recovery practices, encryption, and other components of information security really are.

8. Mobile Is Risky

The rising adoption of smartphones and tablets doesn’t mean it’s safe. Mobile device management and Mobile vulnerabilities are currently considered the single-biggest security risk, especially since employees may take these mobile devices off site or connect to unsecured wireless networks.

9. Policies Matter

Despite the importance of educating employees, only 76 percent of brands have password policies developed and company-wide procedures in place.

10. IT Is Concerned

Eighty percent of IT professionals believe their organizations need to be working harder to defend against cybercrime. In many cases, these professionals are limited by budget and company culture.

Taking steps to protect your customers’ data could be the best IT investment you make this year. In an era of increased cybercrime, employee education, security technologies, and increased vigilance aren’t just important. They’re necessary.

Get in touch with your local San Francisco Bay Area Managed Services Provider to get started on your strategic information security roadmap today!

Could Your Wearable Carry Viruses?

Recently, a type of vulnerability was discovered in Fitbits (a popular wearable device for fitness tracking) that could make them prey to hackers. Although Fitbit has stated that their devices are safe and that they will quickly fix the vulnerability issue, the news raises concerns about wearable technology in general. Some devices can be accessed without the user’s knowledge and infected with trojans and malware that can spread to personal computers and, from there, to business computers and networks.

Infecting a Fitbit via Bluetooth Is Possible

Hackers demonstrated that they could wirelessly upload malware onto a Fitbit via Bluetooth. Although the hacker needs to be near the targeted Fitbit in order to infect it, the Bluetooth connection can happen in a park, coffee shop, or any other public area. The entire process takes 10 seconds, and the user will not notice anything wrong with his or her Fitbit immediately. But once the user connects the infected wearable to a PC or laptop, the malware can spread to the computer and even the entire network.

How to Protect Your Devices From Malware

To prevent malware infection, it is important that all your personal and business devices be always protected from outside threats. Many devices, such as smartphones or PCs, allow you to secure their Bluetooth connection with a password to prevent unauthorized access. This way, you can make sure your Fitbit is only connecting with your phone. Finally, always exercise caution when plugging any device into your computer. Use an antivirus program to scan any connected device for viruses and malware. You’ll also need to ensure that your business network’s security is examined, tested and optimized by a managed services provider.

Although the Fitbit virus is merely hypothetical — it was only demonstrated one time at a conference, and no one has reported a Fitbit being infected — this story raises concerns about wearable technology in general. Wearables are still a developing technology, and hackers will probably be able to breech the devices and spread viruses to entire computer networks. To make sure your organization’s devices stay safe, partner with the right professional IT service firm and make sure your network is protected against both the current security threats as well as the vulnerabilities which malicious attacks will seek to exploit in the future.

Reach out to your Bay Area IT support team and get your network security road map started a with a free onsite network assessment today!

Stegoloader Malware Targeting Healthcare Providers Throughout California—Is Your Practice Safe?

There have been number of reports about how stegoloader malware is being used to target healthcare providers across North America, which is increasingly becoming a cause for concern for many practitioners.

Why? Stegoloader malware is the latest and most disastrous version of TROJ_GATAK, (the strain of trojans which use steganography to evade detection) and is sophisticated enough to conceal itself and often slips by undetected because of this ability.

Stegoloader Trojan Infection Count Per Industry

In order to avoid becoming an easy target many healtcare providers throughout the San Francisco Bay Area are choosing to partner up with seasoned IT support teams who have the security skills necessary to protect them against the latest generation of advanced malware.

Read on if you work in healthcare, deal with PHI, and want to learn more about how to keep your organization safe.

Just What Is Stegoloader Malware?

Stegoloader is advanced malware that utilizes digital steganography by hiding within a Portable Network Graphic (PNG) hosted on a valid website. Once this malware is accidentally accessed, it remains on the computer, lurking in the background, often evading detection.

It should be noted that the malware is so sophisticated that when it detects security or analysis tools running on the infected system, it will suspend its main program code, allowing it to stay hidden. Furthermore, it has been designed to ‘look’ for reverse engineering tools and terminate them, making it difficult for providers to regain control of their computer systems even when a security threat has been identified.

North American Healthcare Providers Targeted

A report carried out by Trend Micro found that North American healthcare providers were by far the greatest targets and experienced the heaviest impact as they became infected with the Stegoloader Trojan.

It increasingly appears that cyber criminals are becoming more interested in stealing healthcare information than even credit card information (PCI) since protected health (PHI) information has been fetching higher prices on the black market. This puts healthcare providers in a vulnerable position as their system security may have been breached without them even being aware of it.

Keeping Your Organization Safe

Stegoloader malware is impacting healthcare providers across North America. Up until they experienced a breach directly, many of these organizations remained complacent as business operations demanded full attention and the priority of planning IT security was set aside.

Don’t make the same mistake by assuming you have the adequate security measures in place. If you are concerned that your healthcare practice may have already been targeted, or want to prevent your system security from being infiltrated, get started with a free network assessment today.

Leverage the wealth of experience of our strategically-minded IT support services team, and implement the right technological solutions for your office to help prevent your organization from falling vicitm to a healthcare data security breach. 

Is Your Point of Sale Software At Risk of Being Infected by Malware?

What Is Point of Sale Malware?

How to Protect Your Business

Cloud computing is a revolution, especially in the field of business-related IT. Like most revolutions, there’s a bit of confusion about what it all means, and some people are not sure whether they’re on the right side. As the head of a growing company, you may not have time to study Cloud computing in detail, but there are some key details you need to know.

1. Cloud Systems Can Help Your Business Save Money

The most attractive thing about Cloud systems is that they tend to have low costs. This is especially true for SMBs. Rather than spending outside their budget on servers, licenses and engineers for a new system, managers can simply pay a regular subscription cost for Software as a Service (SaaS), the way software is delivered over the Cloud.

2. The Cloud Can Facilitate Remote Collaboration.

Because everything is hosted remotely, it’s easier for all users to log into systems remotely. This is good news if you have people on the road or team members who regularly work from other locations. It can also save on office space costs, if you choose to allow your staff to telecommute.

3. Cloud-Based Systems May Have Tighter Security Than In-House Solutions Due to Compliance Regulations

Some businesses are wary of Cloud-based systems due to concerns about the security of their data. Data security is of paramount importance to every business, which is why most Cloud-based service providers use the most advanced encryption techniques to protect their clients. Also, because the Cloud allows you to work remotely, it helps to prevent one of the most common breaches: when an employee takes information home on a laptop or pen drive and loses it.

4. There is No Upgrade Cycle for SaaS.

One of the drawbacks of in-house software is the constant need to upgrade to the latest version. Sometimes this requires the purchase of new software, but usually it requires support from IT engineers. With a Cloud-based system, each time you log in you’ll be using the most recent version of the software,instead of worrying about scheduling out your next system upgrade.

5. Switching to the Cloud Can Enable Next-Generation Analytics.

The other buzzwords you may have heard recently are around Big Data and data-driven analytics. For the first time, businesses can capture extraordinarily detailed information about their customers, perform complex real-time analysis and use Data-Driven Decision Making (DDDM) to drive success. This is resource-intensive, however, and often requires the immense power of a Cloud host.

Cloud computing can help your SMB grow, so it’s worth exploring the options that are available to you. You never know what opportunities you may be missing out on.

http://www.economist.com/news/business/21648685-cloud-computing-prices-keep-falling-whole-it-business-will-change-cheap-convenient

Worried About Malware? Protect Your Business Proactively With Managed IT Services- Before Disaster Strikes

Malware is software that has been developed to attack and inflict harm on computers and their networks.

Malicious attacks can be especially damaging to businesses because once malware infects computers, it can be used to disable your business, hold your data hostage or even steal crucial account details to ensure mayhem and bend your organization to your attacker’s will.

What Is Malware?

Malware is a type of software that is designed to cause disruption and damage to computer systems.

While there are many different types of malware, such as adware, viruses, spyware and browser hijacking programs, it should be noted that much like a virus in biology, a computer virus has the capacity to replicate itself and infect other computers on the network.

With that in mind, hackers are constantly looking for for security vulnerabilities in websites so they can use them to their advantage by infusing malware into the software and systems that are already present, even on trusted websites.

(Sidenote: Studies have shown an estimated 82% of malicious sites are actually legitimate websites which have been compromised)

The United States has the highest number of malware-infected web pages in the world and the effects of malware can vary from nusicances such as simply being inconvenienced by recurring pop-up windows to more sinister and damaging effect such as identity theft and financial failure (based on extortion or fines incurred).

Just How Do Malware Attacks Work?

 While the inner-workings of each malware exploit will vary, from a business decision making and Office IT related perspective, most have this in common:

• They are extremely effective at infecting and exploiting their victims

• Malware attacks can often force operations to grind to a halt as business is brought to a stop for triage and quarantine to be fully conducted 

• Without the right safeguards and recovery solutions in place, your business can face days (possibly even weeks) of downtime and/or have to deal with massive data loss

• Malware exploits place your clients’ sensitive data in harm’s way (if your business network is compromised, data stored and transmitted also is at risk)

• Businesses held to data security standards (such as PCI-DSS, the SEC OCIE Cybersecurity Initiative Guidelines or HIPAA Security Rule requirements) will often incur fines if they are found to have insufficient safeguards in place.

What Is the Financial Cost of an Attack?

Research analysts estimate that businesses around the world will spend approximately $500 billion dollars repairing computer systems from malware damage and other security breaches.

Furthermore, when you take into account the number of hours or days spent trying to retrieve lost data (depending on what business continuity and backup technologies you have in place), that figure easily climbs higher.

Another tactic which has been growing rapidly is the use of malicious injections into businesses’ payment processing systems, which allows cybercriminals to steal customers’ credit card information.

Data loss can set a business back weeks, if not months. Malware attacks are continuously on the rise, and industry trends are showing that hackers are now adjusting their aim to going after small to midsize businesses. Why? With smaller operational staff, or a lack of a fully-fledged IT department, these cyber raiders know they’ve identified a soft target… 

Keeping in mind that a data breach can result in multiple punitative fines, potential lawsuits and most importantly, a loss in consumer confidence as  credit card payment information and personal data are exposed (as seen even with big-name players such as Target).

How to Protect Your Business From Malware

It’s time to take a stand and make sure your business is protected. Take action to know your organization is prepared. Rest assured with the knowledge that your business will be be back up and running, able to rapidly move forward if and when you are attacked.

The financial cost to affected businesses can be staggering, but by choosing to work with with seasoned Bay Area IT services veterans, disaster can be avoided by  partnering with the right IT firm. 

When you combine a proactive approach to business IT with dedicated and ongoing strategic technology planning, regular monitoring and ongoing updates supported by best-in-class business continuity and recovery solutions, you drastically decrease the likelihood of your organization becoming a malware target and enable your business to stay one step ahead of the hackers.

Curious where your network stands? Find out today with a free onsite network assessment with one of our technology experts.