Knowledge is the best attack deterrent, so check out our cyber security updates
24By7Security, Inc.

Healthcare Cybersecurity Biweekly Newsletter - Apr 26th, 2017

No Business Associate Agreement? $31K Mistake

The Center for Children’s Digestive Health, a small 7-center pediatric subspecialty practice in Chicago area, had contracted in 2003 with FileFax, an Illinois-based firm that stores medical records. Despite the fact that the files contain protected health information, an investigation from HHS' Office for Civil Rights discovered that neither party could show a signed business associate agreement prior to Oct 2015.  OCR announced the settlement of potential violations of the HIPAA with CCDH for $31000.

This OCR settlement highlights importance of obtaining signed Business Associate Agreements.


$2.5 million settlement shows that not understanding HIPAA requirements creates risk

CardioNet - The Pennsylvania-based company provides remote mobile monitoring and rapid response services to patients at risk for cardiac arrhythmias. CardioNet reported to HHS’ Office of Civil Rights in January 2012 that an employee’s laptop was stolen from a parked vehicle outside of the employee’s home. The laptop contained data of 1,391 patients. The following investigation found CardioNet had insufficient risk analysis and management processes, and its HIPAA Security Rule policies and procedures were in draft form and not implemented. Further, the provider was unable to show final policies and procedures for implementing safeguards for ePHI -- including those found on mobile devices.

CardioNet will pay $2.5 million and implement a corrective action plan as part of a HIPAA settlement to resolve its alleged disclosure of unsecured ePHI. Although the breach only affected 1,391 patients, the size of the fine reflects the organization’s failure to implement HIPAA Security Rule policies and procedures.


How small healthcare providers can toughen cyber defenses

Healthcare is an absolute goldmine for hackers. Each time new patients enter a doctor’s office, sensitive information is recorded. This means that emails, phone numbers, health insurance information and Social Security numbers can all be stolen easily. Executives at many small healthcare institutions believe that a breach will only occur at large, well-known providers, but this is just not the case. It is small individual locations like these that serve as hotbeds for hackers, as they often don’t have strong security and IT teams in place. Securing medical records is a complex undertaking. It goes far beyond the minimal technical requirements of HIPAA and involves a precise balance of technical knowledge of IT teams, properly trained office or hospital staff and even third-party vendors that service systems within an organization. So what can the healthcare industry do to prevent their security from being compromised?


Kentucky Health Center Ensures PHI Security After Email Gaffe

Kentucky based Women’s Care of Somerset (WCS) employees erroneously disclosed the email addresses of all recipients of an informative email regarding health-related services to the other recipients. The healthcare organization conducted an investigation and discovered the error was a result of the use of an unauthorized email distribution method. The email addresses of 1,806 patients were exposed in the incident. To mitigate further issues, WCS is retraining staff on proper procedure when sending emails.


Upcoming Events!

“Ultimate Drive” Golf Tournament - May 6, 2017

24By7Security is pleased to sponsor the 3rd Annual Ultimate Drive Golf Tournament hosted by the United Way of St. Lucie County at Fairwinds Golf Course, Fort Pierce, Florida.

More Information....

Jefferies Technology Group Investor Conference - May 9 & 10, 2017

Sanjay Deo, President of 24By7Security, Inc. will be participating in a Cybersecurity Panel at the Jefferies Technology Group Investor Conference being held in Miami, Florida.

More Information....

HackMiamiCon5 Security Conference - May 19 - 21, 2017

Michael Brown of 24By7Security, Inc. speaking at HackMiami Security Conference, at Deauville Miami Beach Resort, Miami Beach, Florida.

More Information....

ISSA 2017 International Conference - Oct 9 - 11, 2017

Michael Brown of 24By7Security, Inc. will be speaking on Cyber Resilience at the ISSA 2017 International Conference being hosted at the Sheraton Hotel and Marina in San Diego, California.

More Information....

Data Connectors Fort Lauderdale Tech-Security Conference - Dec 14, 2017

24By7Security is pleased to sponsor the Data Connectors Fort Lauderdale Tech-Security Conference at Fort Lauderdale, Florida.

More Information....

Facebook Twitter Linkedin Youtube Google Instagram

About us

24By7Security, Inc. is a full service Cybersecurity strategy, implementation, operations and training firm.  We provide Cybersecurity and compliance related services across all functions of the enterprise. Our services include CFPB/DFA, FIPA, FERPA, GLBA, HIPAA, PCI, SOX, and others.

Visit Our Website

24By7Security, Inc.

4613 N. University Drive, Suite #267

Coral Springs, Fl - 33067

(844) 55-CYBER