Knowledge is the best attack deterrent, so check out our cyber security updates
24By7Security, Inc.

Healthcare Cybersecurity Biweekly Newsletter - October 18, 2017

Risk assessment - a crucial step in your overall risk management program

A risk assessment is the backbone of any organization’s HIPAA compliance program. If you are a healthcare covered entity or a healthcare business associate, a documented risk assessment or risk analysis is required for meaningful use certification and reimbursement. If you ever get audited by the Office of Civil Rights (OCR), or if you have already had the pleasure of being audited, you will know that one of the first things OCR will ask you for is a documented risk assessment or risk analysis. If you run a compliant HIPAA Security Risk Analysis (SRA) to satisfy the Risk Analysis Requirements under the OCR-HITECH Act, it will satisfy the requirement for Meaningful Use Security Risk Assessment (SRA). A risk assessment or risk analysis helps you understand what your organization’s security level is – it sets a baseline. You would also repeat the risk assessment, at a minimum, on an annual basis to measure your progress and re-evaluate your security posture.


Lack of security risk assessment could trim Medicare payments

Many physician provider organizations are likely paying short shrift to an important requirement of the Medicare Access and CHIP Reauthorization Act, which could end up costing them a portion of their Medicare reimbursement. Under MACRA reimbursement schemes, failing to perform and maintain a valid information security risk assessment could end up reducing reimbursements to physician group practices by 25 percent, as part of the Merit-based Incentive Payment System mandates that physician group practices do an assessment to measure security risks and then document steps to prevent data losses.


Over 47GB of medical records, blood test results of 150,000 patients exposed in cloud storage error

Sensitive medical records belonging to an estimated 150,000 Americans were inadvertently left exposed in an unsecured Amazon server. Kromtech Security Researchers said the exposed documents were associated with healthcare firm Patient Home Monitoring (PHM), which provides in-home monitoring and disease management services for patients in the US. The files were left exposed in a publicly accessible Amazon S3 repository that included about 47.5GB worth of sensitive medical data, including patients' names, addresses, phone numbers, diagnoses and test results. Many records also contained dates of birth and names of physicians overseeing the patients as well.


Namaste Health Care Pays Ransom to Recover PHI

A hacker gained access to a file server used by Ashland, MI-based Namaste Health Care and installed ransomware, encrypting a wide range of data including patients’ protected health information.  Prior to the installation of ransomware it is unclear whether patients’ PHI was accessed or stolen. The Ashland clinic discovered its data had been encrypted when staff returned to work after the weekend. In order to recover data, Namaste Health Care made the decision to pay the attacker’s ransom demand. In this case, a valid key was supplied by that individual and it was possible to unlock the encrypted files. The clinic was able to recover data and bring its systems back online after a few days. The incident prompted the clinic to conduct a review of its security protections and make “robust upgrades” to its “firewall and remote access technology.”


24By7Security Risk Assessment

In this world of rising cyber crime, have you assessed your security levels? Are you safe if or when you suffer a breach? Call 24By7Security, Inc for a security risk assessment today at (844)-55-CYBER or visit our website at!

Upcoming Events!

Cybersecurity Day at NSU - October 19 @ 8:00 am - 1:00 pm

 24By7Security is pleased to sponsor and present at Cybersecurity Day annual event at Nova Southeastern University – with a day of Cybersecurity discussions with talented high school students.

More Information....

Cybersecurity Day – Miami-Dade College October 26 @ 8:00 am - 5:00 pm

Sanjay Deo, President of 24By7Security, Inc. will be speaking on Cybersecurity Day at Miami-Dade College on October 26, 2017.  

More information...

Georgia ISSA Atlanta Conference - Nov 15, 2017 @ 8:00 am

24By7Security is pleased to sponsor Atlanta’s premier security conference, “Paradigm of Dependable Security” and will be exhibiting and networking there.

More Information....

Data Connectors Fort Lauderdale Tech-Security Conference - Dec 14, 2017

24By7Security is pleased to sponsor the Data Connectors Fort Lauderdale Tech-Security Conference at Fort Lauderdale, Florida.

More Information....

Facebook Twitter Linkedin Youtube Google Instagram

About us

24By7Security, Inc. is a full service Cybersecurity strategy, implementation, operations and training firm.  We provide Cybersecurity and compliance related services across all functions of the enterprise. Our services include CFPB/DFA, FIPA, FERPA, GLBA, HIPAA, PCI, SOX, and others.

Visit Our Website
Facebook Twitter Linkedin Youtube Google Instagram

24By7Security, Inc.

4613 N. University Drive, Suite #267

Coral Springs, Fl - 33067

(844) 55-CYBER