Knowledge is the best attack deterrent, so check out our cyber security updates
24By7Security, Inc.

Healthcare Cybersecurity Biweekly Newsletter - July 5th, 2017

What Hospital Administrators, Staff and Patients Get Wrong About HIPAA

Patients see media reports about hacking incidents at hospitals, doctors’ offices and other healthcare organizations and rightly worry about the safety of their personal information. Because too few providers fully understand their obligations under HIPAA, and too few patients act on the protections it offers, patient data is at grave risk. Patients who want to be proactive about protecting their data should ask providers what steps they take to safeguard patient information, keeping these vulnerabilities in mind. And healthcare providers, administrators and staff should make sure their organizations are HIPAA compliant. Compliance not only protects data for the patients’ sake, it reduces the possibility the organization could be fined.

HIPAA contains robust provisions to protect sensitive patient data. But until all administrators, staff and patients understand how the legislation works — the responsibilities it designates to providers and the privacy assurances it offers to patients — that protection will remain illusory.


$130K NY State Settlement from Late Data Breach Notification

CoPilot Provider Support Services, Inc. recently agreed to a $130,000 settlement with New York after the company was found to have violated state data breach notification law. CoPilot provides healthcare support services, and waited over one year to provide notice that a data breach exposed 221,178 patient records.

In the incident, a database had been accessed by an unauthorized party, potentially compromising the data of professionals and patients who had information stored in the database. CoPilot maintained that the data breach notification delay was due to an ongoing law enforcement investigation. General Business Law requires companies to provide notice of a breach as soon as possible, and a company cannot presume delayed notification is warranted just because a law enforcement agency is investigating. Failure to provide timely data breach notification can result in fines at the state and federal level.  


Regular Data Backups Key in Ransomware Prevention, Response

The Software Engineering Institute (SEI) at Carnegie Mellon University urges organizations to regularly back up their data for stronger ransomware prevention and response. Regular system backups and verification is the most effective approach in ransomware prevention and response. Backups need to be stored on separate systems that cannot be accessed from a network. Backups must also be regularly updated to ensure that the organization’s system can be properly restored should an attack occur. Also they recommend to store the backups offline and preferably offsite so that they cannot be accessed through the network. Email and websites are the two most common ransomware entry points. It is impossible to completely block ransomware at those points, but working toward system-level protection can reduce the chances of such attacks.


600+ patients affected in Illinois health system data breach

Carbondale-based Southern Illinois Healthcare notified more than 600 patients after a third-party vendor's technical error led to a breach of information. Experian Health provides information to Southern Illinois Healthcare to facilitate the verification of insurance eligibility during the patient registration process. The vendor notified the provider that between certain period of time two Experian platforms advertently were sending patient information to the wrong medical facilities. The incident occurred during a server migration.


HIPAA Regulations at a glance - Get your free copy of HIPAA Security and Privacy Regulations

Wouldn’t you like to have HIPAA regulations at a glance which you can consistently keep in your office as a reference?   HIPAA law can be confusing, long and difficult to get through, but as a healthcare entity, you need to comply.  Here, we have a “poster” for you, of HIPAA regulations condensed into just 3 pages which you can even use as a checklist! Download this summary and checklist, put it up on your wall, and mark off what you have done and what is pending – for a clear one-shot view!

Click here to download

Upcoming Events!

ISSA 2017 International Conference - Oct 9 - 11, 2017

Michael Brown of 24By7Security, Inc. will be speaking on Cyber Resilience at the ISSA 2017 International Conference being hosted at the Sheraton Hotel and Marina in San Diego, California.

More Information....

Georgia ISSA Atlanta Conference - Nov 15, 2017 @ 8:00 am

24By7Security is pleased to sponsor Atlanta’s premier security conference, “Paradigm of Dependable Security” and will be exhibiting and networking there.

More Information....

Data Connectors Fort Lauderdale Tech-Security Conference - Dec 14, 2017

24By7Security is pleased to sponsor the Data Connectors Fort Lauderdale Tech-Security Conference at Fort Lauderdale, Florida.

More Information....

Facebook Twitter Linkedin Youtube Google Instagram

About us

24By7Security, Inc. is a full service Cybersecurity strategy, implementation, operations and training firm.  We provide Cybersecurity and compliance related services across all functions of the enterprise. Our services include CFPB/DFA, FIPA, FERPA, GLBA, HIPAA, PCI, SOX, and others.

Visit Our Website

24By7Security, Inc.

4613 N. University Drive, Suite #267

Coral Springs, Fl - 33067

(844) 55-CYBER