Monday, March 18, 2019

Why does HIPAA apply to me if I am not in the medical field?


HIPAA, the acronym for the Health Insurance Portability and Accountability Act, is a regulation administered by the Department of Health and Human Services.
Most people are aware that hospitals, long-term care facilities, health insurance companies, doctors offices, & the like must comply with both the privacy and security components of HIPAA. However, many people are fuzzy on the fact that other organizations also have to follow a minimum set of security standards under HIPAA.
Any organization who provides services to any of the entities above has to sign what is called a business associate agreement or BAA. This agreement is essentially an attestation that the business associate will exercise due care while handling medical records.
Here are some examples of business associates:
- An outsourced IT firm
- A third-party cybersecurity firm
- A CPA firm who provides accounting services and has access to PHI in the process
Any time a business associate discloses, handles or uses PHI, they must comply with HIPAA Security Rule and HIPAA Privacy Rule mandates.
The HIPAA Security Rule requires periodic risk assessments, users to be trained on security best practices, and penetration testing to ensure that the business associate is not adding unnecessary risk to the handling of protected health information.
Essentially, anybody coming in touch with protected health information needs to align their cybersecurity posture with HIPAA requirements.
Managed Security Team
By at No comments:

Cross-border e-commerce is booming:

Cross-border e-commerce is booming: it is expected to bring in $203 billion annually by 2021. Yet many U.S.-based merchants hesitate to engage in global transactions. To be sure, risks abound, but so do misconceptions about payment fraud.
Using local payment methods (LPMs) — that is, payment methods beyond credit cards — may lessen risk and allow global expansion. Linked to local banks, they typically have built-in security safeguards. In China, for instance, 49 percent of online transaction take place via e-wallet and only 23 percent by credit card.
Risk is reduced because such push-payment methods, where the customer initiates payment, do not require the business to collect consumers’ payment data, thereby lessening exposure to chargebacks due to misuse of stolen cards.
Bank transfers — which move money directly from the purchaser’s bank to the merchant’s — are another avenue to pursue. Used in nearly half of online transactions in Germany, bank transfers are performed via redirect during checkout, through a real-time or offline transfer process.
By at 1 comment:

In Other News:

In Other News:
The U.K. has seen its first group litigation case concerning data breach, and the organization in question, the supermarket chain Morrisons, was found vicariously liable for the actions of one of its employees.
A disgruntled employee posted a file on a file-sharing website that included data on nearly 100,000 of his colleagues. That employee was found guilty of several charges related to the incident, including fraud and gaining unauthorized access to computer materials, and sentenced to eight years in prison.
Then 5,518 of the individuals whose personal data was published sued Morrisons. In this class-action-type suit, Morrisons — which was determined to have been compliant with data security laws at the time — was found vicariously liable for its rogue employee’s actions. It now faces large compensation costs.
Notable not only for being the first of its kind around data breach in the U.K., this case is also interesting for setting a high standard of responsibility among companies for their employees’ actions. As data breaches increase in both frequency and scope in Europe, those affected by them are likely to look to class-action claims under the provisions of the GDPR, which gives data subjects’ more rights and increases defendants’ penalties.
A side note: Similar claims but concerning nonmaterial damage like emotional distress may be enabled by the GDPR and the Irish Data Protection Act 2018 to be brought to Irish courts.
By at No comments:

Thursday, March 14, 2019

Dark Web ID Trends:


Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: Domain (99%)
Top Industry: Business & Professional Services
Top Employee Count: 11 - 50 Employees 
By at No comments:

Wednesday, March 13, 2019

Are you among todays victims of cyber-crime?



Ask how bit by bit can help protect you from cyber crime..


contact us at 877.860.5831 x190
By at No comments:

Tuesday, March 12, 2019

What we can do to stop putting our data at risk of identity theft

What we can do to stop putting our data at risk of identity theft
As we continue to flip through news headlines of identity thefts that read like scary movies, the average American consumer is growing increasingly aware of the data breach landscape. However, recent data suggests that such awareness has not converted into any serious action. For the most part, we are doing nothing to prevent data breaches, and instead it seems that we are contributing to our own demise.
According to a study conducted by CreditCards.com, 9 in 10 U.S. adults have been committing at least one of the following four risky behaviors regarding data in the past year...
By at No comments:

Thursday, March 7, 2019

Dark Web ID Trends:

Dark Web ID Trends:Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: Domain (99%)
Top Industry: Medical and Healthcare
Top Employee Count: 11 - 50 Employees 
By at No comments:
Subscribe to: Posts (Atom)