Thursday, April 25, 2019

"Why does HIPAA apply to me if I am not in the medical field?"

"Why does HIPAA apply to me if I am not in the medical field?"
HIPAA, the acronym for the Health Insurance Portability and Accountability Act, is a regulation administered by the Department of Health and Human Services.
Most people are aware that hospitals, long-term care facilities, health insurance companies, doctors offices, & the like must comply with both the privacy and security components of HIPAA. However, many people are fuzzy on the fact that other organizations also have to follow a minimum set of security standards under HIPAA.
Any organization who provides services to any of the entities above has to sign what is called a business associate agreement or BAA. This agreement is essentially an attestation that the business associate will exercise due care while handling medical records.
Here are some examples of business associates:
- An outsourced IT firm
- A third-party cybersecurity firm
- A CPA firm who provides accounting services and has access to PHI in the process
Any time a business associate discloses handles or uses PHI, they must comply with HIPAA Security Rule and HIPAA Privacy Rule mandates.
The HIPAA Security Rule requires periodic risk assessments, users to be trained on security best practices, and penetration testing to ensure that the business associate is not adding unnecessary risk to the handling of protected health information.
Essentially, anybody coming in touch with protected health information needs to align their cybersecurity posture with HIPAA requirements.


Net more info.. contact us at 877.860.5831
By at No comments:

Wednesday, April 24, 2019

Robocall Scam is back, to the tune of $40M

In Other News:
Robocall Scam is back, to the tune of $40M
Ever dropped everything you were doing to take a call, only to receive an automated message in a foreign language? You certainly are not alone.
Most of us likely hung up without thinking twice (and without understanding a word that was said). However, a recent slew of Mandarin-based calls has been targeting Chinese Americans, attempting to trick them into thinking that they are in legal trouble with the Chinese government. On Thursday, the FBI revealed it had received more than 350 complaints from victims of the scam, with aggregated losses reaching over $40 million. Dubbed the “Chinese Embassy Scam,” it has amounted to average losses upwards of $164,000 per victim.
Some of us may be wondering how such a scam could be so effective, but it all comes back to the concept of relevance, originality, and impact. By speaking in a familiar language and using phone spoofing to change caller ID tags, cyber criminals can defraud virtually anyone. To fight fire with fire, companies must invest in advanced cybersecurity solutions that are specifically designed to thwart phishing campaigns (like BullPhish ID!)

By at No comments:

Friday, April 19, 2019

Are you Mong the 24%?


By at No comments:

Thursday, April 18, 2019

Are you in the 40%?


By at No comments:

Windows 7 support is ending January 2020

Windows 7 support is ending. As of January 14, 2020 Microsoft will no longer provide security updates or support for PCs running Windows 7.
By at No comments:

What We’re Listening To:

What We’re Listening To:
By at No comments:

Wednesday, April 17, 2019

8 tips for protecting your small business from phishing attacks

8 tips for protecting your small business from phishing attacks
Phishing continues to be a top exploit for small business breaches, and companies should take notice. Of the 360,000 spear phishing email attacks examined over a three-month period, the most common types were brand impersonation (83%) and business email compromise (11%). Such breaches can be leveraged to steal payment and personal information.
Here are some best practices for protecting your business:
1) Take advantage of AI
2) Don’t rely solely on traditional security
3) Deploy account-takeover protection
4) Use multi-factor authentication
5) Conduct proactive investigations
6) Train staffers to recognize and report cyber-attacks (with BullPhish ID!)
7) Conduct proactive investigations
8) Maximize data-loss prevention
By at No comments:
Subscribe to: Posts (Atom)