HealthcareInfoSecurity.com RSS Syndication

9 Principles to Battle Botnets

Feds, Business Team Up to Limit Harm Caused by Botnets
The proliferation of botnets and malware in cyberspace threatens to undermine the efficiencies, innovation and economic growth of the Internet and diminishes the trust and confidence of online users.

Pension Hack Exposed 123,000 Accounts

What Was the Motivation Behind the Federal Attack?
An attack on the Thrift Savings Plan exposed personal details about more than 120,000 federal pension participants. Learn why one expert says the breach could have serious long-term implications.

NIST Issues Long-Awaited Cloud Guidance

SP 800-146 Describes Cloud's Strengths, Weaknesses
The National Institute of Standards and Technology's guidance recommends how and when cloud computing is appropriate, addresses risk management issues and indicates the limits of current knowledge and areas for future research and analysis.

Top 4 Malware-Related Issues for 2012

Mobile Attacks, Trojans on Social Media Among Biggest Threats
What are the top four malware-related issues that all organizations should focus on this year? Andreas Baumhof of ThreatMetrix shares insights based on five years of malware analysis.

Notice of ... Virtual Lifetime Electronic Record

In a notice of a new system of records, the Department of Veterans Affairs is seeking comments on proposed privacy practices for the Virtual Lifetime Electronic Record project now in development. The VLER effort is a long-term project of the VA and the Department of Defense designed to pave the way for improved sharing of records among providers treating veterans, members of the armed services and others.

Nationwide Health Information Network: Conditions for Trusted Exchange

This request for information seeks comments on plans for voluntary national standards, including privacy and security guidelines, for health information exchanges. The announcement poses 66 questions.

Medicare and Medicaid Programs; Electronic Health Record Incentive Program, Stage 2

This proposed rule outlines requirements, including privacy and security provisions, for a hospital or physician practice to qualify as a "meaningful user" of certified electronic health record software to qualify for Stage 2 of the HITECH Act EHR incentive program.

HIT Standards, Implementation Specifications and Certification Criteria for Electronic Health Record Technology

This proposed rule outlines requirements, including privacy and security provisions, for electronic health record software certified as qualifying for Stage 2 of the HITECH Act EHR incentive program.

HIPAA Compliance Audits: How to Prepare

The HITECH Act called for HIPAA compliance audits as part of an effort to help ensure compliance with its privacy and security provisions. The HHS Office for Civil Rights has completed the first 20 pilot audits, and it plans to complete another 95 by the end of this year.

Those to be audited will be notified in phases in months ahead. How can you help ensure your organization is well-prepared if it's selected? By learning from the experiences of those who've been through the audit experience.

This webinar will feature timely insights from an experienced consultant who aided a client with its audit, from start to finish.

The protocol for these assessments presents a rigorous audit experience that emphasizes the need for readiness, consultant Mac McMillan stresses.

McMillan's experience advising a client who was audited provided valuable direct visibility into how these audits are conducted, the expectations of the auditors and the process. This session is designed to chronicle that experience and provide insights into how to improve your readiness posture.

In this webinar, you'll learn:

What the audit process looks like and what to expect;
How to prepare for the document request requirements;
How to prepare your staff for successful interaction with the auditors;
How to prepare all your departments for the audit process;
How to review your information security program to understand weaknesses;
How to prepare your response.

IT Security Risk Analysis for Meaningful Use: What We've Learned

Prompted by the EHR Meaningful Use Incentive Program, many hospitals and eligible providers are taking a fresh look at the HIPAA Security Rule requirement for regular IT security risk analysis (SRA). Nearly 100 hospitals have chosen Redspin to help them conduct their SRA and attest to meaningful use. While engaging an external firm is not mandatory, it enables healthcare providers to more efficiently use their internal resources while leveraging expertise that they may not have in-house.

In this webinar, Dan Berger, Redspin's President and CEO, will share his company's vast experience helping healthcare organizations meet the requirements of the HIPAA Security Rule. See how compliance with regulations is necessary but not sufficient as it relates to safeguarding PHI from data breaches. Learn why even the SRA itself is only a first step - and how reducing IT security risk requires an ongoing process of testing, remediation, validation and re-testing. See how web applications, business associates, and mobile/BYOD are often overlooked as security risks yet pose significant threats. Gain a deeper understanding for how to make IT security an integral part of your overall risk management program and corporate culture.

Redspin promotes Meaningful Healthcare IT Security ® - a process-driven approach for healthcare firms to achieve continuous and durable improvements in IT security. The program provides a systematic reduction of vulnerabilities over time, even as organizations add new employees, systems, applications and customers.

Attend this webinar to gain answers to the following questions:

What is the best governance strategy to employ to reduce IT security risk?
Which 3 common areas of IT security vulnerability are the most prevalent in the healthcare industry?
How can healthcare providers better prepare themselves as enforcement of HIPAA increases (audits, breach penalties, resolution agreements)?
Beyond the SRA: How can health organizations deal with new areas of risk such as applications, business associates, mobile and BYOD?
How can healthcare providers promote a "culture of compliance," or better yet, "a culture of security?"

2012 Cloud Security Agenda: Expert Insights on Security and Privacy in the Cloud

What are organizations' top cloud security concerns, and how are security leaders addressing these concerns through policy, technology and improved vendor management?

This is the key question posed by the 2012 Cloud Security Survey.

No longer just an emerging technology practice, cloud computing today is embraced globally as a means of gaining efficient access to critical applications, processes and storage. It's now common for organizations to rely on cloud service providers for functions and business applications such as customer relationship management, messaging or storage via a public, private or hybrid cloud. Further, industry-specific cloud-based applications such as electronic health records or mobile banking and payment applications are emerging at an unprecedented pace.

But these engagements come with questions about risks:

What are your cloud service provider's security and privacy measures, and have they been audited?
Where geographically is cloud data being stored, and how do operational practices comply with government, industry and organizational privacy regulations?
How is a multi-tenant cloud environment managed, and in the event of system compromise - what will be the incident response escalation process?

Yes, cloud computing is about efficiencies and new technologies, but it's also about security, privacy and an organization's reputation.

The 2012 Cloud Security Survey was crafted with assistance from leading experts in cloud computing, security and privacy, with a mission to:

Chart the latest cloud trends, including types of cloud implementations most common by industry and region;
Gauge organizations' top cloud security concerns, from vendor security to data governance and breach preparedness;
Predict the top areas of investment for organizations most concerned about cloud security.

This webinar will draw upon survey results and expert insight from a special roundtable panel to discuss:

Top Security Concerns - Are organizations more concerned about where their data is stored, or whether a malicious insider might be a threat to it?
Success Factors - On a scale with cost savings and availability of services, how does security now rank among elements critical to a successful cloud computing implementation?
Protective Measures - What are some of the practices organizations are employing, from instituting more stringent contracts to enforcing third-party audits and even participating in mock security exercises with cloud service providers?

5 Best Practices for Disaster Recovery & HIPAA Compliance

Fact: 2.5 Million Healthcare facilities must become HIPAA compliant by 2015.

The primary goal of any healthcare provider is providing healthcare on demand to a wide array of patients. An equally important goal is the ability to financially sustain the practice and its employees. Finally, there is the goal of protecting patient's records which is now government mandated by HIPAA regulations.

Chances are, choosing a disaster recovery (DR) solution to support your healthcare organization is a critical step in becoming HIPAA and HITECH compliant, as well as improving business continuity and security. Choose the wrong DR solution can cause unnecessary downtime and dataloss. Choose the right DR solution and you become a hero to your organization...and to your bottom line by reducing your total cost of ownership and putting your HIT dollars to good use.

Join this webinar to help steer you disaster recovery and compliance in the right direction.

HEROware, a leader in business continuity, HIPAA and HITECH compliant appliance-based DR solutions, and Kaseya, the leader in IT service solutions, will discuss details on how to navigate this complex process, including:

How HIPAA and HITECH requirements impact the need for DR solutions
Implementing 5 best practices for a successful DR program
Pros and cons between various DR solution methodologies

You'll also hear from HEROware/Kaseya customer, Dan Gross, as he discusses his real-life DR implementation and steps to success. Don't miss this opportunity to leverage these lessons learned for your healthcare organization!

Five Application Security Tips

Many organizations aren't devoting enough resources to ensure that applications for mobile devices are secure, says security expert Jeff Williams. He offers five tips for adequately addressing mobile application security.

Why Boards of Directors Don't Get It

IT risk management, cyber insurance, privacy - these are hot topics for security leaders, but not for their boards of directors. Why do senior executives still fail to see IT risks as business risks?

How to Respond to Hacktivism

Hacktivist attacks will increase, and researcher Gregory Nowak says organizations can take proactive steps to reduce exposure and protect brand reputation. Why, then, are many organizations failing?

Intelligent Defense Against Intruders

Imagine a computer network that can fool intruders into seeing configurations that in reality don't exist, making it hard for them to invade the system. That's what Scott DeLoach is trying to figure out how to do.

Israel Seen Fanning Flame of New Spyware

Top Government Official Hints Israel is Behind Complex Malware
Israel is being blamed - or, perhaps, taking credit - for the creation of Flame, the sophisticated cyberspyware that has targeted organizations in the Middle East, especially its mortal enemy, the government of Iran.

2006 VA Breach: Assessing the Impact

Significant Action Taken, Lots More to Do
It's been six years since the Department of Veterans Affairs experienced a huge breach. What breach-prevention steps has the VA taken since then, and what's left to be done?

Court Clarifies HIPAA's Criminal Rules

When Can You Get Prison Time?
A U.S. appellate court decision in a case involving a jail term for a HIPAA violator offers an important reminder of the potential consequences for accessing patient records without a valid reason.

The Business Case for Continuity Planning

Small, Mid-Size Enterprises Especially Need to Develop Strategy
Why do so many small and mid-sized enterprises continue to believe that business continuity planning is just for the big guys? And how do we go about convincing them otherwise? Here are some tips.