The post Business Associate Agreements Are Critical to HIPAA Compliance appeared first on Aegify.

While the alert intended to educate the general population to the threat and how to combat becoming a victim it also recommends to not pay the ransom.

“Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed,” the statement said.

The statement gives a primer on ransomware running through the types currently being favored – such as Locky and Samas –  that it is spread primarily through phishing scams and what can happen to a computer’s files if infected.

The post U.S., Canada Issue Ransomware Alert appeared first on Aegify.

The post HIPAA Audit: OCR Is On The Move appeared first on Aegify.

The attack was described as “…used vulnerability in web application that requires patching (updating software versions).”  Which implied that the institution breached was not keeping their computing and web systems patched in a timely manner. Aegify’s regular/continuous scanning process would have uncovered this lapse and allowed the organization an opportunity to correct the vulnerability prior to such an attack. The compliance and risk assessment components of the Aegify solution suite would have worked to further educate the management and staff as to the importance of effective monitoring program and its’ elements.

Aegify allows you to safeguard your systems, network, and computing environments in the most efficient way. In fact this type of an attack highlights one of the key benefits that we bring to enterprises. It enables you to regularly monitor and track the enterprise’s Risk, Security and Compliance elements and factors that are key in any successful security protection program.

Thank you
Aegify Team

Avoiding Future Ransomware (Malware) Attacks Targeting Healthcare Providers The recent malware attack on a healthcare provider in California has significant implications. The delivery approach was not through a phishing email or malware infecting a personal device. Instead, the attackers opportunistically used vulnerability in web applications that requires patching (updating software versions). The attack methodology has impacted companies outside of healthcare and the sophistication of the attack is relatively high.   Information for Your IT Department Aetna Global Security is sharing the attached document from Dell SecureWorks Counter Threat Unit(TM) (CTU) and the National Health Information Sharing & Analysis Center (NH-ISAC). Please forward this document to your IT department and encourage them to review your web applications and upgrade outdated Jboss applications (upgrade to 7.0) to avoid future attacks of ransomware on hospitals.
Aetna is the brand name used for products and services provided by one or more of the Aetna group of subsidiary companies, including Aetna Life Insurance Company and its affiliates (Aetna). Help/Contact us: If you have any questions, please Contact Us. We are located at 151 Farmington Ave, Hartford, Connecticut 06156. ©2016 Aetna Inc. The Aetna name and logo are trademarks of Aetna Inc. Privacy Information | Legal Statement | Program Provisions | Member Disclosure | Aetna Companies: State Directory

Jonathan Houck

Network Manager
houckj@aetna.com

Office:   417-837-0225

Fax:      860-907-2191

Aetna OfficeLink Updates are electronic.  Sign up at:  https://aetna.providerpreference.com

The post Avoiding Future Ransomware Attacks (Malware) Targeting Healthcare Providers appeared first on Aegify.

On Dec 1, 2015, a $3.5 million fine was levied against Triple-S Management Corporation, formerly known as American Health Medicare Inc., for HIPAA violations. OCR’s investigations indicated widespread non-compliance throughout the various subsidiaries of Triple-S, including:

• Failure to implement appropriate administrative, physical, and technical safeguards to protect the privacy of its beneficiaries’ PHI;
• Impermissible disclosure of its beneficiaries’ PHI to an outside vendor with which it did not have an appropriate business associate agreement;
• Use or Disclosure of more PHI than was necessary to carry out mailings;
• Failure to conduct an accurate and thorough risk analysis that incorporates all IT equipment, applications, and data systems utilizing ePHI; and
• Failure to implement security measures sufficient to reduce the risks and vulnerabilities to its ePHI to a reasonable and appropriate level.

Here is the latest information on U.S. Department of Health & Human Services’ website: http://1.usa.gov/1XDjyVY.

Are you at risk?  If you’re a healthcare provider or a business associate/vendor, you are.  Protect your organization against HIPAA and other compliance risks with Aegify Compliance Manager, part of Aegify RSC Suite.

Aegify RSC Suite, conceptualized and designed in Cupertino, CA, provides bulletproof risk, security and compliance protection for healthcare, financial and retail companies throughout the USA.  Discover just how affordable peace of mind is at Aegify.com or by emailing sales@aegify.com.

The post $3.5 million fine levied against Triple-S Management Corporation for HIPAA violations appeared first on Aegify.

Findings of the survey

Some of the findings highlighted in the PWC survey revealed that organizations detected an average of 135 security incidents in the past year. While nearly 77% of the participants of the survey experienced a security incident, almost 67% of the survey respondents were unable to gauge the financial impact of these incidents. The finding further revealed that less than half of respondents lacked an effective risk management program, with only about 47 percent performing periodic risk assessments. Enterprise mobility emerged as a cause for concern, with only 31 percent of respondents admitting to have a mobile security strategy and a mere 36 percent employing a Mobile Device Management (MDM) solution. These statistics clearly indicate that companies need to take a serious note of the kind of cyber security threats and risks that are out there.

Are you prepared?

The important question that needs to be answered is whether your enterprise has implemented a proper Governance, Risk and Compliance system. If it hasn’t, then your enterprise could be vulnerable with very high risks. PWC recommends that every enterprise evaluate the risks that come with supply chain partners. Besides developing threat-specific policies, enterprises need to conduct regular cyber risk assessments and implement mobile security practices in pace with adoption of mobile devices. Additionally, efforts to boost cyber awareness across the organization must include workforce training. PWC also suggests that enterprises make the best of information sharing, both internally and externally, to be abreast of all the latest cyber risks and threats.

In many instances, cyber criminals continue to find ways to circumvent the usual security technologies and acquire sensitive information. This is precisely why enterprises need to adopt a balanced approach that comprises of people, processes, and effective partnerships to strategically counter cyber security threats. Enterprises need to combat cyber threats by implementing a comprehensive security, risk and compliance assessment platform such as Aegify Security Posture Management or Aegify SecureGRC or Aegify Risk Manager. Aegify strengthens an enterprise’s security posture with powerful security monitoring and reporting capabilities. By deploying a solution like Aegify, enterprises can seamlessly address cyber threats and completely mitigate risks.

The post A Right Approach to Cyber Security appeared first on Aegify.