In February of 2015, health insurance provider Anthem Inc. database was hacked, which includes social security and credit card numbers, health information, patient history, and other valuable client information. According to The Wall Street Journal, this database was made up of over 70 million former and current customers, and employees. As of recent, it is believed that the same group of hackers responsible for the Anthem hack is also responsible for a similar data breach to United Airlines. According to Bloomberg Business, this breach provided the hackers with flight manifest data, including passenger information like destination and place of departure, as well as corporate information and business strategy.

Although these stories lack the glamour and creativity of the spy stories that we are so used to, this is how espionage is conducted in today’s world, and it has clearly been extremely effective regardless. While possibly being thousands of miles away, one can collect all the information they would ever need about a person by receiving access to sensitive information through a data breach. This data can be compiled together to create a massive intelligence network without the hacker ever even leaving his home. With a spy’s work becoming much easier, more effective and simpler, security has never been so necessary to defend against an unseen enemy.

Don’t Become The Next Data Casualty
Fortunately, Aegify’s mission is to protect your organization’s data. Aegify provides a single software solution to address your security, risk and compliance concerns. To learn more, please click HERE and register for our LIVE webinar led by Aegify CEO Anupam Sahai on Thursday August 13, from 11:00 AM – 12:00 PM PDT.

When you next encounter a movie about a top secret mission to recover vital information about a corrupt government, consider instead picturing the story’s hero as an average worker, sitting at their desk on a computer while eating a donut.

The post The True Face of Espionage appeared first on Aegify.

Reports of renowned organizations being subjected to steep penalties due to HIPAA violation are becoming regular. These reports have already started creating negative impressions directed at healthcare organizations, and giving patients an opinionated view. The increase in the penalty amount from $25,000 to $1.5 million as per the HITECH Act proves the significance of enforcing stringent measures for patients’ data protection. Yet organizations fail to convey the message effectively to their employees inviting trouble and criticism.

It is time healthcare organizations and providers took impacting decisions to fulfill their responsibilities. If the well-known organizations are capable of such negligence – willful or otherwise, jeopardizing the lives of their patients, then there is very little hope that small medical practices would not falter on this account. In any case it is the lives of the patients that are at stake.

Healthcare organizations need a proactive compliance strategy that can provide compelling solutions to all security related risks. SecureGRC SB is a wise and affordable option that can help organizations deal with all their existing compliance drawbacks. The solutions are cloud-based with real-time information and updates that help keep organizations on their toes.

With SecureGRC SB, the processes are automated, simplified and easily manageable. There is zero confusion and no complications involved in the execution of the process thus helping drive compliance smoothly and efficiently. With its commendable tracking and monitoring system it can effectively curb all propensities to overlook any regulations.

This solution is best suited for small medical practices as it keeps them in sync with HIPAA and HITECH regulations. It also ensures that the regulations relevant to business associates are up to date and concurrent with HITECH Compliance standards. It is only when organizations demonstrate a responsible healthcare compliance attitude towards their patients that they can expect a positive trend for mending and uplifting their battered reputation. With SecureGRC SB we can expect that trend soon, thus providing organizations relief from penalties and assuring patients sanctity of personal information.

The post Drawing-Out A Strikingly Compliant Role appeared first on Aegify.

Creation of a new consumer protection agency at the Federal Reserve, provision of new powers to regulators for safely liquidating failed financial firms, and imposing new guidelines for transparency in the derivatives market, are some of the objectives of ‘The Dodd-Frank Wall Street Reform and Consumer Protection Act’. This law is an outcome of the 2008 banking crisis.

However, there are now mixed opinions about this law, especially with respect to its implication on data/ information security. Protiviti Inc.’s risk and compliance practice director Michael Brauneis noted that the provision in the law for creating a consumer protection agency may lead to a number of data security issues, since it calls for regulations to allow consumers to obtain information about their transactions from financial institutions. This causes a high risk of identity theft, if these financial institutions do not ensure effective controls to check the identity of the person requesting information.

Also, the concept of ‘systemic risk regulator’ meant to gather information from the banking industry to prevent another meltdown can pose serious concerns for overall data management and security. And a report by Delloite LLP on the new financial reform also cites data aggregation and reporting as one of the top implications of the new law.

Therefore, for all those involved in financial services, this regulatory reform is a groundbreaking event and is being described as the biggest since the Great Depression.

With the ever-increasing number of regulatory requirements, IT security has come a long way from being merely an IT-centric control mechanism, to becoming a complete compliance control technique. While the timeline for this law to take effect is long, this is yet another regulation that reinforces the need for secure GRC solutions.

The post Implications of the ‘Dodd-Frank Wall Street Reform & Consumer Protection Act’, on Data Security appeared first on Aegify.

Apart from this, data leakage, data theft and data threat posed by portable storage devices like USB flash drives, iPods, Smartphone’s, MP3 players, external HDD and other end point devices with internal memory is on the rise and need to be looked into. They can be an easy way for sensitive data to leak outside the business if not properly protected.  From business point of view these portable devices have become a necessity but from security point of view these portable devices are a threat. Through wireless connections, endpoint devices can access networks that may not be secure.

Through wireless connections, endpoint devices can access networks that may not be secure. More than 159 million records containing sensitive personal information were involved in security breaches from April 2005 to August 2007.This security threat has necessitated the need for a security strategy that can keep your portable data protected.

Block attacks, protect your data

The best ways to limit attacks is with antivirus and anti-spyware software’s, accompanied by effective program control, that can not only block known malicious programs running on endpoint PCs, but it also can help control programs such as P2P sharing applications that are increasingly targeted to compromise endpoint systems.

Strong Privacy laws

Employee attrition rate is very high in organization today hence companies should deploy full disk encryption of data and also keep end point data under lock. With strong personal privacy laws now requiring disclosure of security breaches when personal information is breached, it has become all the more important to secure endpoint data.  Controlling device access, scanning the content of allowed devices to ensure there are no viruses present, and encrypting data on these devices so the data remains protected are some ways one can protect their information.

Network access control helps secure networked endpoints prior to allowing them network access. Access is only granted if the endpoint devices meet with predefined security policy, such as having current antivirus software or the latest patches.

Centralize endpoint security

It’s important to centralize endpoint security management so that administrators can use one console to configure endpoints, administer policies, monitor performance, and analyze data from the network as a whole. This helps reduce maintenance cost, improve security audit, and automates reporting.

End users should be sensitized to the threat scenario and their involvement should be limited to educating them on the risks involved with virus attacks and loss or theft of portable devices. All this is possible only if good security practices are instilled in the organization.

The post How secure are your end-point devices? appeared first on Aegify.

Information on the files included people’s names, addresses, phone numbers, birth dates, social security numbers, driver’s license numbers, medical record numbers, patient numbers, health plan information, dates of service, and information on diagnoses and treatments. It had data on patients, employees, doctors, volunteers, donors, vendors, and other business partners and covered records over a 14-year time span.

The growing frequency of these incidents only reinforces the pressing need to secure end-point devices and comply with HIPAA and other regulations. Hospitals and institutions in possession of confidential data should adopt a cloud-based approach to storing records. Only this can help prevent such incidents of massive security breach and data loss.

The post South Shore Hospital Reports Loss of Confidential Data- 800,000 Private Records at Risk appeared first on Aegify.