As the latest addition, some of the 4.9 million affected beneficiaries reported financial fraud in their credit card or bank account. An amended complaint tied to the original class action lawsuit provides details on five individuals affected by the TRICARE breach who have reported that they have been victims of financial fraud related to the breach. Out of these five individuals one has reported cancellation of credit card due to suspicious activity, and the other four reported unauthorized or fraudulent charges on their credit/debit cards or bank accounts. The complaint is also said to include new allegations contending that the data theft was intentional, and specifically targeted confidential information stored in the stolen backup tapes.

Eight class action lawsuits have now been filed against TRICARE. However, on March 8, Science Application International Corporation (SAIC) has requested to have all eight lawsuits consolidated into one. The attorneys involved in five cases filed in Washington, D.C., are also seeking to consolidate these cases.

In terms of the number of people affected, the TRICARE breach has been the largest so far on the federal tally of major breaches. And likewise, this breach incident has also been the first to attract such severe legal action. With eight class action lawsuits to fight, TRICARE stands testimony to the fact that no organization can escape the consequences of an information breach. This further proves that data breaches are best prevented rather than corrected. But preventing a data breach is not easy unless your organization is equipped with a comprehensive security and compliance management solution like Aegify RSC Suite.

Aegify’s RSC Suite is completely automated, and includes all security and IT-GRC functions required to be compliant. It provides end-to-end support for HIPAA and HITECH regulations and comes with built-in best practices, policy and procedure templates which can solve all security and compliance challenges. It can help you curb threats and prevent incidents of data theft/loss, thus saving your organization from the drastic consequences of a breach.

The post TRICARE in Trouble Again- More Lawsuits to Face appeared first on Aegify.

In February of 2015, health insurance provider Anthem Inc. database was hacked, which includes social security and credit card numbers, health information, patient history, and other valuable client information. According to The Wall Street Journal, this database was made up of over 70 million former and current customers, and employees. As of recent, it is believed that the same group of hackers responsible for the Anthem hack is also responsible for a similar data breach to United Airlines. According to Bloomberg Business, this breach provided the hackers with flight manifest data, including passenger information like destination and place of departure, as well as corporate information and business strategy.

Although these stories lack the glamour and creativity of the spy stories that we are so used to, this is how espionage is conducted in today’s world, and it has clearly been extremely effective regardless. While possibly being thousands of miles away, one can collect all the information they would ever need about a person by receiving access to sensitive information through a data breach. This data can be compiled together to create a massive intelligence network without the hacker ever even leaving his home. With a spy’s work becoming much easier, more effective and simpler, security has never been so necessary to defend against an unseen enemy.

Don’t Become The Next Data Casualty
Fortunately, Aegify’s mission is to protect your organization’s data. Aegify provides a single software solution to address your security, risk and compliance concerns. To learn more, please click HERE and register for our LIVE webinar led by Aegify CEO Anupam Sahai on Thursday August 13, from 11:00 AM – 12:00 PM PDT.

When you next encounter a movie about a top secret mission to recover vital information about a corrupt government, consider instead picturing the story’s hero as an average worker, sitting at their desk on a computer while eating a donut.

The post The True Face of Espionage appeared first on Aegify.

In the real world of healthcare, a more realistic villain lurks in the shadow of hospitals: cyber hackers. To combat the increasingly more commonplace breaches in healthcare data that these villains impose, the government is cracking down on mismanagement between covered entities and business associates. Now, based on the HIPAA Omnibus law requirements, the government is placing equal liability for data hacks on covered entities as business associates even though, according to For the Record, the five largest data breaches were caused by business associates (BA’s).

There are many horror stories about BAs. Just as recently as September of 2014, there was a breach affecting 4.9 million users of the Tricare military healthcare program, a business associate to Science Applications International Corp. According to Data Breach Today, a lawsuit has been filed against both SAIC and Tricare, and Tricare’s lawsuit is reportedly for $4.9 billion. With BAs previously taking all punishment for security breaches, hospitals and medical organizations have a shared risk and liability in the vendors they choose to handle PHI. With hospitals having upwards of 200 BAs to deal with, keeping track of possible mismanagement of patient data can be very difficult. To lower the risk of HIPAA prosecution, hospitals are now requiring various checks on BAs to make sure PHI is properly secured by requiring them to be HIPAA compliant.

Currently, covered entities have to do these checks manually by directly contacting the business associates. This is a time consuming process that is difficult to keep track of. However, Aegify is able to bring all these checks together in a single software solution. The BA Manager program connected to Aegify allows covered entities to automatically run these checks on the business associates by displaying a dashboard that shows which BAs have complied with the HIPAA regulations that are required. This effectively eliminates hours of manual work that could easily be taken over by a computer and will be effective for covered entities to monitor if BAs are complying with necessary security and privacy measures to protect the patient.

Children may still be kept at night by the fear of a ghost entering their room, but it is time to eliminate the fear that cyber hackers impose on everyone who has a digital footprint. By being able to effectively make sure BAs are handling important PHI data correctly, we are closer to eliminating the threat of those who try to access the common person’s information.

In the recently released Gartner CIO Agenda Report, 2015, CIOs have identified Security & Risk Management as one of their top priorities. Many of your peers have already engaged Aegify to manage their security, risk and compliance efforts. Discover why. To learn more about our BA manager tool, please click HERE to receive an update for our LIVE webinar on the BA Manager tool led by Aegify CEO Anupam Sahai.

The post Combat IT Nightmares appeared first on Aegify.

The Health Insurance Portability and Accountability Act demands that health care providers report data breach in cases that effect more than 500 people. In case of violation of HIPAA, enterprises and their business associates and covered entities, face a penalty of $50,000 reaching up to $ 1,500,000. Over 40% of cyber security breaches in 2014 has been across healthcare providers and their business associates. Such rampant breaches across this sector leads to loss of millions of digital healthcare records and personal information of patients and therefore calls for aggressive counter measures to address these rampant data breaches, given the fact that PHI is getting more valuable in the cyber-fraud scenario than the credit cards.

As per the requirements of HIPAA compliance, all patient health information and   critical assets have to be secure. But, the records compiled in 2014 points to a      disturbing trend in increased in data breaches, nearly 41 million from 29.3 million,  an increase of 41% over 2013. Moreover, records also display that the complaints  received by the Office for Civil Rights include nearly 5,447 unresolved cases and  around 53,000 closed. The reasons put across are lack of jurisdiction or  complaints being withdrawn, and not because there was no HIPAA violation.  Further, analysis of the HHS data also brings to light that a large portion of the security breaches (over 52%) have been through theft, nearly 10% due to unauthorized access due to loss of devices, and over 9% due to hacking incidents.

Source: Compilation by Erin McCann, Managing Editor at Healthcare IT News, using data from the Department of Health and Human Services, which includes HIPAA breaches involving more than 500 individuals, reported by 1,149 covered entities and business associates

Businesses across the healthcare industry and its verticals therefore need to scan their PHI assets and conduct security analysis besides ensuring meaningful use of the EHR. Understanding the criticality of the situation, enterprises have deployed a number of new age techniques to protect their electronic data from breaches.

However, Aegify has been developed as a comprehensive security, risk and compliance management solution that not only addresses all of HIPAA compliance needs but also provides the covered entities with meaningful use attestation reports with proof of security and risk analysis. Further, Aegify automates HIPAA management through continuous workflow assessment cycle, and provides instant remediation measures to correct the security deficiencies, a trusted Solution by 70+ MSPs with thousands of customers. Aegify protects your assets, detects vulnerabilities proactively, and responds with appropriate remedial measures. Aegify is the only solution that unifies a comprehensive Security, Risk, and Compliance Assurance system.

The post The Ever growing list of HIPAA breaches appeared first on Aegify.

 The initial attack occurred on May 5, 2014 as per Premera’s        investigation and Premera notified the FBI. Premera would be  notifying approximately 11 million affected individuals by mail and offering two years  of free credit monitoring and identify theft protections services, with a dedicated call  center for its members and affected individuals.

 This would have an adverse brand effect for Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and its affiliate brands Vivacity and Connexion Insurance Solutions Inc.

Premera members’ breached information could include names, dates of birth, Social Security numbers, mailing addresses, email addresses, telephone numbers, member identification numbers, bank account information and claims information, including clinical information, and the Social Security Numbers. The Company said, “Along with steps taken to cleanse its IT system of issues raised by this cyber-attack, Premera is taking additional actions to strengthen and enhance the security of its IT systems moving forward”.

More and more businesses are falling prey to cyber criminals. How confident is your organization to say that you are fully prepared? About 40% of cybersecurity breaches in 2014 were in the healthcare vertical. Recent reports indicate that healthcare data is becoming more valuable than the credit card data. HIPAA compliance requires that all PHI information and PHI critical assets be secured.

First, it is essential to protect your information assets, not just assuming that your endpoint computers remain well protected but to extend the protection to include laptops, tablets, mobile smartphones, and removable storage devices as USB flash drives. Knowing your critical assets and their roles in information processing, storage or in transit is very critical. Most often, as organizational members bring in their own devices (BYOD), information control becomes difficult. The 2015 security trend projects that Mobile devices will be increasingly the target of attack for credential and authentication thefts. Therefore, it is essential to implement an effective asset tracking management system for your internal and external/perimeter IT infrastructure.

To be HIPAA compliant – businesses need to do a HIPAA assessment, security scan their PHI assets and do Security Risk Analysis. This is also required for meaningful use attestation for various stages.

Second, with growing vulnerabilities discovered in dormant code – Poodle, Shell Shock, Ghost, the inadequate security built into new technologies, and not updating security patches and updates from software vendors, contribute continuously to exploitation of vulnerabilities resulting in data breaches. It is a Great risk for healthcare organizations as long as they continue to use outdated software and rudimentary security. You need to consider proactively acting against continuing challenges in ensuring security of your information assets, improve your security posture with Aegify Security Posture Management.  Aegify scanner gives you the following distinct features that other web scanners do not offer:

• Browser Emulation Scanning Technology (BEST) – Browser-based scanning of client-side Web applications to find vulnerabilities in deployed and running web applications such as JavaScript, AJAX, and Flash
• Web Application Pass-Through Scanning– Uses current vulnerabilities to scan and accurately report on unaddressed vulnerabilities and web applications including third-party applications exposures deep in the network, providing a more accurate and complete report.
• Batched Scanning– Reduces scan times and allows customers to target specific and mission critical addresses.
• Content Scanning– Scans Databases and applications for specific content such as credit card and social security numbers, ensuring personally identifiable information is not visible to hackers.
  Operating System Scanning

Aegify Security posture management solution uses innovative, patent-pending expert systems technology to automatically map the security vulnerabilities to compliance mandates. Representing the new breed of solutions from Aegify, Security Posture Management (SPM) is cloud-based and offers several distinct features. Read More…

The Third step is to integrate the security scan results automatically to your compliance control requirements using solutions such as Aegify Compliance Manager.

You can try out the free community edition before subscribing to Standard, Professional or Ultimate editions.

Aegify is a comprehensive Security, Risk and Compliance Management solution for addressing all HIPAA  Compliance needs. Provides Meaningful use attestation reports with proof of security risk analysis. Aegify automates HIPAA management using a continuous workflow of Assess->Remediate and Monitor so that businesses can be assured of their HIPAA compliance status. Aegify’s Simple 1-2-3 steps helps in establishing an automated state of continued readiness.

Businesses can prevent such breaches from happening using Aegify. Aegify provides HIPAA compliance Assurance!

The post Yet another Cyber Attack – Personal Information of 11 Million individuals Breached appeared first on Aegify.

This incident is a stared reminder for the need for a systematic risk analysis and risk management system for the techno-centric healthcare establishments and business associates. Even as experts look into lack of encryption as a major cause of breach, data encryption is no silver bullet against data breaches.

The Anthem data breach is a cautionary call to all healthcare businesses for addressing the need to ensure compliance to security controls as detailed under the HIPAA/HITECH regulations.

Conclusion
While recent investigations point towards “backdoor malware” as also a cause for such large scale data breach at Anthem Inc, intelligent continuous monitoring and analysis system would have been able to detect the Anthem attack very early. Aegify Security Posture Management tool is optimized to prevent exploits across the entire IT infrastructure. Its unique flexible cloud-based architecture not only scans single as well as multiple assets, its enterprise-class protection scans for more nearly 32,000 vulnerabilities using about 92,000 checks across physical and virtual networks, operating systems, databases, and Web applications. Moreover, it’s automated compliance mapping system deployed across physical and virtual network environment ensures continuous monitoring of security, risk, and compliance with real-time status. The Security Posture Assessment and Management Tools will help enterprises protect their data from such breaches.

The post Anthem Breach Sounds Security Alarms against Data Hackers appeared first on Aegify.

The top level executives at the organisation agree to the fact that they have been a target of the attack by cyber criminals who gained unauthorized access to their IT system. However, based on digital forensics investigation reports, they are positive that no credit card data or medical records have been compromised. Nevertheless, the breach of 80 million data as per records is the biggest in history that brings to fore, today’s need for deploying industry-standard “sophisticated” defences. Encryption of data is a critical aspect to secure accessibility of any corporate database.

While this is nightmare for the affected individuals, is not a lone case. Other recorded incidents include

• Data breach at Montana Dept, of Health and Human Services where hackers gained access to a server leading to an estimated 1.3 million affected individuals.
• Breach at Community Health Systems Inc., which exposed the personal data of an estimated 4.5 million people.

With continuing data breaches, information security has attained critical importance across enterprises. An essential proactive step is to assess your assets and estimate the level of risk with key assets. Following this with an assessment of the security controls would have helped Anthem identify the gaps and plug those gaps with appropriate remedial measures. Tools like Aegify helps organization to assess their security, risk, and compliance posture and to help them take proactive measures to fix the security lacunae.

Aegify services, offered as a cloud-based model, includes all security and IT GRC functions. Equipped with a built-in compliance framework that supports HIPAA, RBI, NSE, BSE, MCDEX, PCI, ISO, COBIT, FISMA and other country based ones, Aegify also has advanced alert and monitoring systems that makes it a complete end-to-end automation solution for all security, audit, compliance and risk management needs of an enterprise.

The post Enterprises need to be proactive to Avoid Anthem Fate appeared first on Aegify.

President Obama called on lawmakers to ensure that the Personal Data Notification and Protection Act extends to educational institutions and successfully covers even student data as with customer information. However, even as the President with government heads were busy taking decisions and stern steps to control cyber security breaches and threats to credit cards and personal data, ISIL supporters were successful in hacking the US Central Command sites and Twitter Accounts.

As the Personal Data Notification and Protection Act considers data breaches a criminal offence and demands enterprises to inform any data breach within a 30 day period, it is seen that customers of small and medium sized enterprises operating in multiple states are not protected. If vandals supporting the Islamic State of Iraq and the Levant (ISIL) could easily deface four of the high security social media accounts of U.S. Central Command, then governments and IT majors need to consider this threat as a call to work their way through much more stringent measures that can ensure safety and privacy of every individual.

Global healthcare enterprises besides being HIPAA/HITECH compliant also need to take strong measures to protect their customer data and personal information from the hands of the cyber criminals.  As an approach to help a large number of small to medium sized enterprises including the healthcare practitioners, Aegify provides cloud based Software-as-a-service solution that has built-in best practices, ready-to-use security and privacy policies that could quickly and easily be customized too to meet client specific requirement.  The step-by-step process in Aegify ensures that clients meet their HIPAA/HITECH and data security requirements every year. This solution is widely by the healthcare professionals and their business associates, and can be scaled up and customized to meet the data security and compliance requirements of any size business.

The post Keeping Up President Obama’s Data breach Plan appeared first on Aegify.

Following the legal dispute between Texas Health and Human services Commission and its former contractor Xerox, the state agency reported a data breach which affected 2 million individuals. This data breach added to the already existing number of breaches on “wall of shame” of the Dept. of Health and Human Services, which increased the count to 1,167 incidents and affected nearly 41.3 million individuals. With HIPAA breach notification rule being effective since 2009, most of these incidents involved business associates. However, with the HIPAA Omnibus Rule coming into effect business associates and subcontractors have now liable to maintain HIPAA compliance.

Texas HHSC reported the data breach incident as one of unauthorized access or disclosure. While this is believed to have involved electronic records of 2 million individuals this included their birth dates, Medicaid numbers, and medical and billing records related to care provided through Medicaid, reports, diagnosis codes as well as photographs. Even as Xerox takes data security very seriously with data protection measures, the covered entities also need to have in place information security risk analysis and contingency planning. Such proactive measures will help them be prepared to face any issues of business associate destroying protected health information.

Moreover, with OCR enforcing HIPAA, the business associates also need to spell out how they would safeguard the protected health information along with their covered entities. Further, under the HIPAA Omnibus rule, the covered entities need to report any security incidents which are presumed to be data breach cases until the risks are low as per the analysis.

Conclusion
Nevertheless, in the technologically enabled business world that uses portable devices and BYOD options for accessibility, data breaches may be caused due to lost or stolen devices without encryption. The use of comprehensive security solutions such as Aegify Security Posture Management or Aegify Risk Management will healthcare providers and their business associates to keep data threats at bay and maintain periodic risk analysis throughout their life cycle.

The post Why Data Breaches are reported after Vendor Disputes? appeared first on Aegify.

According to the annual study conducted by Ponemon Institute, the average cost of a compromised customer record can cost the enterprise anywhere from 4 to 156 USD. Further, leaked customer data leads to loss of reputation, customer abandonment and even fines, settlements and compensation fees. While the earlier data breaches at Sony PlayStation compromised 77 million user accounts, the recent one compromised 25 million.

Experts warn Big Businesses to Learn from Sony Pictures ‘Epic Nightmare’ Hack

Enterprises make use of different methods to detect and prevent leakage of each type of data. However, accidents such as that occurred at Sony have caused customers to turn to their competitors. Security experts therefore warn big businesses to learn from the Sony’s ‘Epic Nightmare’ Hack which broke last month when a group operating under the #GOP attempted to blackmail the firm. The cyber criminals hacked into Sony’s computer systems and paralyzed their operations and tapped into their trove of hypersensitive data. As an aftermath was the steady flow of revelations which included top employees’ salaries and nasty emails shared across various sites and lead to the former employees’ suing the company for data breach.

Security experts are of the opinion that enterprises need to invest more in their network security without being too concerned about the costs inferred. For Sony Corp. cleaning up the mess from the latest attack is going to cost millions. Enterprises need to be well prepared to respond to attacks with regular backups. Monitoring network traffic, ensuring use of updated versions of operating systems and applications and use of firewalls will help to protect valuable data. However, with Sony’s case being one wherein the intruders stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including Social Security numbers, medical information, name, location, employee ID, network user name, base salary and date of birth of more than 6,800 individuals. However, the endless leaks and crazy details emerging points to the fact that attacker had gained access to unknown number of internal systems at Sony.

The hack estimated to have cost Sony $100 million was a result of their security loopholes. Vulnerability monitoring and risk assessment have to be continuous. To avoid such situations, enterprises can deploy cloud based solutions for IT security and compliance management, vulnerability analysis and risk management. Aegify, a flagship product effectively addresses risk management, IT security and compliance. Offered as Software-as-a-service, this solution targets small, medium and large enterprises and is an easy-to-use cost-effective solution.

The post Sony Pictures Employee Data Breach – Valued lessons for the Digital World appeared first on Aegify.