The Health Insurance Portability and Accountability Act demands that health care providers report data breach in cases that effect more than 500 people. In case of violation of HIPAA, enterprises and their business associates and covered entities, face a penalty of $50,000 reaching up to $ 1,500,000. Over 40% of cyber security breaches in 2014 has been across healthcare providers and their business associates. Such rampant breaches across this sector leads to loss of millions of digital healthcare records and personal information of patients and therefore calls for aggressive counter measures to address these rampant data breaches, given the fact that PHI is getting more valuable in the cyber-fraud scenario than the credit cards.

As per the requirements of HIPAA compliance, all patient health information and   critical assets have to be secure. But, the records compiled in 2014 points to a      disturbing trend in increased in data breaches, nearly 41 million from 29.3 million,  an increase of 41% over 2013. Moreover, records also display that the complaints  received by the Office for Civil Rights include nearly 5,447 unresolved cases and  around 53,000 closed. The reasons put across are lack of jurisdiction or  complaints being withdrawn, and not because there was no HIPAA violation.  Further, analysis of the HHS data also brings to light that a large portion of the security breaches (over 52%) have been through theft, nearly 10% due to unauthorized access due to loss of devices, and over 9% due to hacking incidents.

Source: Compilation by Erin McCann, Managing Editor at Healthcare IT News, using data from the Department of Health and Human Services, which includes HIPAA breaches involving more than 500 individuals, reported by 1,149 covered entities and business associates

Businesses across the healthcare industry and its verticals therefore need to scan their PHI assets and conduct security analysis besides ensuring meaningful use of the EHR. Understanding the criticality of the situation, enterprises have deployed a number of new age techniques to protect their electronic data from breaches.

However, Aegify has been developed as a comprehensive security, risk and compliance management solution that not only addresses all of HIPAA compliance needs but also provides the covered entities with meaningful use attestation reports with proof of security and risk analysis. Further, Aegify automates HIPAA management through continuous workflow assessment cycle, and provides instant remediation measures to correct the security deficiencies, a trusted Solution by 70+ MSPs with thousands of customers. Aegify protects your assets, detects vulnerabilities proactively, and responds with appropriate remedial measures. Aegify is the only solution that unifies a comprehensive Security, Risk, and Compliance Assurance system.

The post The Ever growing list of HIPAA breaches appeared first on Aegify.

 The initial attack occurred on May 5, 2014 as per Premera’s        investigation and Premera notified the FBI. Premera would be  notifying approximately 11 million affected individuals by mail and offering two years  of free credit monitoring and identify theft protections services, with a dedicated call  center for its members and affected individuals.

 This would have an adverse brand effect for Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and its affiliate brands Vivacity and Connexion Insurance Solutions Inc.

Premera members’ breached information could include names, dates of birth, Social Security numbers, mailing addresses, email addresses, telephone numbers, member identification numbers, bank account information and claims information, including clinical information, and the Social Security Numbers. The Company said, “Along with steps taken to cleanse its IT system of issues raised by this cyber-attack, Premera is taking additional actions to strengthen and enhance the security of its IT systems moving forward”.

More and more businesses are falling prey to cyber criminals. How confident is your organization to say that you are fully prepared? About 40% of cybersecurity breaches in 2014 were in the healthcare vertical. Recent reports indicate that healthcare data is becoming more valuable than the credit card data. HIPAA compliance requires that all PHI information and PHI critical assets be secured.

First, it is essential to protect your information assets, not just assuming that your endpoint computers remain well protected but to extend the protection to include laptops, tablets, mobile smartphones, and removable storage devices as USB flash drives. Knowing your critical assets and their roles in information processing, storage or in transit is very critical. Most often, as organizational members bring in their own devices (BYOD), information control becomes difficult. The 2015 security trend projects that Mobile devices will be increasingly the target of attack for credential and authentication thefts. Therefore, it is essential to implement an effective asset tracking management system for your internal and external/perimeter IT infrastructure.

To be HIPAA compliant – businesses need to do a HIPAA assessment, security scan their PHI assets and do Security Risk Analysis. This is also required for meaningful use attestation for various stages.

Second, with growing vulnerabilities discovered in dormant code – Poodle, Shell Shock, Ghost, the inadequate security built into new technologies, and not updating security patches and updates from software vendors, contribute continuously to exploitation of vulnerabilities resulting in data breaches. It is a Great risk for healthcare organizations as long as they continue to use outdated software and rudimentary security. You need to consider proactively acting against continuing challenges in ensuring security of your information assets, improve your security posture with Aegify Security Posture Management.  Aegify scanner gives you the following distinct features that other web scanners do not offer:

• Browser Emulation Scanning Technology (BEST) – Browser-based scanning of client-side Web applications to find vulnerabilities in deployed and running web applications such as JavaScript, AJAX, and Flash
• Web Application Pass-Through Scanning– Uses current vulnerabilities to scan and accurately report on unaddressed vulnerabilities and web applications including third-party applications exposures deep in the network, providing a more accurate and complete report.
• Batched Scanning– Reduces scan times and allows customers to target specific and mission critical addresses.
• Content Scanning– Scans Databases and applications for specific content such as credit card and social security numbers, ensuring personally identifiable information is not visible to hackers.
  Operating System Scanning

Aegify Security posture management solution uses innovative, patent-pending expert systems technology to automatically map the security vulnerabilities to compliance mandates. Representing the new breed of solutions from Aegify, Security Posture Management (SPM) is cloud-based and offers several distinct features. Read More…

The Third step is to integrate the security scan results automatically to your compliance control requirements using solutions such as Aegify Compliance Manager.

You can try out the free community edition before subscribing to Standard, Professional or Ultimate editions.

Aegify is a comprehensive Security, Risk and Compliance Management solution for addressing all HIPAA  Compliance needs. Provides Meaningful use attestation reports with proof of security risk analysis. Aegify automates HIPAA management using a continuous workflow of Assess->Remediate and Monitor so that businesses can be assured of their HIPAA compliance status. Aegify’s Simple 1-2-3 steps helps in establishing an automated state of continued readiness.

Businesses can prevent such breaches from happening using Aegify. Aegify provides HIPAA compliance Assurance!

The post Yet another Cyber Attack – Personal Information of 11 Million individuals Breached appeared first on Aegify.

The HIPAA Omnibus rule demanding high standards for breach notification regulations, enterprises worked to strengthen the privacy and security protection mandated by HIPAA. Other changes brought in included changes in privacy protection for genetic data, limitations on the use of information for marketing and prohibition of sale of personal health information without individuals’ permission, and also an increase in the penalty amount in case of non-compliance. Moreover, as part of the change, business associates and vendors who transmit, create and maintain protected health information were also made directly responsible for HIPAA compliance.

However, within a year of the enforcing the rule, the department of health and human services in their "wall of shame" recorded an increase from the earlier 674 incidents to 1,126 incidents, a whopping increase by 67 percent! As for the number of individuals affected, the chart moved up from 27 million individuals from Sept 2013 to 38.7 million till date, an increase of 43 percent! The largest breach added to the "wall of shame" since the enforcement of HIPAA Omnibus rule is the hacker attack at Community Health Systems resulting in 4.5 million affected individuals. Federal regulators and experts associate such a vast increase in the breach tally to various factors, such as the increase in hacking incidents and increase of insider threats, and the HIPAA Omnibus Rule for detailed breach notification itself making a significant contribution, since now security incidents are now presumed to be reportable unless healthcare organizations demonstrate that LeadFormix Confidentiathe risks are low.

Despite the heavy penalties, even one year after HIPAA Omnibus rule helping to build the awareness of HIPAA, there are still large number of business associates and covered entities who do not fully embrace HIPAA compliance. For the regulatory changes to create a lasting impact, these need to be backed by strong enforcement policies. While efficient risk assessment technologies will help in locating potential threats, the covered entities and business associates are required to review their agreements to ensure HIPAA compliance.

Deploying an automated HIPPA security and compliance management solution such as Aegify Secure GRC will facilitate the healthcare providers and practitioners to identify, remediate and maintain HIPAA and HITECH compliance for all establishments that handle PHI, especially with the OCR’s plans to resume its HIPAA on-premises audit program, including auditing BAs as well as covered-entities. Moreover, equipped with built-in frameworks that facilitates compliance as per the HIPAA Omnibus rule, this cloud-based delivery solution ensures that enterprises, vendors and business associates need no heavy investment for the new infrastructure. The automated processes in Aegify make it much simpler and easier in remaining secure and compliant.

The post Tally of breach incidents grows by a whopping 67 percent a year after HIPAA Omnibus Rule! appeared first on Aegify.