Premera Blue Cross, a health plan in the Pacific Northwest, is about to get on the Wall of Shame as soon as HHS confirms details of Premera hacking incident where reportedly a cyber-attack exposed personal information of 11 million individuals, the second largest breach on the federal tally.
The initial attack occurred on May 5, 2014 as per Premera’s investigation and Premera notified the FBI. Premera would be notifying approximately 11 million affected individuals by mail and offering two years of free credit monitoring and identify theft protections services, with a dedicated call center for its members and affected individuals.
This would have an adverse brand effect for Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and its affiliate brands Vivacity and Connexion Insurance Solutions Inc.
Premera members’ breached information could include names, dates of birth, Social Security numbers, mailing addresses, email addresses, telephone numbers, member identification numbers, bank account information and claims information, including clinical information, and the Social Security Numbers. The Company said, “Along with steps taken to cleanse its IT system of issues raised by this cyber-attack, Premera is taking additional actions to strengthen and enhance the security of its IT systems moving forward”.
More and more businesses are falling prey to cyber criminals. How confident is your organization to say that you are fully prepared? About 40% of cybersecurity breaches in 2014 were in the healthcare vertical. Recent reports indicate that healthcare data is becoming more valuable than the credit card data. HIPAA compliance requires that all PHI information and PHI critical assets be secured.
First, it is essential to protect your information assets, not just assuming that your endpoint computers remain well protected but to extend the protection to include laptops, tablets, mobile smartphones, and removable storage devices as USB flash drives. Knowing your critical assets and their roles in information processing, storage or in transit is very critical. Most often, as organizational members bring in their own devices (BYOD), information control becomes difficult. The 2015 security trend projects that Mobile devices will be increasingly the target of attack for credential and authentication thefts. Therefore, it is essential to implement an effective asset tracking management system for your internal and external/perimeter IT infrastructure.
To be HIPAA compliant – businesses need to do a HIPAA assessment, security scan their PHI assets and do Security Risk Analysis. This is also required for meaningful use attestation for various stages.
Second, with growing vulnerabilities discovered in dormant code – Poodle, Shell Shock, Ghost, the inadequate security built into new technologies, and not updating security patches and updates from software vendors, contribute continuously to exploitation of vulnerabilities resulting in data breaches. It is a Great risk for healthcare organizations as long as they continue to use outdated software and rudimentary security. You need to consider proactively acting against continuing challenges in ensuring security of your information assets, improve your security posture with Aegify Security Posture Management. Aegify scanner gives you the following distinct features that other web scanners do not offer:
- Web Application Pass-Through Scanning– Uses current vulnerabilities to scan and accurately report on unaddressed vulnerabilities and web applications including third-party applications exposures deep in the network, providing a more accurate and complete report.
- Batched Scanning– Reduces scan times and allows customers to target specific and mission critical addresses.
- Content Scanning– Scans Databases and applications for specific content such as credit card and social security numbers, ensuring personally identifiable information is not visible to hackers.
Operating System Scanning
Aegify Security posture management solution uses innovative, patent-pending expert systems technology to automatically map the security vulnerabilities to compliance mandates. Representing the new breed of solutions from Aegify, Security Posture Management (SPM) is cloud-based and offers several distinct features. Read More…
The Third step is to integrate the security scan results automatically to your compliance control requirements using solutions such as Aegify Compliance Manager.
You can try out the free community edition before subscribing to Standard, Professional or Ultimate editions.
Aegify is a comprehensive Security, Risk and Compliance Management solution for addressing all HIPAA Compliance needs. Provides Meaningful use attestation reports with proof of security risk analysis. Aegify automates HIPAA management using a continuous workflow of Assess->Remediate and Monitor so that businesses can be assured of their HIPAA compliance status. Aegify’s Simple 1-2-3 steps helps in establishing an automated state of continued readiness.