Questions? Contact Sales: 888-558-3645 Live Chat Email

Phishing in the Wrong Pond

15Nov 2018
By Gil Vidals, VM Racks

Have you heard the one about the company that decided to plan a “Phishing trip” for their employees?

Back in 2016, Atlantic Health System circulated a juicy email, promising employees a raise if they would simply respond with some key verification information. The information included employee id, date of birth, and home zip code. Roughly a quarter of the Health system’s 5,000 employees took the bait and opened the email; 2/3 of that group actually provided the requested information.

The company’s test proved insightful, and highlighted an all-too-common threat: an adversary with malicious intent can easily target “inter-office” email, capitializing on…

Read more

Is Gmail HIPAA Compliant ?

08Nov 2018
By admin, VM Racks

Still one of the most popular online searches in regard to HIPAA, the answer is clear: as a standalone service, Gmail is not HIPAA compliant. Even though Google employs some of the best security measures available, sending electronic protected health information (ePHI) using a regular Gmail account is explicitly prohibited by Google’s terms of service.

Google does, however, offer an enterprise solution for HIPAA compliance with their Google Apps platform. If you enter into a Business Associate Agreement (BAA) with Google, you will be able to use their Google Apps, HIPAA compliant platform.

Note: Before transmitting ePHI, your…

Read more

Hurricanes and HIPAA

09Oct 2018
By admin, VM Racks

How the HIPAA Emergency Plan Applies in Times of Disaster

In September of 2018, the powerful tropical storm known as Florence slammed into the eastern seaboard, causing catastrophic flooding and leaving 53 deaths in its wake. With a peak wind intensity of 140 mph, the long-lasting storm became the wettest tropical cyclone recorded in the Carolinas, dumping as much as 36 inches of rain on Elizabethtown, North Carolina. A public health emergency was subsequently declared for North Carolina, South
Carolina, and Virginia.

Along with the general public, healthcare providers also faced significant challenges created by the massive storm. Effective communications – always…

Read more

Physical Safeguards for HIPAA, Part 2: Workstation Use

25Sep 2018
By admin, VM Racks

In part 1 of this series, we learned that a laptop containing sensitive, protected health information (PHI) was stolen from the car of a West Virginia Health System employee. To make matters worse, the hard drive containing PHI was unencrypted, leaving the data open to access by unauthorized users.

While unfortunate, the occurrence does serve to highlight key issues concerning HIPAA security. As we saw in Part 1, regulations pertaining to data encryption and facility access security must be reviewed thoroughly, and robust security policies (lincluding locks on doors, cameras, restricted area signs, etc.) applied. Closely related to this…

Read more

Physical Safeguards for HIPAA, Part 1: Facility Access

24Sep 2018
By admin, VM Racks

A recent, potential breach of protected health information (PHI) – including social security numbers, financial information, and medial data – was reported by a major health system in West Virginia. The cause? A stolen laptop, taken from an employee’s car.

Despite equipping the laptop with security tools (including password protection), the health system failed to encrypt the laptop’s hard drive, allowing unauthorized users potential access to the sensitive, PHI data of over 40,000 patients.

Far from being overly restrictive, the HIPAA Security Rule was intended for just such situations; namely, to help organizations protect patients from having their personal Information divulged…

Read more

OpenVAS – Open Vulnerability Assessment System

30Jul 2018
By admin, VM Racks

If you’re looking for an open source software framework that is used for vulnerability scans and vulnerability management, the Open Vulnerability Assessment System (OpenVAS) is a first rate tool. First developed by Greenbone Networks, OpenVAS is a framework of services and tools supported by an open-source community that promotes vulnerability analysis and management. OpenVAS can be downloaded as binary packages, source packages, or a virtual appliance, or by using the terminal and executing the command “apt-get install openvas.”

Most commercial vulnerability scanners require a large amount of RAM, but OpenVAS will run off minimal RAM and computer resources. However,…

Read more

Encryption is Not Just a Buzzword

10Jul 2018
By admin, VM Racks

Data security has become a buzzword in recent weeks with the revelation of Cambridge Analytica’s involvement with Facebook’s data and election cycles worldwide. Now more than ever, ensuring the security and integrity of your customer’ information is a key requirement for business success in today’s modern climate.

So what steps are needed to ensure data security? The easiest step is to ensure all local (or on premises data) is encrypted. Fortunately, many software offerings have encryption built in, with features to protect your information. For example, Windows systems feature BitLocker, a full disk encryption system for encrypting your information.

So why…

Read more

Top 3 Website Security Vulnerabilities

24May 2018
By admin, VM Racks

When performing a scan of your system servers, applications, and network devices, it’s not uncommon to see certain, predictable vulnerabilities showing up in the results. As each vulnerability represents a potential “weak spot,” or opening for attackers to penetrate and compromise your system, it’s important to be aware of them. The following represent the most common vulnerabilities:

Weak Cipher Suites/Protocols

Cipher suites are unique sets of methods or cryptographic algorithms, used for securing and encrypting data. They are used to turn plaintext into ciphertext (i.e. the word “hello” would turn into a random scrambled text like “grkki”). In non-technical terms, data…

Read more

Blocking Foreign IPs

23May 2018
By admin, VM Racks

Cyber experts are noting a continuing increase in aggressive cyber attacks, with major players like China, Russia, Iran, and North Korea continuing to lead the way. The Ukraine and Brazil also represent growing threats in the cyber war.

The motives behind these foreign IP attacks may include monetary gain, political agenda, or access to confidential information. If your company works with any type of confidential information or sensitive data, configuring your web applications and server settings to block suspicious, foreign IP addresses is vital to add a greater layer of protection to your systems.

In addition, a huge market exists…

Read more

Session Hijacking

08May 2018
By admin, VM Racks

Session hijacking is the use of a valid computer session to gain access to otherwise prohibited parts of a computer system. Specifically, session hijacking refers to the use of a cookie to authenticate a user to a network that is breached. In this way, the attacker can use that cookie to trick the server into believing that he is actually the regular user.

Most modern computer systems are vulnerable to session hijacking attempts because they communicate using a standardized protocol to identify users. For example, one method an attacker might use is called a Session Fixation attack. A Session Fixation…

Read more

Our certifications