I am Gil Vidals from VM Racks, secure cloud provider. Today’s short video is going to be focused on encrypted email. You made the decision: you need encrypted email to protect sensitive data. The question is, What solution do you use? I’m going to focus on two solutions, one from Microsoft, and the other from Google. They are both web-based and they both work well in protecting your data. Here is the key point you have to focus on, and that is that Google has a licensed model from a 3rd party called Virtru that provides encryption. And that…Read more
Hi, I’m Gil Vidals of VMRacks. Today, I am going to talk briefly about encrypted email and really, whether you need to use it or not. And the answer to that question is: if you are sending sensitive information then you better use encrypted email. Sensitive information is in 3 categories: Personal, Financial and Health. Personal would be a birthday or social security number. Financial is like a credit card. Health would be like someone’s blood pressure or medical records. If you are going to be communicating any of that information via email, you better use an…Read more
2 factor authentication- it’s a hot topic. Why? Because the bad guys are trying to steal your data. So, turn on to factor authentication. Don’t put it off. Go home this evening, after dinner, get your laptop and turn it on. Turn it on in your bank, your credit union, your health insurance app. Come on guys, turn it on. A year ago when I said 2FA (2 factor authentication) people looked at me like, “what is that?” Now everyone’s heard about it but they’re not turning it on! It’s not a big hassle. It’s simple. It’s like another…Read more
Have you heard the one about the company that decided to plan a “Phishing trip” for their employees?
Back in 2016, Atlantic Health System circulated a juicy email, promising employees a raise if they would simply respond with some key verification information. The information included employee id, date of birth, and home zip code. Roughly a quarter of the Health system’s 5,000 employees took the bait and opened the email; 2/3 of that group actually provided the requested information.
The company’s test proved insightful, and highlighted an all-too-common threat: an adversary with malicious intent can easily target “inter-office” email, capitializing on…Read more
Still one of the most popular online searches in regard to HIPAA, the answer is clear: as a standalone service, Gmail is not HIPAA compliant. Even though Google employs some of the best security measures available, sending electronic protected health information (ePHI) using a regular Gmail account is explicitly prohibited by Google’s terms of service.
Google does, however, offer an enterprise solution for HIPAA compliance with their Google Apps platform. If you enter into a Business Associate Agreement (BAA) with Google, you will be able to use their Google Apps, HIPAA compliant platform.
Note: Before transmitting ePHI, your…Read more
How the HIPAA Emergency Plan Applies in Times of Disaster
In September of 2018, the powerful tropical storm known as Florence slammed into the eastern seaboard, causing catastrophic flooding and leaving 53 deaths in its wake. With a peak wind intensity of 140 mph, the long-lasting storm became the wettest tropical cyclone recorded in the Carolinas, dumping as much as 36 inches of rain on Elizabethtown, North Carolina. A public health emergency was subsequently declared for North Carolina, South
Carolina, and Virginia.
Along with the general public, healthcare providers also faced significant challenges created by the massive storm. Effective communications – always…Read more
In part 1 of this series, we learned that a laptop containing sensitive, protected health information (PHI) was stolen from the car of a West Virginia Health System employee. To make matters worse, the hard drive containing PHI was unencrypted, leaving the data open to access by unauthorized users.
While unfortunate, the occurrence does serve to highlight key issues concerning HIPAA security. As we saw in Part 1, regulations pertaining to data encryption and facility access security must be reviewed thoroughly, and robust security policies (lincluding locks on doors, cameras, restricted area signs, etc.) applied. Closely related to this…Read more
A recent, potential breach of protected health information (PHI) – including social security numbers, financial information, and medial data – was reported by a major health system in West Virginia. The cause? A stolen laptop, taken from an employee’s car.
Despite equipping the laptop with security tools (including password protection), the health system failed to encrypt the laptop’s hard drive, allowing unauthorized users potential access to the sensitive, PHI data of over 40,000 patients.
Far from being overly restrictive, the HIPAA Security Rule was intended for just such situations; namely, to help organizations protect patients from having their personal Information divulged…Read more
If you’re looking for an open source software framework that is used for vulnerability scans and vulnerability management, the Open Vulnerability Assessment System (OpenVAS) is a first rate tool. First developed by Greenbone Networks, OpenVAS is a framework of services and tools supported by an open-source community that promotes vulnerability analysis and management. OpenVAS can be downloaded as binary packages, source packages, or a virtual appliance, or by using the terminal and executing the command “apt-get install openvas.”
Most commercial vulnerability scanners require a large amount of RAM, but OpenVAS will run off minimal RAM and computer resources. However,…Read more
Data security has become a buzzword in recent weeks with the revelation of Cambridge Analytica’s involvement with Facebook’s data and election cycles worldwide. Now more than ever, ensuring the security and integrity of your customer’ information is a key requirement for business success in today’s modern climate.
So what steps are needed to ensure data security? The easiest step is to ensure all local (or on premises data) is encrypted. Fortunately, many software offerings have encryption built in, with features to protect your information. For example, Windows systems feature BitLocker, a full disk encryption system for encrypting your information.
So why…Read more