Aug 19, 2014 6:00:00 AM
Topics: cell phone encryption
Aug 12, 2014 8:30:00 AM
Topics: video watermark software
Aug 6, 2014 7:00:00 AM
Topics: secure file sharing
Jul 30, 2014 3:32:08 PM
Topics: content marketing
Jul 22, 2014 7:12:00 AM
In May of 2014, roughly 5,500 people who either worked at or were clients of Maschino, Hudelson & Associates (MHA) – an Oklahoma-based financial planning firm that helps businesses set up benefit programs for employees –received a distressing letter in the mail. The first paragraph was enough to leave any recipient feeling concerned.
Topics: Laptop Encryption Software
Jul 15, 2014 9:00:00 AM
Jul 7, 2014 7:41:54 PM
If 2014 is any indication of things to come in the healthcare industry, then mobile security will be a high priority moving forward. The Office of Civil Rights (OCR) division of The Department of Health and Human Services has sent a clear message that companies will face stiff penalties if they experience a data breach due to lax security policies in regards to mobile devices.
The OCR made clear that HIPAA IT compliance is a top concern by issuing big fines. On April 22nd, OCR announced that it had reached settlements with Concentra Health Services, an urgent care services provider based in Louisville, Kentucky, and QualChoice Arkansas, a health insurance provider based in Little Rock, Arkansas. The two settlements amounted to $2 million and both companies ended up in the situation after it was determined that stolen laptops were found to have had insufficient protection for the companies’ data.
The Concentra Case
The Incident: In late 2011, an unencrypted laptop was stolen from The Springfield Missouri Physical Therapy Center, a facility owned by Concentra. After reporting that the stolen laptop was used to access sensitive data, OCR launched an investigation into the matter.
The Discovery: Because of multiple risk analyses performed prior to the incident, it was determined that Concentra was made fully aware of the risk inherent with the company’s lack of encryption and protection on employee devices (including tablets, laptops, and medical equipment.) Concentra had put a plan in place to begin encryption protection, but never saw the process through to completion.
The Cost: For their disregard of security and patient privacy, Concentra was forced to pay over $1.7 million in fines.
The QCA Case
The Incident: QCA made its breach report in 2012 after an employee’s laptop was stolen from a car. The laptop contained the personal health information of 148 people. This laptop was also unencrypted.
The Discovery: QCA was found to be in violation of several HIPAA requirements regarding Privacy and Security.
The Cost: $250,000 fine. QCA must also retrain all employees on cyber-security and compliance, and must submit an updated risk analysis and risk management plan.
The Implications within Healthcare
OCR wanted to send out a message with these rulings. Susan McAndrews, OCR’s Deputy Director of Health Information Privacy, said in a statement:
Covered entities and business associates must understand that mobile device security is their obligation. Our message to these organizations is simple: Encryption is your best defense against these incidents.
The Concentra and QCA cases reveal a troubling trend within the world of healthcare: an astonishing lack of security on devices. Verizon recently did a study into data breaches and discovered that 46% of all breaches occurred on unencrypted devices. Of that number, companies in the healthcare industry were among the worst offenders.
For many reasons, the healthcare industry has been stuck in a rut of lax security. There are some practical reasons for this, chiefly that doctors and nurses – often operating in fast-paced, time-sensitive situations – don’t want to restrict the flow of information through extra passwords and encryptions. However, because critical information is on the line in a modern era of unceasing digital attacks, the industry needs to change its ways in order to adapt to the times.
A Secure Option
One simple option for healthcare providers is to use a secure file sharing service that streams patient information rather than storing it on individual devices. With a snap-in API integration, file security can be added into workflow currently being used by practitioners to share information.
This type of security allows for:
With OCR making it clear that healthcare companies need to be compliant, all companies in the industry need to make a concerted effort to protect critical information, if not for their customers’ sake, then for the sake of their own finances. It is time that the industry treats digital security as the serious issue that it is, and that all options towards solving these problems be explored.
Learn more about protecting your company’s devices with an easy API solution that adds a security layer to all digital distribution methods.
Jul 1, 2014 9:00:00 AM
In May, TMZ posted an iPhone video of an incident that occurred at the Standard Hotel in New York City. The video was recorded from the screen of the hotel’s security monitors and captured rapper Jay Z, Beyoncé Knowles, and R&B singer (and his sister-in-law) Solange Knowles in the middle of a physical altercation in a Standard Hotel elevator. Days later, the iPhone video was leaked to TMZ. From there, it became national headlines.
Jun 24, 2014 3:35:38 PM
Jun 23, 2014 7:32:00 PM
June 12th marked the start of the World Cup, which is being hosted in Brazil this year. Hordes of spirited soccer fans made the trek to South America to watch the games live and in person. Attendees can expect to sample some of the local delicacies, take part in a few adventures in Rio de Janeiro, São Paulo, Fortaleza and other host cities, while catching a few epic games of soccer (or as the Brazilians call it, futebol).
But it’s not all work and no play. Many people headed to Brazil while toting a tablet or smart phone to help with tackling work projects and emails between snapping selfies and reading local reviews to find the best place to grab a caipirinha.
So while the World Cup is a showcase for world-class athletes, it’s also predicted to be a showcase for world-class hackers wielding world-class security threats.