Can you afford HIPAA non-compliance?
According to the American Medical Association, your company may be fined up to $1.5 million per year for HIPAA non-compliance. The first step of HIPAA compliance is making sure all of the companies who have access to your systems are, themselves, compliant. If you have a managed service provider keeping your systems up to date and secure, they must have enough access to your systems in order to perform their job. In general, that level of access places your MSP into the HIPAA Business Associate category. What is a HIPAA BA? A HIPAA Business Associate is any company who has the potential to...
Read MoreIs teller capture hurt by fewer branches?
Teller capture – also known as teller scan or front counter capture – is a processing workflow designed to take advantage of shifts in retail banking: the decrease in transaction volume performed at brick and mortar locations coupled with the prevalence of the x9.37 image file standard used for check image exchange between entities. It is no secret transaction volumes and ultimately, branch locations have lessened over the past decade (FDIC). Increased debit card activity and forms of electronic banking (internet banking, mobile payments, etc.) have reduced the need to write checks and visit...
Read MoreWorst Security Breaches of 2014.
There is a familiar theme in all security breaches, regardless of scale: careless oversight and failure to act proactively. Let these cautionary tales help ensure your organization does not fall victim to cyber criminals who will always exploit those who fail to protect themselves. JP Morgan In October, banking giant JP Morgan Chase announced hackers managed to steal personal information of nearly 80 million customers, including telephone numbers and email addresses. Credit card numbers were not reported as part of the attack, but an outside report of a massive stolen credit card ring...
Read MoreMore regulatory oversight of HIPAA is coming. Are you ready?
The Office of Civil Rights has delayed the implementation of Phase 2 of the HIPAA audit program until 2015 due to complications with their new web portal. While this may be a welcome reprieve from the threat of an OCR audit, you should use your time wisely. Phase 2 of the HIPAA Audit Program will include Covered Entities and Business Associates. If your office must comply with HIPAA, that means your service providers may also be subject to supervision. By doing business with them, they are considered HIPAA Business Associates if they provide services related to any HIPAA or HITECH...
Read MoreIT Security – be sure to lock the doors!
Physical security is an often overlooked aspect of IT security. Don’t let your company fail to enact the simplest security measures of all! According to the FFIEC IT Examination Handbook, physical security is an examined aspect of your network security posture. While performing an Atris Network Vulnerability Assessment, it’s not uncommon to find branch offices of financial institutions highly exposed to a security breach due to lackluster physical security. Here are some simple tips to consider in regards to basic physical security control over your IT infrastructure. Lock the...
Read MoreSIEM – Going Beyond Log Management
Do you log all critical events? Do you archive them somewhere? The best practice for maintaining log data integrity is to centrally store all pertinent log data somewhere isolated from your network. In the event of an intrusion or a malicious insider attack, the logs that are accessible to the intruder can and will be wiped or modified in an effort to “cover their tracks”. In the event of a system crash, your logs will have already been exported. The best way to protect against this is to have a real-time log receiver on a hardened and isolated system. With the help of an agent...
Read More
Recent Comments