Is your health care organization prepared for a cyber attack?

healthcare-itRansomware and cybercrime hacking have been two of the most common IT security threats in 2016, but many health care organizations aren’t ready to play defense: Only about 60 percent of surveyed organizations had the security capabilities in place to detect and remediate these attacks.

That’s problematic, of course, but is it surprising? After all, many health care organizations place more importance on HIPAA compliance than security, or they aren’t agile enough to protect themselves against the newest threat. Organizations tend to sink their energy into defending against the latest threat of the day, but lag on improving their entire security architecture. Continue Reading…

Tags: , , , , ,

4 steps to create a CIPA-compliant network for your school

internet schoolsThis question will be on the final exam, and it’s one you don’t want to get wrong: Are you CIPA compliant?

We’re talking about the Children’s Internet Protection Act (CIPA), the federal legislation that requires schools and libraries to restrict access to obscene or harmful content on the internet.

It’s so important that eligibility for E-Rate funding hinges on schools’ and libraries’ CIPA compliance. They must certify that they’re enforcing a policies relating to internet safety, including blocking or filtering access to material considered obscene, pornographic, and harmful to minors.

Are your students protected? Does your school network fit the letter of the law? Here’s how to make sure you’re CIPA compliant. Continue Reading…

Tags: , , ,

How one health care provider learned that compliance does not equal security

Health care compliance and securityWhich causes business leaders to buy into an IT security assessment quicker: ransomware or a data breach?

Both.

Unfortunately, that’s just the situation a regional health care provider network faced a few years ago. Although the IT staff knew a review of the security of the network and file server was overdue, the C-suite remained focused on existing HIPAA compliance guidelines.

That’s when a ransomware attack hit, resulting in a data breach. A user simply clicked on a popup, ransomware was then installed on the machine, and health care records stored on the user’s hard drive were compromised.

After the breach was fixed and the damage assessed, management realized many questions needed answering: Why did this attack happen? What should be IT’s first step in protecting data? What data should be secured? How could the organization balance compliance and security to stop attacks in the future? Continue Reading…

Tags: , , ,