Information Security Blog

Ethical Hacker Roundup – Healthcare Data Privacy


20 Flares

20 Flares


×

These Healthcare links are part of a weekly series, Ethical Hacker Roundup, featuring the information security and cyber security related articles that we’ve read over and thought worth sharing.

These articles have were emailed to us, shared on Twitter @pivotpointsec, Google Plus and read in RSS subscriptions this week.

line-break

Medicaid Hacked And Needs Antibiotics

Medicaid was hacked and over 181,000 medical records and 25,000 social security numbers were stolen. I was speaking to Marc Silverman when we got the alert about the incident. We had an interesting conversation on the subject. This is what Marc had to say.

“I really wouldn’t want to be in DTS’s shoes right now. It’s bad enough to have any kind of breach, but it’s particularly concerning when one occurs due to a configuration error. Out of the multitude of ways to breach a server, configuration errors are one of the easily preventable attack vectors if you perform vulnerability assessments.

In this case, if DTS did not perform a vulnerability assessment of the server before placing it into production, then DTS’s SDLC is suspect and could be viewed as willfully negligent considering that they are required to comply with PHI laws, especially HIPAA. If DTS did perform a vulnerability assessment, was made aware of the vulnerability, and still went ahead with deploying the server, then DTS is again willfully negligent.

About the only scenario where DTS would not be immediately willfully negligent is if the vulnerability assessment of that server was insufficient in extent and rigor to detect the vulnerability so that DTS wasn’t aware of the issue.

If that is the case, how much do you trust any of the other servers managed by DTS?”

How To Avoid Spending $325K On Hard Drives

A couple years after the BlueCross BlueShield of Tennessee hard drive theft, the Healthcare company settled on paying $1.5 million for the HIPAA violations.

In 2009, BCBCTN had 57 hard drives stolen from a data storage closet in Chattanooga. Adding the extra costs that the company had to spend on the investigation, notification and protection efforts after the breach and the total cost becomes around $17 million.

That makes each hard drive valued at $324,561. Talk about an expensive breach!

What could BCBCTN have done to prevent the breach? Maybe a few physical security tests and better security awareness training could have prevented the drives from being stolen. Or maybe it would have been best to have a Risk Assessment performed (definitely after the breach!)

What do you think? Does that price tag scare you? – because it should!

Healthcare IT Security

Pivot Point Security has the right combination of Information Security/Compliance domain expertise, healthcare industry knowledge and experience, and organizational character to help you define and execute on the best course of action so you can know you’re secure and prove you’re compliant. See how we can help.

0


Free Download: A Best Practices Guide to Database Security

database security roadmap

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Free Whitepaper: Five Best Practices for SIEM

siem-whitepaper

The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

Is ISO 27001 Right for (Y)our Organization?

iso-27001-webinar

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

  • How to deal with increasing threats
  • How to manage multiple regulatory requirements
  • How to handle client requests for attestation
  • To validate that significant changes did not have unanticipated results

Free Download: ISO 27001 Vendor Selection Toolkit

“ISOOur ISO 27001 Toolkit will help you to select an ISO 27001 consulting firm.
  • Review the Issues Critical to Your Environment
  • "Vet" Vendor Qualifications
  • Compare the Top 3 Vendors
  • Sample RFP Included

Best Practices for Firing A Network Security Administrator

Firing A Network Security AdministratorWant to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Free Whitepaper: Stop Wasting Money on Penetration Testing

penetration-testing-whitepaper

Penetration Testing is most frequently performed to:

  • Substantiate the net effectiveness of a mature control environment
  • Prove to a third party that an environment is secure/trustworthy
  • Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
  • To validate that significant changes did not have unanticipated results

Free Download: ISO 27001 Implementation Roadmap

ISO 27001 RoadmapHave no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Download: Information Security Attestation Guide

Information Security GuideA Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

About the Author:

Marketing at Pivot Point Security

Add a Comment

20 Flares Twitter 10 Facebook 0 Google+ 1 Pin It Share 2 LinkedIn 6 Reddit 0 StumbleUpon 1 Email -- 20 Flares ×