 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Slides:

Advertisements

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

PHYSICAL SECURITY Attacker. Physical Security Not all attacks on your organization's data come across the network. Many companies focus on an “iron-clad”

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Network security policy: best practices

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

New Data Regulation Law 201 CMR TJX Video.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Protecting ICT Systems

Information Security Technological Security Implementation and Privacy Protection.

General Awareness Training

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Information Security Issues at Casinos and eGaming

Essential Computer Concepts

IT Security for Users By Matthew Moody.

BUSINESS B1 Information Security.

E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.

© Hodder Gibson 2012 Staying safe online. © Hodder Gibson 2012 Dangers on the Internet There are a number of dangers on the Internet such as: viruses.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

DISCOVER IT PEACE OF MIND Staying HIPAA-Compliant Revised: April 13, 2015.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

1. MAGNETIC HARD DRIVES 2. SOLID STATE DRIVES 3. OPTICAL DISKS 4. FLASH MEMORY 5. CLOUD STORAGE 6. CONNECTIVITY DEVICES Storage and connectivity devices.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Data Security Overview. Data Security Periphery –Firewalls –Web Filtering –Intrusion Detection & Prevention Internal –Virus Protection –Anti Spy-ware.

Note1 (Admi1) Overview of administering security.

Chapter 2 Securing Network Server and User Workstations.

Small Business Security Keith Slagle April 24, 2007.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.

Frontline Enterprise Security

IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.

Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

Computer Security By Duncan Hall.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Proposed UW Minimum Computer Security Standards From C&C 28 Jan 2005 Draft.

BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.

What lessons can we learn from other data breaches? Target Sentry Insurance Dynacare Laboratories 1 INTRODUCTION.

Computer Security Sample security policy Dr Alexei Vernitski.

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Fourth and Goal: Score with Meaningful.

Information Technology Acceptable Use An Overview CSTMC All Staff Meeting February 10, 2014.

BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Managed IT Services JND Consulting Group LLC

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Information Technology Acceptable Use An Overview

UNIT 19 Data Security 2.

Lecture 14: Business Information Systems - ICT Security

12 STEPS TO A GDPR AWARE NETWORK

HIPAA SECURITY RULE Copyright © 2008, 2006, 2004 by Saunders an imprint of Elsevier Inc. All rights reserved.

Topic 5: Communication and the Internet

Anuj Dube Jimmy Lambert Michael McClendon

Introduction to the PACS Security

6. Application Software Security

Personal Mobile Device Acceptable Use Policy Training Slideshow

Presentation transcript:

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards ›How to Mitigate: ♦ Write it down! Even if you feel your security practices are weak, if they are documented that is a huge step for compliance ♦ You can start with template policies but these will not represent what you do. Modify them to your practices. ♦ Hire someone to help you perform a basic risk assessment and document it.

 CLOUD COMPUTING ›More and more organizations are putting their networks “in the cloud.” If the network fails, the entire system is unavailable for the entire organization. Cloud systems are not maintained in the office and access controls need to implemented. ›How to Mitigate: ♦ Have a business continuity plan in place. Consider the need for redundant systems. ♦ Make sure your organization understands and has a service level agreement in place. ♦ Understand who may have access to your equipment and networks.

 UN-PATCHED SOFTWARE ›Un-patched software leaves programs and systems open to vulnerabilities. ›How to Mitigate: ♦ Stay up to date on patches. ♦ Secure firewalls in place on an organization’s network ♦ Run virus protection software and enable automatic updates.

 USERS WITH ADMINISTATOR RIGHTS ON THEIR COMPUTERS ›Administrator rights gives the user the ability to install software and make changes to the operating system ›How to Mitigate: ♦ Give users the minimum privileges they need to do their job ♦ Have a limited number of people be responsible for software installation and maintenance

 GENERATION-Y FACTOR ›A new generation of workers enters the field who have grown up with technology and are known as the “click-through” generation. This generation has always had access to technology and the Internet and tends to accept or ignore risks. ›How to Mitigate: ♦ Strong controls over Internet browsing and frequent employee education. ♦ See Risk Number 7

 SECURITY BACKLASH ›Organizations stop implementing or weaken security policies because employees and customers feel it’s too hard and time consuming to comply with current policies. ›How to Mitigate: ♦ Employee education about the risks of security and not just on what they have to do. ♦ Complete training for employees and customers on the security tools in place to ease the strain of use.

 SOCIAL NETWORKS ›Employees may divulge too much information to the public. Social networking sites pose a risk of phishing for sensitive information, pose of risk of data breeches (HIPAA) and of corporate espionage. ›How to Mitigate: ♦ Create policies on social network use at the office. ♦ Use a firewall and Internet restrictions to prevent access on company resources and time. ♦ Provide employee education on what a phishing request is and how to identify one.

 MOBILE DEVICE SECURITY ›Employee or Employer owned cell phones, smart phones, and tablets connect to networks and have company information on them. ›How to Mitigate: ♦ Require a password to access the device. ♦ Install GPS on the device to locate it if the device is lost or stolen. ♦ Data encryption of and other company data.

 LAPTOPS AND REMOVABLE MEDIA ›The portable nature of laptops and removable media make them a huge threat if PHI is contained on them. Some of the biggest breaches for HCOs have come from lost laptops, flash drives and backup tapes. ›How to Mitigate: ♦ In real estate it’s location, location, location. In this case the most important thing is encryption, encryption, encryption ♦ But also education

And the number 1 security risk is…….

 YOU! (THE THREAT FROM INSIDE) ›The risk of a compromised system, data breeches, or simply a “curious” employee. Some of the most dangerous attacks come from the inside. These attacks can be the most devastating, due to the amount of damage a privileged user can do and the data they can access. Plus they are very hard to detect. ›How to Mitigate: ♦ Strong access controls. Base network access on job requirements. ♦ Consider background checks ♦ Provide reasonable access to facilities. ♦ Employee security training. ♦ Let employees know that all actions are logged and can be audited