Blog – Aegify https://www.aegify.com Comprehensive Security, Risk and Compliance Assurance Solution Tue, 31 May 2016 21:33:21 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 Business Associate Agreements Are Critical to HIPAA Compliance https://www.aegify.com/business-associate-agreements/ Mon, 23 May 2016 17:07:17 +0000 https://www.aegify.com/?p=3086 The post Business Associate Agreements Are Critical to HIPAA Compliance appeared first on Aegify.

]]>

Business Associate Agreements Are Critical to HIPAA Compliance: OCR Announces $755,000 Settlement Action On April 19, 2016, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) reached a settlement in the amount of $755,000 with a North Carolina orthopedic clinic (“Clinic”) for failing to execute a business associate agreement with a third­party vendor. This is OCR’s second settlement this year related to business associate agreements, highlighting OCR’s efforts into investigating business associate relationships. OCR initiated its investigation following notification on April 30, 2013 of a breach where the Clinic disclosed protected health information (“PHI”) contained in x­rays to a third­party vendor. The Clinic had orally agreed to allow this vendor to transfer x­ray images to electronic media in exchange for harvesting the silver from the x­ray films. Failing to execute a written business associate agreement, the Clinic gave the third­party vendor access to the PHI of 17,300 patients. OCR and the Clinic entered into a resolution agreement and corrective action plan that, in addition to the monetary payment, requires the Clinic to revise its business associates policies and procedures. The Clinic will also need to:

  1. designate one or more individuals with authority to enter into and monitor business associate agreements;
  2. create a process to determine which third­party vendor relationships fall under the business associate definition;
  3. create a process for negotiating business associate agreements;
  4. create a standard template for business associate agreements;
  5. create a process;
  6. create a document management system for business associate agreements;
  7. limit disclosures of PHI to the minimum amount that is reasonably necessary to allow business associates to perform their duties.

In a press release announcing the settlement, OCR Director Jocelyn Samuels emphasized that “HIPAA’s obligation on covered entities to obtain business associate agreements is more than a mere check­the­box paperwork exercise” and that “it is critical for entities to know to whom they are handing PHI and to obtain assurances that the information will be protected.” Practical Takeaways In light of this enforcement action and with Phase 2 HIPAA audits underway, covered entities need to take the following steps to ensure compliance with HIPAA’s business associate provisions:

  • Review current business associate relationships and execute written agreements (if not already in place);
  • Review current policies and procedures related to business associates to ensure there are individuals who are monitoring, negotiating and documenting business associate relationships.

More information on this enforcement action, including the resolution agreement and the OCR press release, is available here. If you have any questions, please contact: Posted on April 26, 2016 in Health Law, HIPAA Written by: Hall Render 5/19/2016 Hall Render – Main Blog http://blogs.hallrender.com/blog/business­associate­agreements­are­critical­to­hipaa­compliance­ocr­announces­755000­settlement­action/ 2/2 Charise R. Frazier at (317) 977­1406 or cfrazier@hallrender.com; Ashley L. Thomas at (317) 429­3664 orathomas@hallrender.com; or Your regular Hall Render Attorney. Please visit the Hall Render Blog at http://blogs.hallrender.com/ or click here to sign up to receive Hall Render alert topics related to health care law. © 2002-2016. Hall, Render, Killian, Heath

The post Business Associate Agreements Are Critical to HIPAA Compliance appeared first on Aegify.

]]>
U.S., Canada Issue Ransomware Alert https://www.aegify.com/u-s-canada-issue-ransomware-alert/ Wed, 06 Apr 2016 15:46:22 +0000 https://www.aegify.com/?p=2698 With a new ransomware incidents popping up almost on a daily basis, the U.S. Department of Homeland Security (DHS), in collaboration with Canadian Cyber Incident Response Centre (CCIRC), have issued an official ransomware alert. While the alert intended to educate the general population to the threat and how to combat becoming a victim it also…

The post U.S., Canada Issue Ransomware Alert appeared first on Aegify.

]]>
With a new ransomware incidents popping up almost on a daily basis, the U.S. Department of Homeland Security (DHS), in collaboration with Canadian Cyber Incident Response Centre (CCIRC), have issued an official ransomware alert.

While the alert intended to educate the general population to the threat and how to combat becoming a victim it also recommends to not pay the ransom.

“Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money, and in some cases, their banking information. In addition, decrypting files does not mean the malware infection itself has been removed,” the statement said.

The statement gives a primer on ransomware running through the types currently being favored – such as Locky and Samas –  that it is spread primarily through phishing scams and what can happen to a computer’s files if infected.

The post U.S., Canada Issue Ransomware Alert appeared first on Aegify.

]]>
HIPAA Audit: OCR Is On The Move https://www.aegify.com/hipaa-audit-ocr-is-on-the-move/ https://www.aegify.com/hipaa-audit-ocr-is-on-the-move/#comments Tue, 29 Mar 2016 20:26:33 +0000 https://www.aegify.com/?p=2521 Last week, the HHS Office for Civil Rights (OCR) announced the launch of phase 2 of the HIPAA Audit Program. OCR’s goal is to proactively uncover and address risks and vulnerabilities to protected health information (PHI). Effective immediately, OCR will ensure Covered Entities (CEs), their Business Associates (BAs) and vendors have comprehensive risk management frameworks…

The post HIPAA Audit: OCR Is On The Move appeared first on Aegify.

]]>
Last week, the HHS Office for Civil Rights (OCR) announced the launch of phase 2 of the HIPAA Audit Program. OCR’s goal is to proactively uncover and address risks and vulnerabilities to protected health information (PHI). Effective immediately, OCR will ensure Covered Entities (CEs), their Business Associates (BAs) and vendors have comprehensive risk management frameworks in place.

CEs and BAs are required by law to implement the HIPAA security program and meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules.

Friends, this is serious business. Earlier this month, North Memorial Health Care of Minnesota settled potential HIPAA violations with OCR for $1.55 million.  Click to read OCR’s 3/16/16 press release.

Can you withstand a fine or settlement of this amount?

CEs and their business associates are protected with Aegify RSC Suite, or alternatively through a combination of Aegify Risk Manager, Aegify Security Manager, Aegify Compliance Manager and Aegify BA-Vendor Manager. It’s easy to get started. Contact sales@aegify.com.

Click to read OCR’s 3/21/16 press release.

Thank you,
The Aegify Team

 

The post HIPAA Audit: OCR Is On The Move appeared first on Aegify.

]]>
https://www.aegify.com/hipaa-audit-ocr-is-on-the-move/feed/ 5
Avoiding Future Ransomware Attacks (Malware) Targeting Healthcare Providers https://www.aegify.com/ransomware-attacks-targeting-healthcare/ https://www.aegify.com/ransomware-attacks-targeting-healthcare/#comments Fri, 04 Mar 2016 16:18:03 +0000 https://www.aegify.com/?p=2294 The “Ransomware” attack (Malware) described below definitely highlights the key value that the Aegify solutions suite offers to any scale of enterprises. The appropriate use of our security scanning and remediation solution would definitely have significantly mitigated the probability of such an attack from occurring as the organization would have stayed on top of any software…

The post Avoiding Future Ransomware Attacks (Malware) Targeting Healthcare Providers appeared first on Aegify.

]]>
The “Ransomware” attack (Malware) described below definitely highlights the key value that the Aegify solutions suite offers to any scale of enterprises. The appropriate use of our security scanning and remediation solution would definitely have significantly mitigated the probability of such an attack from occurring as the organization would have stayed on top of any software patches in their web applications. As such, Aegify is a great fit for your organization, since such tasks are burdensome and resource intensive allowing such vulnerabilities to be exploited if not addressed in a timely fashion.

The attack was described as “…used vulnerability in web application that requires patching (updating software versions).”  Which implied that the institution breached was not keeping their computing and web systems patched in a timely manner. Aegify’s regular/continuous scanning process would have uncovered this lapse and allowed the organization an opportunity to correct the vulnerability prior to such an attack. The compliance and risk assessment components of the Aegify solution suite would have worked to further educate the management and staff as to the importance of effective monitoring program and its’ elements.

Aegify allows you to safeguard your systems, network, and computing environments in the most efficient way. In fact this type of an attack highlights one of the key benefits that we bring to enterprises. It enables you to regularly monitor and track the enterprise’s Risk, Security and Compliance elements and factors that are key in any successful security protection program.

Thank you
Aegify Team

 Aetna

Avoiding Future Ransomware (Malware) Attacks Targeting Healthcare Providers

The recent malware attack on a healthcare provider in California has significant implications. The delivery approach was not through a phishing email or malware infecting a personal device. Instead, the attackers opportunistically used vulnerability in web applications that requires patching (updating software versions). The attack methodology has impacted companies outside of healthcare and the sophistication of the attack is relatively high.

 

Information for Your IT Department

Aetna Global Security is sharing the attached document from Dell SecureWorks Counter Threat Unit(TM) (CTU) and the National Health Information Sharing & Analysis Center (NH-ISAC). Please forward this document to your IT department and encourage them to review your web applications and upgrade outdated Jboss applications (upgrade to 7.0) to avoid future attacks of ransomware on hospitals.

 

 AetnaCert

Aetna is the brand name used for products and services provided by one or more of the Aetna group of subsidiary companies, including Aetna Life Insurance Company and its affiliates (Aetna).

Help/Contact us:
If you have any questions, please Contact Us.

We are located at 151 Farmington Ave, Hartford, Connecticut 06156.
©2016 Aetna Inc. The Aetna name and logo are trademarks of Aetna Inc.

Privacy Information | Legal Statement | Program Provisions | Member Disclosure | Aetna Companies: State Directory

Jonathan Houck

Network Manager
houckj@aetna.com

Office:   417-837-0225

Fax:      860-907-2191

Aetna OfficeLink Updates are electronic.  Sign up at:  https://aetna.providerpreference.com

The post Avoiding Future Ransomware Attacks (Malware) Targeting Healthcare Providers appeared first on Aegify.

]]>
https://www.aegify.com/ransomware-attacks-targeting-healthcare/feed/ 5
$3.5 million fine levied against Triple-S Management Corporation for HIPAA violations https://www.aegify.com/3-5-million-fine-levied-against-triple-s-management-corporation-for-hipaa-violations/ Fri, 04 Dec 2015 15:36:37 +0000 https://www.aegify.com/blog/?p=1250 It’s happened again. On Dec 1, 2015, a $3.5 million fine was levied against Triple-S Management Corporation, formerly known as American Health Medicare Inc., for HIPAA violations. OCR’s investigations indicated widespread non-compliance throughout the various subsidiaries of Triple-S, including: Failure to implement appropriate administrative, physical, and technical safeguards to protect the privacy of its beneficiaries’…

The post $3.5 million fine levied against Triple-S Management Corporation for HIPAA violations appeared first on Aegify.

]]>
It’s happened again.

On Dec 1, 2015, a $3.5 million fine was levied against Triple-S Management Corporation, formerly known as American Health Medicare Inc., for HIPAA violations. OCR’s investigations indicated widespread non-compliance throughout the various subsidiaries of Triple-S, including:

  • Failure to implement appropriate administrative, physical, and technical safeguards to protect the privacy of its beneficiaries’ PHI;
  • Impermissible disclosure of its beneficiaries’ PHI to an outside vendor with which it did not have an appropriate business associate agreement;
  • Use or Disclosure of more PHI than was necessary to carry out mailings;
  • Failure to conduct an accurate and thorough risk analysis that incorporates all IT equipment, applications, and data systems utilizing ePHI; and
  • Failure to implement security measures sufficient to reduce the risks and vulnerabilities to its ePHI to a reasonable and appropriate level.

Here is the latest information on U.S. Department of Health & Human Services’ website: http://1.usa.gov/1XDjyVY.

Are you at risk?  If you’re a healthcare provider or a business associate/vendor, you are.  Protect your organization against HIPAA and other compliance risks with Aegify Compliance Manager, part of Aegify RSC Suite.

Aegify RSC Suite, conceptualized and designed in Cupertino, CA, provides bulletproof risk, security and compliance protection for healthcare, financial and retail companies throughout the USA.  Discover just how affordable peace of mind is at Aegify.com or by emailing sales@aegify.com.

The post $3.5 million fine levied against Triple-S Management Corporation for HIPAA violations appeared first on Aegify.

]]>
A Right Approach to Cyber Security https://www.aegify.com/a-right-approach-to-cyber-security/ https://www.aegify.com/a-right-approach-to-cyber-security/#comments Thu, 05 Jun 2014 08:51:54 +0000 http://www.egestalt.com/blog/?p=728 There is no denying the fact that cyber threats are on the rise. Cyber threats are growing in sophistication with each passing year. However, what is more alarming is the fact that most organizations are unable to effectively address and avert these threats. A recent PWC survey reveals that nearly 62 percent of organizations do…

The post A Right Approach to Cyber Security appeared first on Aegify.

]]>
There is no denying the fact that cyber threats are on the rise. Cyber threats are growing in sophistication with each passing year. However, what is more alarming is the fact that most organizations are unable to effectively address and avert these threats. A recent PWC survey reveals that nearly 62 percent of organizations do not have an appropriate structure in place to prioritize security investments based on impact and risk.

Findings of the survey

Some of the findings highlighted in the PWC survey revealed that organizations detected an average of 135 security incidents in the past year. While nearly 77% of the participants of the survey experienced a security incident, almost 67% of the survey respondents were unable to gauge the financial impact of these incidents. The finding further revealed that less than half of respondents lacked an effective risk management program, with only about 47 percent performing periodic risk assessments. Enterprise mobility emerged as a cause for concern, with only 31 percent of respondents admitting to have a mobile security strategy and a mere 36 percent employing a Mobile Device Management (MDM) solution. These statistics clearly indicate that companies need to take a serious note of the kind of cyber security threats and risks that are out there.

Are you prepared?

The important question that needs to be answered is whether your enterprise has implemented a proper Governance, Risk and Compliance system. If it hasn’t, then your enterprise could be vulnerable with very high risks. PWC recommends that every enterprise evaluate the risks that come with supply chain partners. Besides developing threat-specific policies, enterprises need to conduct regular cyber risk assessments and implement mobile security practices in pace with adoption of mobile devices. Additionally, efforts to boost cyber awareness across the organization must include workforce training. PWC also suggests that enterprises make the best of information sharing, both internally and externally, to be abreast of all the latest cyber risks and threats.

In many instances, cyber criminals continue to find ways to circumvent the usual security technologies and acquire sensitive information. This is precisely why enterprises need to adopt a balanced approach that comprises of people, processes, and effective partnerships to strategically counter cyber security threats. Enterprises need to combat cyber threats by implementing a comprehensive security, risk and compliance assessment platform such as Aegify Security Posture Management or Aegify SecureGRC or Aegify Risk Manager. Aegify strengthens an enterprise’s security posture with powerful security monitoring and reporting capabilities. By deploying a solution like Aegify, enterprises can seamlessly address cyber threats and completely mitigate risks.

The post A Right Approach to Cyber Security appeared first on Aegify.

]]>
https://www.aegify.com/a-right-approach-to-cyber-security/feed/ 2