Data Security & Data Encryption – Aegify https://www.aegify.com Comprehensive Security, Risk and Compliance Assurance Solution Wed, 03 Aug 2016 00:23:42 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 How Technology Can Hold You Hostage https://www.aegify.com/how-technology-can-hold-you-hostage/ https://www.aegify.com/how-technology-can-hold-you-hostage/#comments Mon, 24 Aug 2015 05:43:00 +0000 https://www.aegify.com/blog/?p=1243 If you have ever been on the Internet or used a computer, you have left data trails of the sites you have visited. Virtually everyone leaves behind a digital footprint and can be traced back to its user. In today’s world of evolving technology, almost every aspect of life is being connected back to the…

The post How Technology Can Hold You Hostage appeared first on Aegify.

]]>
If you have ever been on the Internet or used a computer, you have left data trails of the sites you have visited. Virtually everyone leaves behind a digital footprint and can be traced back to its user. In today’s world of evolving technology, almost every aspect of life is being connected back to the Internet. Our reliance on these technologies is only making our daily lives more available to the public. It is becoming increasingly apparent that a world that is interconnected through data, privacy is becoming harder to achieve.

This problem was made abundantly clear to the users of the Ashley Madison website. According to CNN, the extramarital affair website’s 37.5 million users are under the threat of having their information shared with the world unless they comply with the hacker’s requests. This is an effective way that hackers can hold a user hostage, but instead of ransoming a loved one or prisoner, it is information that is on the line. Ashley Madison users are only an example; for the average person this is an instance that would not influence their daily lives. However, there are countless other activities that an average person takes part in that could be used to harm, for example, driving. The recent experiment where hackers were able to take over the controls of a Jeep while a passenger was driving should be alarming to any of those who commute regularly. Since hackers were able to control the breaks of the vehicle, serious harm could be inflicted to anyone on the road. Since, according to USA Today, 210 million Americans are licensed drivers, this is an issue that affects almost everyone.

It is becoming a reality that now that everything is done online, we leave a digital footprint in almost everything we do, and this data can be used against us. The key is to recognizing that since everything leaves a trace, than we must be careful about what we post and what activities we choose to do online. Security that detects when our personal issues are being accessed is vital to keep privacy a reality. Effective security could prove to be the difference in being able to live your daily life without fear or being held hostage by it.

Live your life without fear.
Let Aegify help you secure your organizations data and reduce overall risk of being held hostage by the very technology that keeps your business running. To learn more about our Security, Risk and Management solutions please click HERE and register for our LIVE webinar led by Aegify CEO Anupam Sahai on Thursday, September 3 from 11:00 AM – 12:00 PM PDT.

The post How Technology Can Hold You Hostage appeared first on Aegify.

]]>
https://www.aegify.com/how-technology-can-hold-you-hostage/feed/ 2
The True Face of Espionage https://www.aegify.com/the-true-face-of-espionage/ https://www.aegify.com/the-true-face-of-espionage/#respond Thu, 20 Aug 2015 05:31:04 +0000 https://www.aegify.com/blog/?p=1239 Most of us are familiar with the classic spy stories of intrigue, deception and espionage. Whether it was from watching a James Bond movie or reading a Tom Clancy novel, we’ve been introduced to a world of high-risk infiltration missions and crazy gadgets portrayed in these tales. These stories are exciting and for the longest…

The post The True Face of Espionage appeared first on Aegify.

]]>
Most of us are familiar with the classic spy stories of intrigue, deception and espionage. Whether it was from watching a James Bond movie or reading a Tom Clancy novel, we’ve been introduced to a world of high-risk infiltration missions and crazy gadgets portrayed in these tales. These stories are exciting and for the longest time, have painted us a picture of what the world of gathering intelligence looks like. However, in reality, this is far from how the true espionage we deal with is conducted.

In February of 2015, health insurance provider Anthem Inc. database was hacked, which includes social security and credit card numbers, health information, patient history, and other valuable client information. According to The Wall Street Journal, this database was made up of over 70 million former and current customers, and employees. As of recent, it is believed that the same group of hackers responsible for the Anthem hack is also responsible for a similar data breach to United Airlines. According to Bloomberg Business, this breach provided the hackers with flight manifest data, including passenger information like destination and place of departure, as well as corporate information and business strategy.

Although these stories lack the glamour and creativity of the spy stories that we are so used to, this is how espionage is conducted in today’s world, and it has clearly been extremely effective regardless. While possibly being thousands of miles away, one can collect all the information they would ever need about a person by receiving access to sensitive information through a data breach. This data can be compiled together to create a massive intelligence network without the hacker ever even leaving his home. With a spy’s work becoming much easier, more effective and simpler, security has never been so necessary to defend against an unseen enemy.

Don’t Become The Next Data Casualty
Fortunately, Aegify’s mission is to protect your organization’s data. Aegify provides a single software solution to address your security, risk and compliance concerns. To learn more, please click HERE and register for our LIVE webinar led by Aegify CEO Anupam Sahai on Thursday August 13, from 11:00 AM – 12:00 PM PDT.

***

When you next encounter a movie about a top secret mission to recover vital information about a corrupt government, consider instead picturing the story’s hero as an average worker, sitting at their desk on a computer while eating a donut.

The post The True Face of Espionage appeared first on Aegify.

]]>
https://www.aegify.com/the-true-face-of-espionage/feed/ 0
Security Goliaths Have Had Their Time, But Here Comes David https://www.aegify.com/security-goliaths-have-had-their-time-but-here-comes-david/ https://www.aegify.com/security-goliaths-have-had-their-time-but-here-comes-david/#respond Mon, 13 Jul 2015 07:11:31 +0000 https://www.aegify.com/blog/?p=1161 People love an underdog. It’s one of the main reasons millions of viewers watch the March Madness basketball tournament every year or why the biblical story of David and Goliath is one of the oldest and most repeated stories of all time–it is inspiring to see the improbable come true. In the world of healthcare…

The post Security Goliaths Have Had Their Time, But Here Comes David appeared first on Aegify.

]]>
People love an underdog. It’s one of the main reasons millions of viewers watch the March Madness basketball tournament every year or why the biblical story of David and Goliath is one of the oldest and most repeated stories of all time–it is inspiring to see the improbable come true.

In the world of healthcare data security, the Goliaths dominate. However, there is an underdog story in the making in this field too. Healthcare providers are struggling to keep up to date on compliance with changing regulations as well as the technology needed to properly protect their data. For example, 36%-40% of hospitals (depending on size) reported dissatisfaction with their security systems and a need for improvement in the next 12 months.

Many hospitals rely on vendors- 24% specifically according to Peer60 2015 report- to keep security software and programs up to date, while another 11% depend on the same companies to comply with HIPAA regulations. Vendors often do a poor job of explaining their complex systems and this makes it much more difficult for hospitals to implement all of the tools they have been given. Also, many security companies aren’t up to date on current data protection technology. If these hospitals are not taking advantage of all of the features a security solution has to offer and the technology used is not effective, than how safe could your important data really be?

Since a select few large companies run most Network security systems, this complaint with how protection is being managed in hospitals is largely significant to all other security vendors and providers looking to get their name out on the market through innovation and disruption in the market place.. By providing less expensive, easier to use, and more effective data security protection, the smaller and newer security companies can shift demand away from the dominant few that have controlled the market in past years. If the large security companies cannot satisfy, then it is time for the Davids of the data security world to make their mark. This is already happening in the highly evolving Security Monitoring and CyberSecurity arena.

***

In the recently released Gartner CIO Agenda Report, 2015, CIOs have identified Security & Risk Management as one of their top priorities. Many of your peers have already engaged Aegify to manage their security, risk and compliance efforts. Discover why. To learn more about how to protect important data, please click HERE to watch our excellent 55 minute presentation on how to protect your company from cyber attacks.

The post Security Goliaths Have Had Their Time, But Here Comes David appeared first on Aegify.

]]>
https://www.aegify.com/security-goliaths-have-had-their-time-but-here-comes-david/feed/ 0
Enterprises need to be proactive to Avoid Anthem Fate https://www.aegify.com/enterprises-need-to-be-proactive-to-avoid-anthem-fate/ https://www.aegify.com/enterprises-need-to-be-proactive-to-avoid-anthem-fate/#respond Wed, 04 Mar 2015 06:35:04 +0000 https://www.aegify.com/blog/?p=981 The news of massive data breach at Anthem Inc., acts as a warning signal for enterprises across the globe irrespective of the industry type. The reports showcase that the Health Insurer, Anthem Inc., suffered this massive data breach as hackers gained access to their corporate data base. For this globally widespread enterprise with a client…

The post Enterprises need to be proactive to Avoid Anthem Fate appeared first on Aegify.

]]>
The news of massive data breach at Anthem Inc., acts as a warning signal for enterprises across the globe irrespective of the industry type. The reports showcase that the Health Insurer, Anthem Inc., suffered this massive data breach as hackers gained access to their corporate data base. For this globally widespread enterprise with a client lists running into millions, the affected data reportedly contained personal information of around 80 million of their US customers and employees.

The top level executives at the organisation agree to the fact that they have been a target of the attack by cyber criminals who gained unauthorized access to their IT system. However, based on digital forensics investigation reports, they are positive that no credit card data or medical records have been compromised. Nevertheless, the breach of 80 million data as per records is the biggest in history that brings to fore, today’s need for deploying industry-standard “sophisticated” defences. Encryption of data is a critical aspect to secure accessibility of any corporate database.

While this is nightmare for the affected individuals, is not a lone case. Other recorded incidents include

  • Data breach at Montana Dept, of Health and Human Services where hackers gained access to a server leading to an estimated 1.3 million affected individuals.
  • Breach at Community Health Systems Inc., which exposed the personal data of an estimated 4.5 million people.

With continuing data breaches, information security has attained critical importance across enterprises. An essential proactive step is to assess your assets and estimate the level of risk with key assets. Following this with an assessment of the security controls would have helped Anthem identify the gaps and plug those gaps with appropriate remedial measures. Tools like Aegify helps organization to assess their security, risk, and compliance posture and to help them take proactive measures to fix the security lacunae.

Aegify services, offered as a cloud-based model, includes all security and IT GRC functions. Equipped with a built-in compliance framework that supports HIPAA, RBI, NSE, BSE, MCDEX, PCI, ISO, COBIT, FISMA and other country based ones, Aegify also has advanced alert and monitoring systems that makes it a complete end-to-end automation solution for all security, audit, compliance and risk management needs of an enterprise.

The post Enterprises need to be proactive to Avoid Anthem Fate appeared first on Aegify.

]]>
https://www.aegify.com/enterprises-need-to-be-proactive-to-avoid-anthem-fate/feed/ 0
Sony Pictures Employee Data Breach – Valued lessons for the Digital World https://www.aegify.com/sony-employee-data-breach/ https://www.aegify.com/sony-employee-data-breach/#respond Wed, 28 Jan 2015 11:22:33 +0000 http://www.egestalt.com/blog/?p=918 The modern enterprises with their digital presence handle a variety of digital data from structured data, textual data such as reports, contracts and emails besides technical drawings, and multimedia. The most dangerous threats faced by them today are therefore the leakage of confidential data. Defined as an unauthorized transfer of sensitive data from an organization…

The post Sony Pictures Employee Data Breach – Valued lessons for the Digital World appeared first on Aegify.

]]>
The modern enterprises with their digital presence handle a variety of digital data from structured data, textual data such as reports, contracts and emails besides technical drawings, and multimedia. The most dangerous threats faced by them today are therefore the leakage of confidential data. Defined as an unauthorized transfer of sensitive data from an organization to an unauthorized external destination, data leakage brings with it financial and personal damage.

According to the annual study conducted by Ponemon Institute, the average cost of a compromised customer record can cost the enterprise anywhere from 4 to 156 USD. Further, leaked customer data leads to loss of reputation, customer abandonment and even fines, settlements and compensation fees. While the earlier data breaches at Sony PlayStation compromised 77 million user accounts, the recent one compromised 25 million.

Experts warn Big Businesses to Learn from Sony Pictures ‘Epic Nightmare’ Hack

Enterprises make use of different methods to detect and prevent leakage of each type of data. However, accidents such as that occurred at Sony have caused customers to turn to their competitors. Security experts therefore warn big businesses to learn from the Sony’s ‘Epic Nightmare’ Hack which broke last month when a group operating under the #GOP attempted to blackmail the firm. The cyber criminals hacked into Sony’s computer systems and paralyzed their operations and tapped into their trove of hypersensitive data. As an aftermath was the steady flow of revelations which included top employees’ salaries and nasty emails shared across various sites and lead to the former employees’ suing the company for data breach.

Security experts are of the opinion that enterprises need to invest more in their network security without being too concerned about the costs inferred. For Sony Corp. cleaning up the mess from the latest attack is going to cost millions. Enterprises need to be well prepared to respond to attacks with regular backups. Monitoring network traffic, ensuring use of updated versions of operating systems and applications and use of firewalls will help to protect valuable data. However, with Sony’s case being one wherein the intruders stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including Social Security numbers, medical information, name, location, employee ID, network user name, base salary and date of birth of more than 6,800 individuals. However, the endless leaks and crazy details emerging points to the fact that attacker had gained access to unknown number of internal systems at Sony.

The hack estimated to have cost Sony $100 million was a result of their security loopholes. Vulnerability monitoring and risk assessment have to be continuous. To avoid such situations, enterprises can deploy cloud based solutions for IT security and compliance management, vulnerability analysis and risk management. Aegify, a flagship product effectively addresses risk management, IT security and compliance. Offered as Software-as-a-service, this solution targets small, medium and large enterprises and is an easy-to-use cost-effective solution.

The post Sony Pictures Employee Data Breach – Valued lessons for the Digital World appeared first on Aegify.

]]>
https://www.aegify.com/sony-employee-data-breach/feed/ 0
Internal Threats Are No Myth – Jamaica Hospital Stands Testimony https://www.aegify.com/internal-threats-are-no-myth-jamaica-hospital-stands-testimony/ https://www.aegify.com/internal-threats-are-no-myth-jamaica-hospital-stands-testimony/#respond Mon, 14 Apr 2014 04:48:50 +0000 http://www.egestalt.com/blog/?p=669 You may often assume that threats to electronic health records are always from outsiders. But the fact is that internal threats are equally prevalent and pose much more danger to an entity’s data. An incident at Queens, New York based Jamaica Hospital is proof to this fact. Two emergency department clerks at the hospital have…

The post Internal Threats Are No Myth – Jamaica Hospital Stands Testimony appeared first on Aegify.

]]>
You may often assume that threats to electronic health records are always from outsiders. But the fact is that internal threats are equally prevalent and pose much more danger to an entity’s data. An incident at Queens, New York based Jamaica Hospital is proof to this fact. Two emergency department clerks at the hospital have been charged for illegally accessing electronic health records (EHR) of hundreds of ED patients and releasing their personal and medical information to outside companies and individuals.

According to the Queens County District Attorney’s Office, these clerks had inappropriately accessed computer records of 250 patients. These records contained information including dates of birth, addresses, phone numbers, Social Security Numbers, and details of injuries and medical conditions of patients who were treated at the emergency department of Jamaica Hospital.

The District Attorney of Queens County, Richard Brown said that the defendants were accused of blatantly violating their HIPAA obligations and trolling through patient health records, because of which, patients who were taking treatment at the hospital have been victimized with illegal release of their personal and medical information. It is believed that some of these affected patients were contacted by lawyers and ‘medical mill’ healthcare providers soliciting their business while they were still receiving treatment in the ED of Jamaica Hospital.

The defendants Maritza Amandor and Dache Prawl will face multiple charges including computer trespass, second-degree unlawful possession of personal identification information and unauthorized use of a computer. They may face up to four years imprisonment if convicted. But the hospital is also likely to bear the brunt of this incident for failing to protect patient records adequately. This is yet again a warning bell to healthcare entities that have not done enough to safeguard patient health information from outsider as well as insider threats. A simple yet effective solution such as Aegify Security Posture Management or Aegify SecureGRC can help prevent such breaches from happening and can provide the ideal platform for comprehensive data security.

The post Internal Threats Are No Myth – Jamaica Hospital Stands Testimony appeared first on Aegify.

]]>
https://www.aegify.com/internal-threats-are-no-myth-jamaica-hospital-stands-testimony/feed/ 0
Latest HIPAA Breach Brings Bad News to 169k Individuals https://www.aegify.com/latest-hipaa-breach-brings-bad-news-to-169k-individuals/ https://www.aegify.com/latest-hipaa-breach-brings-bad-news-to-169k-individuals/#respond Fri, 14 Mar 2014 05:56:44 +0000 http://www.egestalt.com/blog/?p=626 Yet another breach incident puts health information of 168,500 individuals at risk. According to a public notice, Sutherland Healthcare Solutions, a third-party billing vendor reported theft of several unencrypted company computers on 5th of February. The computers were stolen from the Los Angeles County public health and health services departments. Following this report, breach notification…

The post Latest HIPAA Breach Brings Bad News to 169k Individuals appeared first on Aegify.

]]>
Yet another breach incident puts health information of 168,500 individuals at risk. According to a public notice, Sutherland Healthcare Solutions, a third-party billing vendor reported theft of several unencrypted company computers on 5th of February. The computers were stolen from the Los Angeles County public health and health services departments. Following this report, breach notification letters are being sent to all affected individuals.

Officials have confirmed that the stolen computers contained sensitive data including Social Security Numbers, billing information, demographic data, dates of birth and other protected health information such as medical diagnoses.

Making a statement on March 6th, Vice President and Head of Healthcare Compliance at Sutherland Global Services, Karen J. Pugh said that the organization regrets the inconvenience caused and is reviewing policies and procedures concerning information security, while also providing additional training to the workforce.

Since the compromised information includes Social Security Numbers, Sutherland is offering credit monitoring services to the patients involved.

Encryption- The Key Security Mantra

Time and again the Department of Health and Human Services’ Office for Civil Rights has been emphasizing the importance of encrypting data to protect patient information. Even in the past month, Susan McAndrew, Deputy Director for Health Information Privacy at OCR reinforced the importance of encryption while speaking at HIMSS14, where she particularly emphasized the need to encrypt each and every device that leaves the office. However, breach incidents like this one continue to occur, revealing that several healthcare entities and their business associates are yet to take the need for encryption seriously.

It is worthy of noting that theft currently accounts for a major share of HIPAA privacy and security breaches, representing 48 percent of all breaches reported. Till date, covered entities and business associates have settled $18.6 million in penalties for HIPAA violation, out of which, $3.7 million has been settled last year alone. And these numbers do not include the state and private legal settlements.

The disturbing fact is that protected health information of about 30 million individuals has been compromised due to HIPAA privacy and security breaches till date. And this number only seems to be growing. With HIPAA audits all set to begin this year, healthcare providers and their business associates have to take serious steps to protect health information. Comprehensive security solutions such as Aegify Security Posture Management and Aegify SecureGRC can ensure data encryption, periodic risk assessments, and help them steer clear of security incidents.

The post Latest HIPAA Breach Brings Bad News to 169k Individuals appeared first on Aegify.

]]>
https://www.aegify.com/latest-hipaa-breach-brings-bad-news-to-169k-individuals/feed/ 0
2014 – The Year of Data & Privacy Lawsuits? https://www.aegify.com/2014-the-year-of-data-privacy-lawsuits/ https://www.aegify.com/2014-the-year-of-data-privacy-lawsuits/#respond Tue, 11 Feb 2014 07:10:53 +0000 http://www.egestalt.com/blog/?p=610 While the healthcare industry looks at 2014 as the year to strengthen breach prevention and data protection initiatives, experts predict that Healthcare breach suits will be common this year. And true to this fact, dozens of lawsuits have already been filed in the case of the Target breach, which involved theft of two unencrypted laptop…

The post 2014 – The Year of Data & Privacy Lawsuits? appeared first on Aegify.

]]>
While the healthcare industry looks at 2014 as the year to strengthen breach prevention and data protection initiatives, experts predict that Healthcare breach suits will be common this year. And true to this fact, dozens of lawsuits have already been filed in the case of the Target breach, which involved theft of two unencrypted laptop computers that affected nearly 840,000 individuals.

Adding to the number, is a class action lawsuit filed against insurer Horizon Blue Cross Blue Shield of New Jersey, following a data breach which occurred late last year. This lawsuit will be one among the many breach-related suits in healthcare and other industries, to be filed this year.

Horizon had notified 840,000 members about the breach incident. The affected members, whose social security numbers may have been compromised, are being offered free credit monitoring and identity theft protection for one year, according to the company. However, the plaintiffs in the case, Karen Pakelney and Mark Meisel are suing the insurance company for failing to secure and safeguard sensitive, personally identifiable information adequately. They have alleged the insurer of acting negligently and of violating the Fair Credit Reporting Act and the New Jersey Consumer Fraud Act, and are seeking unspecified damages.

However, according to a Horizon Spokesperson, the lawsuit is without merit, and the company intends to defend itself vigorously. But one thing is for sure. This lawsuit opens the floodgates to many more such breach-related lawsuits, and it can be expected that settlements in such cases could be substantial.

David Navetta of the Information Law Group points out to the court ruling in 2011 in favor of the payment card breach victims who were affected by the 2007 breach involving Hannaford, a grocery chain in northwestern United States. He says that the ruling in this case meant that victims of the breach could sue for damages resulting from the costs of card replacement, theft, insurance and other reasonable mitigation efforts, and emphasizes that government enforcement actions related to breaches are heating up in healthcare.

According to Navetta, breaches such as the one involving Horizon and the recent complaint filed by the Federal Trade Commission against the medical testing firm LabMD, highlight the importance of data protection and prompt breach notification, and also bring the importance of cyber-insurance to the forefront. He points out that such cases could turn out to be very expensive to fight, and could potentially put small healthcare entities out of business. LabMD for example, had announced in January this year that its Atlanta-based medical testing lab would be winding down operations because of the cost of fighting the battle with the Federal Trade Commission over the breach case.

It does look very likely that 2014 will be the year of lawsuits for the healthcare sector as predicted by experts. However, the most important lesson for healthcare providers to take home is that data protection and breach prevention are to be taken with utmost seriousness. Providers have to adopt comprehensive security solutions such as Aegify Security Posture Management or Aegify SecureGRC in order to be able to identify vulnerabilities and detect threats in their systems and prevent breaches, rather than facing legal action and suffering dire consequences. The in-depth certification courses offered by 4Med could further strengthen your compliance understanding in remaining secure and compliant.

The post 2014 – The Year of Data & Privacy Lawsuits? appeared first on Aegify.

]]>
https://www.aegify.com/2014-the-year-of-data-privacy-lawsuits/feed/ 0
Lack of Encryption Causes Major Breach, Yet Again https://www.aegify.com/lack-of-encryption-causes-major-breach-yet-again/ https://www.aegify.com/lack-of-encryption-causes-major-breach-yet-again/#comments Tue, 17 Dec 2013 09:02:02 +0000 http://www.egestalt.com/blog/?p=594 There has been enough and more said about the importance of encryption in safeguarding protected health information (PHI). But data breaches resulting due to lack of encryption continue to fill up the ‘wall of shame’, with the latest addition being a breach reported by Horizon Blue Cross Blue Shield. This incident involved the theft of…

The post Lack of Encryption Causes Major Breach, Yet Again appeared first on Aegify.

]]>
There has been enough and more said about the importance of encryption in safeguarding protected health information (PHI). But data breaches resulting due to lack of encryption continue to fill up the ‘wall of shame’, with the latest addition being a breach reported by Horizon Blue Cross Blue Shield. This incident involved the theft of two unencrypted laptop computers that were cable-locked to employee workstations at the headquarters of the insurer. This breach is said to have potentially affected nearly 840,000 individuals.

The Department of Health and Human Services confirmed that this major breach incident is the second largest health data breach reported so far in 2013. A noteworthy fact is that the three largest breach incidents in 2013 have involved thefts of unencrypted computers. This clearly reveals that lack of encryption remains one of the top reasons for data breaches.

A review led by forensic experts at Horizon Blue Cross Blue Shield confirmed that the stolen laptops may have contained files with varying levels of patient information, including names, addresses, identification numbers, dates-of-birth, some amount of clinical information, and in some cases, social security numbers too. However, it was not clear whether all of the information stored in these laptops is accessible. The company is notifying over 839,700 members about the breach, and those whose social security numbers may have been compromised will be offered free credit monitoring and identity theft protection for one year. The company is working with law enforcement to locate the stolen laptops, and is also strengthening encryption processes. Enhancing policies and procedures and educating staff about security of member information is also one of its immediate goals.

This incident is a clear warning bell that irrespective of the physical security measures, encrypting PHI stored on mobile/desktop computing devices is a crucial task. While physical safeguards are important too, unless data is encrypted, there will always be significant risks posed by insider threats, and others who have access to locked facilities.

Why Encrypt?

According to Adam Greene, a privacy attorney, there is no substitute for encryption or the use of a data loss protection technology that can ensure that data is kept centrally and does not end-up on the end-user device. Moreover, those entities that fail to encrypt PHI will find it hard to defend themselves during breach investigations and other such regulatory actions. And with the cost of encryption reducing significantly, the government has great expectations from entities for employing this method to secure PHI. So, physical safeguards will no longer suffice.

And not to forget, the penalty for non-compliance under the HIPAA Omnibus rule may go up to $1.5 million per violation. So entities are better-off paying for encryption and preventing a breach, rather than being subject to such high penalties. Solutions like Aegify Security Posture Management or Aegify SecureGRC could prove extremely useful in preventing data breaches from taking place. They address the need for encryption while also providing comprehensive security for PHI, making them ideal for healthcare providers, their business associates and subcontractors to ensure PHI is safeguarded throughout its lifecycle.

The post Lack of Encryption Causes Major Breach, Yet Again appeared first on Aegify.

]]>
https://www.aegify.com/lack-of-encryption-causes-major-breach-yet-again/feed/ 1
Unencrypted Data- An Ongoing Problem https://www.aegify.com/unencrypted-data-an-ongoing-problem/ https://www.aegify.com/unencrypted-data-an-ongoing-problem/#respond Fri, 26 Jul 2013 07:51:21 +0000 http://www.egestalt.com/blog/?p=515 Stolen or lost unencrypted devices have always posed a significant threat to healthcare entities throughout the United States for quite some time now. And a new breach report by the California Attorney General’s office confirms an ongoing problem. Unencrypted data has been identified as the major culprit in 131 breaches that has affected 2.5 million…

The post Unencrypted Data- An Ongoing Problem appeared first on Aegify.

]]>
Stolen or lost unencrypted devices have always posed a significant threat to healthcare entities throughout the United States for quite some time now. And a new breach report by the California Attorney General’s office confirms an ongoing problem. Unencrypted data has been identified as the major culprit in 131 breaches that has affected 2.5 million individuals in the state of California last year alone.

The report revealed that physical breaches involving stolen/lost unencrypted devices were larger and affected more number of people on an average. The law, requiring state agencies to report breaches involving more than 500 individuals, was enacted in California for the first time in 2012, and the state’s Attorney General Kamala. D. Harris recently issued the first public report detailing the breaches. Announcing the report, Harris said that data breaches are a serious threat to privacy, finances and personal security.

Encrypting digital personal information is the key to privacy and security, according to Harris, who said that encryption could have prevented defaulting organizations from putting over 1.4 million Californians at risk. However, it is noteworthy that California is not the only place where breaches involving unencrypted devices are reported. Over the past few years, the infamous ‘Wall of Shame’ in the US Department of Health and Human Services has seen a number of breaches involving unencrypted data, and most commonly mobile devices.

The breach report reveals that failure to protect physical information assets was the major cause of these breaches, affecting 40,223 people on an average. This is further proven by the fact that two of the five largest breaches, namely the breach at California Department of Social Services involving loss of a computer storage device, and the breach at Emory Healthcare involving missing storage disks, were in the ‘physical’ unencrypted category.

Although healthcare providers were involved in a few larger breaches in the state of California, the retail industry topped the list with 34 breaches, which is 26% of the total number of breaches. This was followed by the finance and insurance sector with 30 breaches, or 23% of the total. Healthcare came third with 19 breaches representing 15% of the total.

This report however offers certain key takeaways. Firstly, healthcare entities should know that encryption is a must, and that one good reason to get the encryption program started soon is the HIPAA Omnibus Rule, which necessitates encryption. Covered entities should remember that non-compliance under the HIPAA Omnibus rule can attract penalties up to $1.5 million per violation, and that the compliance deadline is September 23rd, which is just two months away.

The Attorney General’s report makes it obvious that enforcement related to encryption would be one of the top priorities of the office, and acts as a warning to healthcare entities about how to keep their names out of the breach totals for the coming year. Aegify Security Posture Management or Aegify SecureGRC can prove valuable at this point, by helping organizations prioritize their compliance initiatives and offering a framework of best practices to achieve compliance with the HIPAA Omnibus Rule.

The post Unencrypted Data- An Ongoing Problem appeared first on Aegify.

]]>
https://www.aegify.com/unencrypted-data-an-ongoing-problem/feed/ 0