All posts by admin

Portrait of three uniformed doctors not being optimistic about the healthcare system. Check out these HIPAA Settlements.

“Two recent HIPAA settlements should remind health care industry to stay vigilant,” attorneys say

“Two recent HIPAA settlements should remind health care industry to stay vigilant,” attorneys say.

Health care providers need to be mindful of two recent major Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlements to avoid being similarly targeted, two industry attorneys say.

“Health care providers need to stay vigilant and proactive in maintaining HIPAA compliance in all facets of operations,” Bruce D. Armon and Karilynn Bayus, both of Saul Ewing in Philadelphia, said in a joint email to Legal Newsline.

Regular internal self-audits of HIPAA compliance and active review of policies and procedures and forms can help ensure good conduct. Mistakes can always occur.

“Creating and maintaining a committed culture of compliance can help mitigate circumstances that can lead to HIPAA investigations and/or payment of fines and entering into a corrective action plan.”

Read More
CAM HIPAA Solutions for HIPAA Consulting in Los Angeles


Three data breaches have been reported by pharmacy stores in the past two months, resulting in the PHI of almost 13,000 pharmacy customers being exposed or disclosed to unauthorized individuals.

Walmart Reports Breach of 4,800 Patients’ Data


Walmart stores recently announced that some of its online pharmacy customers may have had their names, addresses, date of births, and prescription histories exposed as a result of a coding error that was made while the company was migrating data between servers.

Between February 15 and February 18, 2015, online customers who logged into the company’s online pharmacy may have been able to view the data of other customers who logged in at the exact same time. No Social Security numbers or financial data were exposed as a result of the coding error.

Dan Toporek, a spokesperson for Walmart, said a few thousand individuals had been affected, although this is a small percentage of the number of individuals who used the company’s online pharmacy during the four-day stretch.

The data breach has now been reported to the Department of Health and Human Services’ Office for Civil Rights (OCR), with the breach report indicating 4,800 patients were affected. Toporek said there is no reason to believe that any data have been used inappropriately, although all customers who had their data exposed as a result of the error would be individually notified and offered identity protection services.

Hard Drive Containing 3000 Customers’ PHI Stolen in Roark’s Pharmacy Burglary


A burglary at Roark’s Pharmacy in Oneida, TN., in January has impacted 3,000 of the store’s customers. A hard drive containing customer prescription information and personal data was stolen by thieves who broke in to the pharmacy in the early hours of January 13. The break-in and theft was discovered four hours later when pharmacy owner, Terry Roark, arrived to open the store at 6:30am.

The thieves had taken all of the pharmacy’s narcotics, $400 in cash, and a computer hard drive containing the data of 3,000 customers. The thieves are understood to have broken in in order to steal narcotics, and took other items of value, including the hard drive. The thieves gained access to the building by sawing through the door and removing it from its hinges. While law enforcement officers have investigated the burglary and obtained CCTV footage from the service station next door, the DVR system linked to the pharmacy’s CCTV cameras was also stolen in the break-in. No suspects have been arrested.

5,000 Customers Affected by Locust Fork Pharmacy Data Breach


Locust Fork Pharmacy in Alabama has reported a security incident to the Office for Civil Rights that has affected 5,000 of its customers. The incident is listed as an “unauthorized access/disclosure”, although no further information has been made available about the incident.

Read More

Top 4 HIPAA Compliant Hybrid Cloud Considerations

HIPAA Compliant hybrid cloud is one of the most flexible solutions for Healthcare organizations looking to move to the cloud. But in order to ensure successful implementation, there are some key things to consider, including security and risks, SLAs and costs.

Organizations looking at moving to the cloud initially faced the choice of a public or private cloud. Moving to a public cloud brought up several concerns that ranged from regulatory and compliance issues to business availability questions.  Several initial outages from public cloud providers such as Microsoft Azure or Google did little to reassure companies about the cloud. While the outages have lessened, customers also started to adjust how they moved to the cloud. Netflix, for example, created a Chaos Monkey program designed to simulate and adjust for failures within the AWS cloud. Out-of-the-box thinking with programs such as this have helped customers move to the cloud with guarded optimism. However, the public cloud has not seen the overall consumption that was predicted. Continual issues, such as Amazon’s partial reboot of AWS to address a XEN security bug, have dampened some of the cloud excitement. This has also reinforced the reality that while the public cloud has a lot of benefits, it also means a loss of control for your data and services, and this scares folks.

The counter to the concerns with the public cloud was the internal private cloud. Bringing the cloud benefits in-house is an ideal way to address regulatory and compliance concerns, because now the data was under your control. However, the issue with doing this was the cloud benefits themselves. While you can bring self-service and metered resources in-house, very few organizations can provide the elasticity needed. This is due simply to the capital costs of large amounts of hardware needed to be able to scale up and down on demand. The alternative to an internal private cloud was the external private cloud. An externally hosted private solution that addresses many of the internal concerns about elasticity of that provider does sound like an ideal solution.  However, Cloud as a Service (CaaS) that is private may not actually be private unless it contains full hardware separation (compute, networking, storage).  Very few providers, if any, can do this, so it becomes a software separation that is still at its root a multi-tenant environment.

MORE: TOP 5 Private Cloud Considerations

Answers at two opposite ends opened up a middle ground solution that the industry had been looking for: the hybrid cloud. Unlike the fixed nature of the private or public cloud, the hybrid cloud comes with flexibility that can support an organization’s needs without requiring the business to fit into a predefined category. The hybrid cloud comes at a time when IT budgets are under fire and IT talent is in short supply. The hybrid cloud is not a total business solution; it is a business enabler. It can help an organization move at the speed of business without requiring as much capital as a new business or giving up data control.

Let’s take a look at a few key categories to consider when moving to the hybrid cloud model.

1. Security And Risk

The elastic resources of an (internal or external) private cloud allow for an organization to quickly try a new application or concept without spending or waiting for (on-premises) resources to come online. While the private cloud and its infrastructure have the security benefits, it is often not an elastic resource. However, with a hybrid-cloud approach, the additional elasticity can be used from the external cloud provider. Wiht a hybrid cloud scenario the sensitive applications and data can be hosted internally, while nonconfidential components and information can be hosted externally. The ability to dictate where the data resides is a critical benefit to the hybrid-cloud for organizations that have to address security or compliance.

2. Vendor Selection

While many hybrid-cloud providers can support multiple hypervisors and workloads, that doesn’t mean you will always get the additional features offered for each platform or the best performance when you’re crossing vendor lines. Utilizing Microsoft Hyper-V and extending it to the Cisco hybrid-cloud over Microsoft’s own Azure is supported; however, crossing between vendors can create additional support challenges. IT personnel may find themselves in the vendor blame game; the only difference now is that part of the technical problem is no longer on site, and the support issue can be a lot more extensive.

Does this mean if you’re a Hyper-V shop you should automatically go with Azure? Sticking to a single vendor is not a foolproof answer, but in this case, sticking with Microsoft should be one of your top three options. Besides the support concerns, there are ease of deployment and possible licensing cost incentives that can also influence the decision to stay within a single vendor ecosystem.

The vendor question will not be as much as an issue with hybrid-cloud vendors that are more cloud-vendor neutral. This includes Rackspace, which does not have a hypervisor of its own. These hypervisor-agnostic vendors are also ideal for organizations with multi-hypervisor environments.

3. Service Level Agreements (SLAs)

A common trend today is many of the top data center vendors getting into the hybrid cloud business. Well-established companies such as HP, Cisco and IBM are now offering hybrid cloud services. These hybrid clouds can help extend many of the tools or infrastructure the vendors offer to combine a partial onsite installation with some of the backend of the tools and services running in the third-party clouds. This can enable customers to use additional features that would otherwise be unavailable, unless they have a much larger onsite installation.

While many of these cloud offerings are built on established technologies, uninterrupted performance or reliability cannot be guaranteed. Many users of Microsoft’s Azure cloud service found this out in 2014 with an outage that lasted several hours, leaving some organizations with few options. Though other hybrid-cloud providers could run into the same problem, you do have to be aware that the concept of the hybrid cloud is still new for many of these vendors. They may not be as invested in the technology as others who solely focus on hybrid cloud services or their solutions might not be as mature as other options.

With so many new vendors coming to the hybrid cloud market, reviewing and understanding the SLAs (service level agreements) is critical. An SLA is not simply about what level of uptime is guaranteed; it also has to reference penalties for systems being offline. For both established and new hybrid cloud providers, this can be a touchy subject; however, it is a critical one because SLAs are not always clear.

While you may have an SLA for your hybrid cloud, it might not cover all of the cloud components. What does this mean? If your 99.99 percent (up to 52 minutes of outage) hybrid cloud goes offline due to a network issue, that outage is counted against the network availability. On the other hand, if your compute goes offline, that outage is not cumulative with the network outage; they are in separate counters. The same goes for storage or WAN. This means you could have separate outages, each lasting up to 51 minutes, and as long as one category does not go over 52 minutes, you still have a 99.99 percent uptime rating.

The second piece to this is the penalty aspect. The loss to your business during an outage can be devastating, and yet in most cases a cloud provider will offer you discounts on your hosting fees using a monetary penalty. While it is doubtful you can negotiate with your provider to cover your losses during an outage, you do have the ability to shop around and at least ask about modifying the penalty clause.

An additional point to keep in mind is how flexible the cloud provider is if you want to move a workload from that vendor’s hybrid cloud to a different cloud provider. While many of the larger cloud providers may not shutter their doors and go out of business, it is possible their cloud division might get spun off or sold. Ensuring your hybrid cloud provider has some type of migration or exit strategy is a preventative move that hopefully you’ll never need. But it’s worth asking about a migration path; it may even help to keep pricing conversations a bit more honest.

4. Hybrid Cloud Costs

All cloud technologies come with a cost. Often the private cloud is a capital investment, while a public cloud is a continuous operational cost. The hybrid cloud has a bit of a different cost structure. The pricing model won’t necessarily be zero when it’s not actively in use. You still have to pay for the connection and the ability to move workloads. When you do need that additional resource, it will most likely cost more than what it would in the public cloud. However, on the flip side, when it’s not in use, the cost is lower than with the public cloud. This lower and higher cost flip-flop will not necessarily result in savings; it’s more likely to be closer to cost neutral when compared to the public cloud. The real benefit is a soft cost in reduced turnaround time and increased flexibility while still keeping the desired security.

For today’s business, being able to react to a new market or need is critical. The elastic nature of cloud computing enables that ability in record time. For the hybrid cloud user, the option to balance security and deploy large numbers of compute resources can make the difference in getting a product to market faster. Leveraging your internal resources with what the hybrid cloud gives you makes for a perfect balance of flexibility and elasticity.

The hybrid cloud doesn’t require the commitment of the private or public cloud in terms of capital, operational or administrative costs. Compatibility with your existing infrastructure is just one of many things when considering a cloud solution. And if you are going to cross vendor lines, ensure you have support clearly defined so you do not run into issues when systems are down and timing is critical. The hybrid cloud can be the right solution for many organizations as long as it’s implemented and used properly.

Read More
6 cloud provider compared

6 HIPAA Compliant Hybrid Cloud Providers Compared

Choosing a HIPAA compliant hybrid cloud provider is arguably more difficult than evaluating private or public cloud offerings. To make things a bit easier, here’s how the top six HIPAA Compliant hybrid cloud providers compare.

Deciding on a hybrid cloud provider has additional challenges over a public or private cloud offering. When you are looking at a private or public cloud you compare features and functionality based on one environment. However, with a hybrid cloud you have to look at the solution provided in both your environment and what is external to your environment. Having transparency between internal and external resources does not require the performance to be a mirrored as the hybrid cloud should be viewed as an extension of the internal resources. However security, SLAs and management should come as close to mirroring your internal environment as possible.

Last time we looked at the major purchasing considerations for enterprises choosing a hybrid cloud solution; today we compare the top six options when it comes to hybrid cloud offerings from Microsoft, VMware, Amazon Web Services, Rackspace as well as EMC and HP. The comparison table that follows includes the pros and cons of each hybrid cloud solution.


 Microsoft Hybrid Cloud

Microsoft has spent considerable resources in expanding its Azure cloud. While Azure has seen some initial growing pains, it’s clear that Microsoft learned from the experiences of its competitors to avoid some common mistakes.

The foundation of Microsoft’s cloud offering is Windows Server 2012 R2 with System Center 2012 R2. By leveraging a common product suite, Microsoft maintains a level of consistency as workloads move from internal to hybrid cloud environments. This strong Windows focus does not mean that your internal and external clouds cannot run Linux virtual machines or Docker containers, they are supported; but in a Microsoft environment the Windows operating system is of course ideal.

Using consistent product families allows for administrators to come up to speed quickly, since the toolsets are the same. However, this is only true if System Center is already deployed internally and staff is trained, which can be a challenge since it incorporates multiple products including Virtual Machine Manager, Data Protection Manager, Endpoint protection and Operations Manager.

Security is leveraged off of existing Active Directory infrastructure and provides a transparent security management environment. However, this can open up additional security risks based on existing Windows Server vulnerabilities.

Azure is ideal for Microsoft shops because multiple products, including SQL, Active Directory, the .Net platform and other Microsoft applications and services are available in Azure today. The Azure catalog continues to grow and expand as well. This will help to increase the transparency between internal and external resources with a large application catalog.

Project Lightwave (for access management) and Project Photon (for Microsoft Linux containers) will allow for more compatibility with existing container technologies and will find a home in the hybrid cloud solution. Lightwave and Photon are designed to catch-up with existing container technologies where Microsoft Nano Server is a more radical but welcome innovation. Nano server is a minimal installation of Windows Server designed for the cloud and developers. This level of portability with Windows applications in containers that can be moved easily within the hybrid cloud is what the Windows developers have been looking for since containers were first introduced.

VMware Hybrid Cloud

VMware’s products were one of the first cloud operating systems. VMware was able to use its established record of performance and reliability to become a good choice for many cloud providers. However, VMware did not get into the cloud provider space until a very short time ago. This puts the company a step behind many of the other cloud players in terms of experience, however in many cases VMware still has a technology edge over other providers.

VMware has the experience and technology to power many of the world’s biggest virtualized deployments. However, VMware suites are often a collection of products loosely bundled together that can contribute to confusing purchasing, installations and upgrades. Frequent product name changes don’t help this situation either.

VMware vCloud Air is vendor agnostic when it comes to running Microsoft, Linux or other operating systems. This wide base of support treats all vendors the same and provides a consistent platform that is best suited to multiple operating system environments. VMware uses the same vCloud software for both the internal and external cloud frameworks. This helps to keep transparency for the administration of resources.  Additionally, VMware is one of the few providers with multiple years of experience in software defined networking (SDN) and brings that experience to the hybrid cloud in its NSX product.

What’s important to note is that VMware is not the sole provider of its hybrid cloud; in most cases, vCloud Air is available through a partner network that is certified to run VMware’s vCloud Air Network Services. This may be a concern for some who did not realize vCloud Air is not a dedicated VMware data center.

VMware’s hybrid cloud supports a wide range of resources, however it resides closer to the infrastructure layer where some of the other providers can dive a bit deeper into the application layer. Container technology will help to bridge this gap, but not completely close it.

Amazon Web Services (AWS) Hybrid Cloud

Amazon Web Services does not have a hybrid cloud service, as compared to the other providers on this list. AWS has taken a different approach, but one that still warrants review due to the sheer number of businesses and sites utilizing AWS in a hybrid environment.

AWS remains focused on the public cloud and currently does not offer its cloud management software offsite. Instead, the hybrid approach uses a Direct Connect Service that bridges the customer’s data center with a virtual private cloud (VPC) resource. As one of the largest public cloud providers, AWS has the resources and experience to manage the hosted side of a hybrid cloud. Currently the company lacks the private aspect needed at the customer’s site. Direct Connect is not a private cloud management package, only a connection from a VMware or Microsoft’s internal cloud.

While Amazon is not a hybrid cloud by traditional definition, the company has been making some steps in that direction with the AWS GovCloud program that uses AWS for onsite private cloud with the U.S. government. Whether or not this makes it to the private sector remains to be seen.

AWS is the unknown in the hybrid cloud field. Today AWS customers continue to ask for private cloud management and have had to make due with third party offerings while patiently waiting for Amazon to fully embrace the hybrid cloud.

Rackspace Hybrid Cloud

Rackspace approaches the hybrid cloud with the flexibility of a Swiss Army Knife for infrastructure. Rackspace provides the connection from on-premises resources to offsite through the use of its Rackconnect technology. Rackconnect allows the consumer to seamlessly scale out the environment as needed by adding Cloud Servers or Cloud Files.

While offering both single and multi-tendency, Rackspace has a strong single-tenant model with the OnMetal Cloud Server offering to ensure consistent and predictable application performance. Rackspace also has a strong focus on infrastructure with a dedicated high performance hardware option in a flexible and scalable model. Hybrid cloud deployments are based on OpenStack.

EMC Hybrid Cloud

EMC has built its hybrid cloud through a combination of methods including partnerships, acquisitions and internal development. Because of this “best in breed” approach, EMC provides a hybrid cloud that is closer to an overlay of other software, such as VMware vRealize suite combined with EMC software (ViPR, PowerPath and Storage Analytics).These solutions can be run internally or on top of other certified service providers such as AT&T, Terramark, Rackspace and VMware. While the best in breed approach can be a bit confusing, EMC recently acquired Virtustream,  a hybrid cloud management platform, which has the ability to unite several of the best of breed products under a single management interface.  Where this fits in with VMware vCloud Air is yet to be seen as both solutions could compete with each other.

HP Hybrid Cloud

HP has a full hybrid cloud portfolio, part of which is based on the company’s open source Helion Eucalyptus platform designed to be compatible with AWS. The core, however, is based on OpenStack technology. This puts HP right in the competitive field with the other vendors using OpenStack as a foundation. HP does have a few advantages over the competition however, including deep partner relationships that can be leveraged in the hybrid cloud, along with a public commitment to open source for the hybrid cloud. With so many companies looking at open source tools and OpenStack in particular, this may position HP in a leadership role if it continues to embrace the open source mindset and toolsets.

Top 6 Hybrid Cloud Providers Compared

  Pros Cons Final Verdict
Microsoft Common set of management tools for Microsoft shops.
Application focused with a large catalog.
Nano server could be a game changer.
Linux and other non Microsoft OSs supported but not embraced.
System Center is very complex and expensive.
Little Java support.
Microsoft’s Azure cloud platform uses an application centered hybrid cloud approach. For Microsoft shops running Hyper-V, Azure is an ideal fit. Customers running VMware are supported, but implementation is not ideal.
VMware Extensive experience in cloud based OSs.
Supports a wide range of OSs at the client end.
Common tools for management for both on and off premises.
Most hybrid clouds come from authorized partners and not directly from VMware data centers.
Product suites are a collection of separate products loosely bundled, which can cause confusion for support, purchasing and upgrades.
VMware is a bit late to the hybrid cloud provider market and is basing its entry on the partner eco-system. VMware has the technology but whether it can get it all to work together smoothly remains the question.
Amazon Extensive experience in the public cloud market.
Mature and extensive catalog offerings.
No private cloud management software to date.
Hybrid cloud implementations are limited to Direct Connect Service.
While not a true hybrid cloud provider Amazon has the technology and experience to vault to the head of the pack. Strong customer demand is driving efforts.
Rackspace Infrastructure focused hybrid cloud approach.
Rackconnect and OnMetal services help to focus on a consistent and predictable model.
Supports a wide range of vendors and OSs
Infrastructure only offering with few products regarding application specific catalogs. Rackspace has a strong focus on infrastructure and consistency. While the company does not have an extensive application catalog as other providers,  customers have more predictability in how their applications will perform.
EMC Suite of existing products that works with certified providers with some value added consulting services. A collection of disparate VMware and EMC products bundled for a hybrid cloud solution. A very storage centric approach to the hybrid cloud.  Value add comes from consulting and not the software. The recent Virtustream acquisition will help unite the products for ease of management.
HP Looks thoughtful and extensive on paper. Dedicated to open source concepts and efforts. HP is set to play a major role in the open source cloud space, however the company’s direction is still unclear. Strong dedication to open source and extensive partner network.Could be a strong force in the OpenStack efforts in the enterprise.


Read More


2016 could be the year of ransomware, and companies need to be prepared to face this malware threat. According to a recent report from Intel Corp’s McAfee Labs, the number of ransomware attacks is expected to grow in 2016, and that could create costly problems for SMBs.

Ransomware is a type of malware that allows a hacker to encrypt files on an infected computer and then demand a ransom be paid in order to decrypt the data. Often, users have no other option than to pay the ransom, which can range anywhere from $200 to $10,000. According to the FBI’s Internet Crime Complaint Center, victims of CryptoWall – one of the most prevalent forms of ransomware – reported more than $18 million in losses between April 2014 and June 2015.

Small businesses are particularly vulnerable to ransomware. According to the Verizon 2015 Data Breach Investigations Report, 23 percent of SMBs that receive phishing emails open them, and 11 percent click on the attachment. That’s why it’s critical for MSPs to educate their small business customers about ransomware and stay up to date on the latest threats.

Here are four points that are important for businesses to keep in mind about ransomware.

1. Users are the final line of defense

Even if you have all the right technical safeguards (such as antivirus software, spam filters and firewalls) in place on a customer’s system, they can still fall victim to ransomware. All it takes is one person who unwittingly clicks on a suspicious link or opens the wrong attachment, and a whole system could be infected.

To help combat this, you need to teach users about what ransomware is, how it can hurt their business and the warning signs they should watch out for. For example, CryptoWall is often spread using files named HELP_DECRYPT in .txt, .html, .url and .png file formats.

2. Seeing is believing

One of the most effective ways to teach your users about ransomware is to show them real examples so they know what an infected email looks like. You can find a number of helpful online quizzes, such as this one from McAfee, that provide a variety of examples and explanations about how to tell the difference.

After a computer is infected with ransomware, a message will be displayed alerting the users and providing instructions on how to pay the ransom. You should show your employees some examples of what these screens look like so they can let you know immediately if they do fall victim to ransomware.

3. Backup supports faster recovery

If a users hit with ransomware, having a recent backup will make it easy for you to restore their operations as quickly and painlessly as possible, saving time and money for both you and your customer. For that reason, having a backup solution in place and regularly testing backups to make sure they’re running properly is a critical part of protecting your business from ransomware. If a user doesn’t have access to a recent backup, your company will likely have no choice but to pay the ransom.

4. Ransomware is always evolving

Malware developers are constantly introducing new and improved ransomware strains, creating new challenges for companies. For example,CryptoWall 4.0 was unleashed in November, adding twists such as encrypting filenames as well as the files themselves, making it nearly impossible to tell files apart. To stay up to date on the latest ransomware news threats, one should follow sites such as Bleeping Computer or the Microsoft Malware Protection Center. Or leave it to your current IT vendors to stay on top of these threats and resources. Any IT vendor worth their weight in salt should already be regular visitors of these sites

At CAM we provide preventative and support solutions for ransomware. We have seen various variants of these bugs and are experienced with dealing with them. Never negotiate with terrorist, and ransomware coders are terrorist to businesses and individuals.

Schedule a consultation today
to speak with a consultant today!

Click to Schedule an Appointment



Read More
Dangers of Unsecure Texting HIPAA

Minimizing Mobile Risks in Healthcare

Minimizing emerging threats to mobile devices and applications should be a top health data breach prevention priority for 2016!

“What we’re seeing from the new [threat] vector perspective is that a lot of mobile is coming to the spotlight,” says Bowen, chief privacy and security officer and founder of the security firm ClearDATA.

“We’ve seen this trend for the last few years where we can use a mobile device in an incredibly effective way to enable healthcare to deliver amazing patient care,” he says in an interview with Information Security Media Group. “Some of the greatest innovations happen that way. Unfortunately, at times, the mobile device has been enabled with great software that doesn’t necessarily consider the entire ecosystem from a hardening perspective.”

The only way to stay ahead of emerging threats is to “employ a security-first strategy, make sure you’re doing vendor diligence, and make sure you’re implementing a defense-in-depth strategy that considers every layer of security,” he says.

For instance, healthcare organizations need to realize that mobile software may be storing logs that could contain personally identifiable information for a patient. Also, “you may be incorporating data flows from inside and outside that application that may not be hardened,” he notes.

Additionally, mobile data is at risk “because people are still lugging laptops around without encryption,” he notes.

In fact, about one-third of incidents listed on the Department of Health and Human Services “wall of shame” website of major health data breaches affecting 500 or more individuals since September 2009 involve unencrypted lost or stolen laptops or other portable electronic devices.

It’s also important to vet technology suppliers, he stresses. “We see new entrants into the healthcare market – and sometimes that’s a great thing, and other times it’s shocking how lax the security can be, even from security vendors who really claim to embrace a security-in-depth strategy.”

Other Threats

In developing strategies to fight against hacker attacks, which were pervasive in 2015, organizations need to take steps to make sure social engineering tactics fail, he says. “Hackers are really going after the easiest targets first,” he points out. “It’s not about stealing a database of credentials. It’s more about stealing credentials one phishing email or keystroke logger at a time.”

In the interview, Bowen also discusses:

  • Other security weaknesses that make healthcare organization easy targets for cyberattacks, and what those entities can do to bolster security;
  • How healthcare entities can better prevent and detect breaches involving insiders, including members of their workforce as well as business associates;
  • Three lessons that can be learned from the top healthcare breaches in 2015.

Bowen is the chief privacy and security officer and founder of security firm ClearDATA. He manages the risks and business impacts faced by global healthcare organizations, with a specific focus on cyberthreats, privacy violations, security incidents, social engineering attempts and data breaches. Bowen is a Certified Information Privacy Professional,Certified Information Privacy Technologist and Certified Information Systems Security Professional.

Full interview here

Read More
Fear Itself Speech 修改 文章 英文 click through the following web site | Advanced Trading Tools · Learn How to Trade opciones binarias demo click here now
Loan Canada go credit visit their website