All Posts in Category: Security

CAM HIPAA Solutions for HIPAA Consulting in Los Angeles


Three data breaches have been reported by pharmacy stores in the past two months, resulting in the PHI of almost 13,000 pharmacy customers being exposed or disclosed to unauthorized individuals.

Walmart Reports Breach of 4,800 Patients’ Data


Walmart stores recently announced that some of its online pharmacy customers may have had their names, addresses, date of births, and prescription histories exposed as a result of a coding error that was made while the company was migrating data between servers.

Between February 15 and February 18, 2015, online customers who logged into the company’s online pharmacy may have been able to view the data of other customers who logged in at the exact same time. No Social Security numbers or financial data were exposed as a result of the coding error.

Dan Toporek, a spokesperson for Walmart, said a few thousand individuals had been affected, although this is a small percentage of the number of individuals who used the company’s online pharmacy during the four-day stretch.

The data breach has now been reported to the Department of Health and Human Services’ Office for Civil Rights (OCR), with the breach report indicating 4,800 patients were affected. Toporek said there is no reason to believe that any data have been used inappropriately, although all customers who had their data exposed as a result of the error would be individually notified and offered identity protection services.

Hard Drive Containing 3000 Customers’ PHI Stolen in Roark’s Pharmacy Burglary


A burglary at Roark’s Pharmacy in Oneida, TN., in January has impacted 3,000 of the store’s customers. A hard drive containing customer prescription information and personal data was stolen by thieves who broke in to the pharmacy in the early hours of January 13. The break-in and theft was discovered four hours later when pharmacy owner, Terry Roark, arrived to open the store at 6:30am.

The thieves had taken all of the pharmacy’s narcotics, $400 in cash, and a computer hard drive containing the data of 3,000 customers. The thieves are understood to have broken in in order to steal narcotics, and took other items of value, including the hard drive. The thieves gained access to the building by sawing through the door and removing it from its hinges. While law enforcement officers have investigated the burglary and obtained CCTV footage from the service station next door, the DVR system linked to the pharmacy’s CCTV cameras was also stolen in the break-in. No suspects have been arrested.

5,000 Customers Affected by Locust Fork Pharmacy Data Breach


Locust Fork Pharmacy in Alabama has reported a security incident to the Office for Civil Rights that has affected 5,000 of its customers. The incident is listed as an “unauthorized access/disclosure”, although no further information has been made available about the incident.

Read More
Dancing with HIPAA Compliance

Selfies, Videos, and Social Media: Dancing with HIPAA Compliance Dangers Dental Practice

If your practice is like many others, you’re doing the HIPAA compliance dance. You may not know all the moves, but you’re trying your best to follow along and get it right. And that’s the problem! There are SO many moves. There are hundreds of pages of rules and regulations that you need to know and understand. Most dental practices are so busy that it’s hard to find the time to handle this effectively.

Read More

Top 4 HIPAA Compliant Hybrid Cloud Considerations

HIPAA Compliant hybrid cloud is one of the most flexible solutions for Healthcare organizations looking to move to the cloud. But in order to ensure successful implementation, there are some key things to consider, including security and risks, SLAs and costs.

Organizations looking at moving to the cloud initially faced the choice of a public or private cloud. Moving to a public cloud brought up several concerns that ranged from regulatory and compliance issues to business availability questions.  Several initial outages from public cloud providers such as Microsoft Azure or Google did little to reassure companies about the cloud. While the outages have lessened, customers also started to adjust how they moved to the cloud. Netflix, for example, created a Chaos Monkey program designed to simulate and adjust for failures within the AWS cloud. Out-of-the-box thinking with programs such as this have helped customers move to the cloud with guarded optimism. However, the public cloud has not seen the overall consumption that was predicted. Continual issues, such as Amazon’s partial reboot of AWS to address a XEN security bug, have dampened some of the cloud excitement. This has also reinforced the reality that while the public cloud has a lot of benefits, it also means a loss of control for your data and services, and this scares folks.

The counter to the concerns with the public cloud was the internal private cloud. Bringing the cloud benefits in-house is an ideal way to address regulatory and compliance concerns, because now the data was under your control. However, the issue with doing this was the cloud benefits themselves. While you can bring self-service and metered resources in-house, very few organizations can provide the elasticity needed. This is due simply to the capital costs of large amounts of hardware needed to be able to scale up and down on demand. The alternative to an internal private cloud was the external private cloud. An externally hosted private solution that addresses many of the internal concerns about elasticity of that provider does sound like an ideal solution.  However, Cloud as a Service (CaaS) that is private may not actually be private unless it contains full hardware separation (compute, networking, storage).  Very few providers, if any, can do this, so it becomes a software separation that is still at its root a multi-tenant environment.

MORE: TOP 5 Private Cloud Considerations

Answers at two opposite ends opened up a middle ground solution that the industry had been looking for: the hybrid cloud. Unlike the fixed nature of the private or public cloud, the hybrid cloud comes with flexibility that can support an organization’s needs without requiring the business to fit into a predefined category. The hybrid cloud comes at a time when IT budgets are under fire and IT talent is in short supply. The hybrid cloud is not a total business solution; it is a business enabler. It can help an organization move at the speed of business without requiring as much capital as a new business or giving up data control.

Let’s take a look at a few key categories to consider when moving to the hybrid cloud model.

1. Security And Risk

The elastic resources of an (internal or external) private cloud allow for an organization to quickly try a new application or concept without spending or waiting for (on-premises) resources to come online. While the private cloud and its infrastructure have the security benefits, it is often not an elastic resource. However, with a hybrid-cloud approach, the additional elasticity can be used from the external cloud provider. Wiht a hybrid cloud scenario the sensitive applications and data can be hosted internally, while nonconfidential components and information can be hosted externally. The ability to dictate where the data resides is a critical benefit to the hybrid-cloud for organizations that have to address security or compliance.

2. Vendor Selection

While many hybrid-cloud providers can support multiple hypervisors and workloads, that doesn’t mean you will always get the additional features offered for each platform or the best performance when you’re crossing vendor lines. Utilizing Microsoft Hyper-V and extending it to the Cisco hybrid-cloud over Microsoft’s own Azure is supported; however, crossing between vendors can create additional support challenges. IT personnel may find themselves in the vendor blame game; the only difference now is that part of the technical problem is no longer on site, and the support issue can be a lot more extensive.

Does this mean if you’re a Hyper-V shop you should automatically go with Azure? Sticking to a single vendor is not a foolproof answer, but in this case, sticking with Microsoft should be one of your top three options. Besides the support concerns, there are ease of deployment and possible licensing cost incentives that can also influence the decision to stay within a single vendor ecosystem.

The vendor question will not be as much as an issue with hybrid-cloud vendors that are more cloud-vendor neutral. This includes Rackspace, which does not have a hypervisor of its own. These hypervisor-agnostic vendors are also ideal for organizations with multi-hypervisor environments.

3. Service Level Agreements (SLAs)

A common trend today is many of the top data center vendors getting into the hybrid cloud business. Well-established companies such as HP, Cisco and IBM are now offering hybrid cloud services. These hybrid clouds can help extend many of the tools or infrastructure the vendors offer to combine a partial onsite installation with some of the backend of the tools and services running in the third-party clouds. This can enable customers to use additional features that would otherwise be unavailable, unless they have a much larger onsite installation.

While many of these cloud offerings are built on established technologies, uninterrupted performance or reliability cannot be guaranteed. Many users of Microsoft’s Azure cloud service found this out in 2014 with an outage that lasted several hours, leaving some organizations with few options. Though other hybrid-cloud providers could run into the same problem, you do have to be aware that the concept of the hybrid cloud is still new for many of these vendors. They may not be as invested in the technology as others who solely focus on hybrid cloud services or their solutions might not be as mature as other options.

With so many new vendors coming to the hybrid cloud market, reviewing and understanding the SLAs (service level agreements) is critical. An SLA is not simply about what level of uptime is guaranteed; it also has to reference penalties for systems being offline. For both established and new hybrid cloud providers, this can be a touchy subject; however, it is a critical one because SLAs are not always clear.

While you may have an SLA for your hybrid cloud, it might not cover all of the cloud components. What does this mean? If your 99.99 percent (up to 52 minutes of outage) hybrid cloud goes offline due to a network issue, that outage is counted against the network availability. On the other hand, if your compute goes offline, that outage is not cumulative with the network outage; they are in separate counters. The same goes for storage or WAN. This means you could have separate outages, each lasting up to 51 minutes, and as long as one category does not go over 52 minutes, you still have a 99.99 percent uptime rating.

The second piece to this is the penalty aspect. The loss to your business during an outage can be devastating, and yet in most cases a cloud provider will offer you discounts on your hosting fees using a monetary penalty. While it is doubtful you can negotiate with your provider to cover your losses during an outage, you do have the ability to shop around and at least ask about modifying the penalty clause.

An additional point to keep in mind is how flexible the cloud provider is if you want to move a workload from that vendor’s hybrid cloud to a different cloud provider. While many of the larger cloud providers may not shutter their doors and go out of business, it is possible their cloud division might get spun off or sold. Ensuring your hybrid cloud provider has some type of migration or exit strategy is a preventative move that hopefully you’ll never need. But it’s worth asking about a migration path; it may even help to keep pricing conversations a bit more honest.

4. Hybrid Cloud Costs

All cloud technologies come with a cost. Often the private cloud is a capital investment, while a public cloud is a continuous operational cost. The hybrid cloud has a bit of a different cost structure. The pricing model won’t necessarily be zero when it’s not actively in use. You still have to pay for the connection and the ability to move workloads. When you do need that additional resource, it will most likely cost more than what it would in the public cloud. However, on the flip side, when it’s not in use, the cost is lower than with the public cloud. This lower and higher cost flip-flop will not necessarily result in savings; it’s more likely to be closer to cost neutral when compared to the public cloud. The real benefit is a soft cost in reduced turnaround time and increased flexibility while still keeping the desired security.

For today’s business, being able to react to a new market or need is critical. The elastic nature of cloud computing enables that ability in record time. For the hybrid cloud user, the option to balance security and deploy large numbers of compute resources can make the difference in getting a product to market faster. Leveraging your internal resources with what the hybrid cloud gives you makes for a perfect balance of flexibility and elasticity.

The hybrid cloud doesn’t require the commitment of the private or public cloud in terms of capital, operational or administrative costs. Compatibility with your existing infrastructure is just one of many things when considering a cloud solution. And if you are going to cross vendor lines, ensure you have support clearly defined so you do not run into issues when systems are down and timing is critical. The hybrid cloud can be the right solution for many organizations as long as it’s implemented and used properly.

Read More


2016 could be the year of ransomware, and companies need to be prepared to face this malware threat. According to a recent report from Intel Corp’s McAfee Labs, the number of ransomware attacks is expected to grow in 2016, and that could create costly problems for SMBs.

Ransomware is a type of malware that allows a hacker to encrypt files on an infected computer and then demand a ransom be paid in order to decrypt the data. Often, users have no other option than to pay the ransom, which can range anywhere from $200 to $10,000. According to the FBI’s Internet Crime Complaint Center, victims of CryptoWall – one of the most prevalent forms of ransomware – reported more than $18 million in losses between April 2014 and June 2015.

Small businesses are particularly vulnerable to ransomware. According to the Verizon 2015 Data Breach Investigations Report, 23 percent of SMBs that receive phishing emails open them, and 11 percent click on the attachment. That’s why it’s critical for MSPs to educate their small business customers about ransomware and stay up to date on the latest threats.

Here are four points that are important for businesses to keep in mind about ransomware.

1. Users are the final line of defense

Even if you have all the right technical safeguards (such as antivirus software, spam filters and firewalls) in place on a customer’s system, they can still fall victim to ransomware. All it takes is one person who unwittingly clicks on a suspicious link or opens the wrong attachment, and a whole system could be infected.

To help combat this, you need to teach users about what ransomware is, how it can hurt their business and the warning signs they should watch out for. For example, CryptoWall is often spread using files named HELP_DECRYPT in .txt, .html, .url and .png file formats.

2. Seeing is believing

One of the most effective ways to teach your users about ransomware is to show them real examples so they know what an infected email looks like. You can find a number of helpful online quizzes, such as this one from McAfee, that provide a variety of examples and explanations about how to tell the difference.

After a computer is infected with ransomware, a message will be displayed alerting the users and providing instructions on how to pay the ransom. You should show your employees some examples of what these screens look like so they can let you know immediately if they do fall victim to ransomware.

3. Backup supports faster recovery

If a users hit with ransomware, having a recent backup will make it easy for you to restore their operations as quickly and painlessly as possible, saving time and money for both you and your customer. For that reason, having a backup solution in place and regularly testing backups to make sure they’re running properly is a critical part of protecting your business from ransomware. If a user doesn’t have access to a recent backup, your company will likely have no choice but to pay the ransom.

4. Ransomware is always evolving

Malware developers are constantly introducing new and improved ransomware strains, creating new challenges for companies. For example,CryptoWall 4.0 was unleashed in November, adding twists such as encrypting filenames as well as the files themselves, making it nearly impossible to tell files apart. To stay up to date on the latest ransomware news threats, one should follow sites such as Bleeping Computer or the Microsoft Malware Protection Center. Or leave it to your current IT vendors to stay on top of these threats and resources. Any IT vendor worth their weight in salt should already be regular visitors of these sites

At CAM we provide preventative and support solutions for ransomware. We have seen various variants of these bugs and are experienced with dealing with them. Never negotiate with terrorist, and ransomware coders are terrorist to businesses and individuals.

Schedule a consultation today
to speak with a consultant today!

Click to Schedule an Appointment



Read More
Dangers of Unsecure Texting HIPAA

Minimizing Mobile Risks in Healthcare

Minimizing emerging threats to mobile devices and applications should be a top health data breach prevention priority for 2016!

“What we’re seeing from the new [threat] vector perspective is that a lot of mobile is coming to the spotlight,” says Bowen, chief privacy and security officer and founder of the security firm ClearDATA.

“We’ve seen this trend for the last few years where we can use a mobile device in an incredibly effective way to enable healthcare to deliver amazing patient care,” he says in an interview with Information Security Media Group. “Some of the greatest innovations happen that way. Unfortunately, at times, the mobile device has been enabled with great software that doesn’t necessarily consider the entire ecosystem from a hardening perspective.”

The only way to stay ahead of emerging threats is to “employ a security-first strategy, make sure you’re doing vendor diligence, and make sure you’re implementing a defense-in-depth strategy that considers every layer of security,” he says.

For instance, healthcare organizations need to realize that mobile software may be storing logs that could contain personally identifiable information for a patient. Also, “you may be incorporating data flows from inside and outside that application that may not be hardened,” he notes.

Additionally, mobile data is at risk “because people are still lugging laptops around without encryption,” he notes.

In fact, about one-third of incidents listed on the Department of Health and Human Services “wall of shame” website of major health data breaches affecting 500 or more individuals since September 2009 involve unencrypted lost or stolen laptops or other portable electronic devices.

It’s also important to vet technology suppliers, he stresses. “We see new entrants into the healthcare market – and sometimes that’s a great thing, and other times it’s shocking how lax the security can be, even from security vendors who really claim to embrace a security-in-depth strategy.”

Other Threats

In developing strategies to fight against hacker attacks, which were pervasive in 2015, organizations need to take steps to make sure social engineering tactics fail, he says. “Hackers are really going after the easiest targets first,” he points out. “It’s not about stealing a database of credentials. It’s more about stealing credentials one phishing email or keystroke logger at a time.”

In the interview, Bowen also discusses:

  • Other security weaknesses that make healthcare organization easy targets for cyberattacks, and what those entities can do to bolster security;
  • How healthcare entities can better prevent and detect breaches involving insiders, including members of their workforce as well as business associates;
  • Three lessons that can be learned from the top healthcare breaches in 2015.

Bowen is the chief privacy and security officer and founder of security firm ClearDATA. He manages the risks and business impacts faced by global healthcare organizations, with a specific focus on cyberthreats, privacy violations, security incidents, social engineering attempts and data breaches. Bowen is a Certified Information Privacy Professional,Certified Information Privacy Technologist and Certified Information Systems Security Professional.

Full interview here

Read More

3 Things to consider before migrating to the Cloud

Cloud computing grows more popular by the day, and it continues to show its value to the healthcare industry. Being able to dynamically access content while online is a great asset. But, of course, this doesn’t come without taking some risks and gambling your data’s security. Thankfully, there are some ways in which you can tip the odds in your favor.

To help you successfully leverage your technology to meet the needs of your organization without compromising your data’s security, we’ve assembled three common risks that are typically associated with Cloud solutions, and how to successfully avoid them.

Number 1: Data Theft
The most obvious risk to your organization’s data, and any information that’s stored online, is data theft, and other types of hacks that could compromise or even corrupt your mission-critical information. No matter how small or large your organization is, it’s a target for hackers and threats of all kinds, especially in the online environment.

It’s important that you understand that there’s no way to ensure that your practice’s data is 100 percent protected from all types of threats found on the Internet. It’s just not feasible. As long as your organization’s data is stored in an online environment, there’s always going to be a possibility (no matter how slim) that a hacker will get their hands on your data. What you can do, however, is optimize your network and Cloud security to ensure that this possibility is minimal at best. To find out more information about online data security, contact CAM and ask us about our comprehensive security solutions for the online environment.

Number 2: Compliance Violation
Many organizations in specific industries are subject to compliance laws pertaining to the storage and sharing of sensitive information. Due to the nature of cloud storage, using it to store sensitive information in an online environment can have unexpected complications. For example, if this information were to be compromised, what would you do? Depending on the situation, you will be required to inform the victim of the breach, and/or be subject to a costly fine.

Naturally, it’s your responsibility to ensure that your systems are meeting the compliance standards set by your industry. Depending on what type of orperation you run, there are specific criteria that must be met for any kind of sensitive information stored online. Chances are that if your organization collects this information, you’re subject to compliance laws that are often convoluted and difficult to understand. CAM HIPAA Solutions can help make this easier.

Number 3: Immense Downtime
If your practice only stores information in the Cloud, what would happen if that information were suddenly unavailable due to downtime? Hosting your data in the Cloud demands that you need an Internet connection; if this is lost, you’ll be staring downtime in the eyes. This, in essence, is major roadblock that can set your organization behind schedule, break your operations budget, and overall, become quite a nuisance.

This is the reason why you want your information stored in multiple locations; you should be able to access your organization’s data and mission-critical applications from both online and offline systems. This minimizes downtime and improves mobility, which is invaluable for remote workers.

Read More
Fear Itself Speech 修改 文章 英文 click through the following web site | Advanced Trading Tools · Learn How to Trade opciones binarias demo click here now
Loan Canada go credit visit their website