Posts

HHS provides Healthcare Providers Risk Assessment Tools

The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires that covered entities conduct a risk assessment of their healthcare organization.

4HA risk assessment helps your organization ensure it is compliant with HIPAA’s administrative, physical, and technical safeguards. A risk assessment also helps reveal areas where your organization’s protected health information (PHI) could be at risk. Watch the Security Risk Analysis video to learn more about the assessment process and how it benefits your organization, or visit the Office for Civil Rights’ official guidance.

HHS (Health and Human Services) is now providing health care providers in small to medium sized offices a new security risk assessment tool that will guide them in conducting risk assessments of their organizations.

The security risk assessment (SRA) tool comes from a combined effort between the Office for Civil Rights and the HHS Office of the National Coordinator for Health Information Technology.

Organizations, with the guidance of the tool, will be able to carry out and document risk assessments with efficacy; the practices will be able to assess information security risks under the HIPAA Security Rule. The application for the tool can be downloaded from www.HealthIT.gov/security-risk-assessment.

HIPAA requires such organizations to routinely evaluate their physical, technical and administrative safeguards to preserve information security.

Deploying the risk assessments will enable health care providers to unveil possible loopholes in their systems and security policies, plus address susceptibilities—all of this will help stave off health data breaches and other security mishaps.

The HIPAA Security Rule requires conduction of the security risk assessment by health care providers that seek payment via the Medicaid and Medicare HER Incentive Program.

A user guide and tutorial video are available on the SRA tool’s website.

Additionally, the site provides videos on risk analysis.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

Heartbleed: Free Tool To Check if That Site is Safe

I’m sure you’ve heard the news about Heartbleed by now (unless you’re in vacation wonderland and have taken a tech break). This is a serious vulnerability in the core of the Internet and is something we all should be concerned about.

heartbleedHeartbleed is a kink in encryption software, discovered by security researchers. It is a vulnerability in OpenSSL and could affect nearly two-thirds of websites online. If exploited, it can leak out your passwords and login names, thus putting your personal information at risk.

That’s why McAfee, part of Intel Security, is responding to the dangerous Heartbleed vulnerability by releasing a free tool to help consumers determine if a website they visit is safe or not. You can access the tool, here: http://tif.mcafee.com/heartbleedtest

McAfee’s Heartbleed Checker tool works by entering any website name to find out if the website is currently vulnerable to Heartbleed.

Steps to protect yourself:

  • Go to McAfee’s Heartbleed Checker tool http://tif.mcafee.com/heartbleedtest and enter any website URL to check if it’s vulnerable.
  • If the site is deemed safe your next step would be to change your password for that site. Remember, changing your password before a site is patched will not protect you and your information.
  • If the site is vulnerable, then your best bet is to monitor the activity on that account frequently looking for unauthorized activity.

Once a site has been patched so it’s no longer vulnerable to the Heartbleed bug, you should change your password. Here’s some tips to remember:

  • Use strong passwords that include a combination of letters, numbers and symbols and are longer than 8 characters in length – heck the longer the better. Below is a good animation on how to create a strong password.
  • Use a password manager, like McAfee SafeKey which is included with McAfee LiveSafe™ service that will help you create strong password and remember them for you.
  • Use two-factor authentication for increased security. You get a one-time code every time someone tries to log into the account, such as those for banks, social networks and email.

Heartbleed aside, passwords are more vulnerable than ever, and just in general, should be changed every 90 days for important accounts. And remember, if your information was exposed, this is a good time to watch out for phishing scams.

A phishing scam is a ploy that tricks you into entering sensitive data, like usernames, passwords and bank account information, by emulating a familiar website.  And if your information is compromised, even if it’s just your email address, scammers could use this to try and get your other sensitive information.

Remember, in this day and age, we all need to be vigilant about protecting ourselves online.

Stay safe!

Robert Siciliano is an Online Security Expert to McAfee. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247

5 Must Have Small Business Security Tools

Security Alarm System: No matter what kind of business you are in, there is something of value within your facility that a criminal will fence for drugs. Everything from products you sell, to warehouse items, maintenance tools, phone systems, office furniture, computers and the company safe.

Security Cameras: Whether you are protecting the perimeter of the property from vandals or thieves or protecting the inventory from theft, or even the cash register from sweethearting or robbery, security cameras are an essential component to any small business security system.

Business Continuity: Having a data backup locally is essential. Having a data backup in the cloud is fundamental. And having a backup for all your network operations either at a remote facility or accessible in the cloud is an insurance policy no small business should do without.

Secure Information Technology: A comprehensive information security plan that involves encrypting all sensitive data, ongoing critical security patches, antivirus protection, antispyware, firewalls (both software and hardware) and a secure Internet gateway are critical to preventing costly data breaches.

Secure Mobile Fleet: Managing digital devices such as mobile phones, tablets, thumbdrives and any other portable device that stores or communicates data can be the equivalent of herding cats if not done right. IT managers must have security policies in place to deal with and manage devices attached to the network in some way. Many security vendors provide comprehensive solutions to keep track of, lock down, and secure devices.

Robert Siciliano personal and small business security specialist toADT Small Business Security discussingADT Pulse on Fox News. Disclosures