Tag Archives: IT Security

A solid password today keeps the hackers away

Posted on by Posted in Uncategorized Tagged , , , , , , , Leave a comment

https://blog.aicpa.org/2019/05/a-solid-password-today-keeps-the-hackers-away.html#sthash.Dz5ZMLNV.dpbs

Image result for solid password

With identify theft becoming one of the world’s fastest growing crimes, days like World Password Day are crucial to raising awareness of online threats. I sat down with Jay Overcash, Director of IT Security Strategy, to talk about how people can protect themselves from hackers.

Why is a day like World Password Day so important?

As more and more of our lives move into the digital realm, we rely on authentication to protect our valuable online data and assets.  Usernames and passwords remain the predominant method for securing online data.  World Password Day is important as it draws attention to the need to adequately protect online data with a strong password.

While today is World Password Day, how often should we evaluate our passwords and consider changing them?

Everyone should evaluate their passwords and consider changing them as least once per year.  If you use the same password on multiple websites, then you should consider changing the password more frequently; however, the best advice is to have a unique password per website and application.

What are some best practices when creating or changing a password?

Current guidance by the National Institute of Standards and Technology recommends creating an easy-to-remember password that is long and composed of a series of unrelated words.  The minimum recommended password length depends on the sensitivity of the data being protected but it is generally agreed that 8 characters should be the minimum length. 

An example of an easy-to-remember password composed of unrelated words is redfootballthreebutterflies.  This password does not use any numbers or symbols and is easier for the end user to remember.  From a security perspective, the length of 27 characters is exponentially more difficult for a machine to crack, and the unrelated words make it extremely difficult to guess.  Even with this long, much more secure password, individuals should change their passwords at least once per year.

How else can people protect themselves online besides staying aware of passwords?

In general, people should always use anti-virus software and not click on links or attachments in emails that appear suspicious.  Additionally, users should only download files from trusted websites. One optional item to keep users’ accounts safe is enabling multi-factor authentication (MFA) on their accounts.  MFA, also referred to as two-step verification, provides a second method for verifying authentication for accounts usually via text message or email notification.  Enabling MFA will greatly improve the security of your accounts online.

Given that today is World Password Day, it’s the perfect time to take the pledge to #LayerUp. Add multi-factor authentication and evaluate your current passwords. It could save you a lot of trouble in the future.

 

Hospital ER worker fired for allegedly selling patient records

Posted on by Posted in Uncategorized Tagged , , , , , , , , , , Leave a comment

https://www.beckershospitalreview.com/cybersecurity/kings-county-hospital-er-worker-fired-for-allegedly-selling-patient-records.html

Image result for stealing patient records

An employee at Kings County Hospital’s emergency room stole nearly 100 patients’ private information and sold it through an encrypted app on his phone, according to New York Daily News.

Orlando Jemmott, 52, has worked at the city-run Brooklyn hospital for more than 10 years, where he was in charge of charting patient demographic data into the hospital’s computer system. But between December 2014 and April 2015, he allegedly sold patient data to Ron Pruitt, 43, a buyer in Pennsylvania.

FBI agents arrested Mr. Jemmott in February after receiving a tip in June 2017. A tipster told the FBI she had learned two years earlier that Mr. Jemmott was stealing and selling health records.

Hospital officials told the publication that Mr. Jemmott sold the names of 98 patients, and he accessed the private health records of at least 88 of those patients.

Kings County fired Mr. Jemmott in April. He has been negotiating a plea deal with prosecutors since.

“We have zero tolerance for anyone who intentionally violates our patient privacy rules,” Kings County Hospital CEO Sheldon McLeod said in a written statement to the New York Daily News. “The privacy of patient information is an important foundation for the care we provide.”

 

 

New York nonprofit healthcare organization hit with $200K HIPAA fine

Posted on by Posted in Uncategorized Tagged , , , , , , Leave a comment

https://www.beckershospitalreview.com/cybersecurity/new-york-nonprofit-healthcare-organization-hit-with-200k-hipaa-fine.html

Image result for HIPAA data breach

 

The Arc of Erie County, a Buffalo, N.Y.-based nonprofit that serves people with developmental disabilities, agreed to pay a $200,000 penalty to the state of New York to resolve allegations it violated HIPAA in a yearslong data breach.

As part of the settlement, Arc of Erie County is required to conduct a thorough risk analysis of vulnerabilities of all electronic equipment and data systems, as well as review its policies and procedures. It must submit a report on its findings to the Attorney General’s Office within 180 days of the settlement.

“The Arc of Erie County’s work serves our most vulnerable New Yorkers — and that comes with the responsibility to protect them and their sensitive personal information,” New York Attorney General Barbara Underwood said in a news release. “This settlement should provide a model to all charities in protecting their communities’ personal information online.”

In early February 2018, Arc of Erie County learned clients’ personal information — including full names, Social Security numbers, gender, race, primary diagnosis codes, IQ scores, insurance information, addresses, phone numbers, dates of birth and ages — was exposed on its website.

An investigation determined the information had been publicly accessible in spreadsheets since July 2015 and 3,751 clients were affected. The webpage was intended only for internal use, but the investigation noted several unauthorized third parties accessed the datasets on numerous occasions. Officials said there is no evidence of malware on the system or ongoing communications with outside IP addresses.

The organization notified all affected individuals in March, and it offered them one year of free identity theft protection services.

 

An industry in turmoil: Poor cyberthreat prep puts patients in danger

Posted on by Posted in Uncategorized Tagged , , , , , , , , Leave a comment

http://www.fiercehealthit.com/story/industry-turmoil-poor-cyberthreat-prep-puts-patients-danger/2016-02-24

Study: Hospitals plagued by lack of security funding, personnel, training

Hackers exploit Ascension hospital in latest cyberattack

Posted on by Posted in Uncategorized Tagged , , , , , Leave a comment

http://www.healthcaredive.com/news/hackers-exploit-ascension-hospital-in-latest-cyberattack/372547/?utm_source=Sailthru&utm_medium=email&utm_term=Healthcare%20Dive&utm_campaign=Issue%3A%202015-03-10%20Healthcare%20Dive