Tag Archives: Password Security

A solid password today keeps the hackers away

Posted on by Posted in Uncategorized Tagged , , , , , , , Leave a comment

https://blog.aicpa.org/2019/05/a-solid-password-today-keeps-the-hackers-away.html#sthash.Dz5ZMLNV.dpbs

Image result for solid password

With identify theft becoming one of the world’s fastest growing crimes, days like World Password Day are crucial to raising awareness of online threats. I sat down with Jay Overcash, Director of IT Security Strategy, to talk about how people can protect themselves from hackers.

Why is a day like World Password Day so important?

As more and more of our lives move into the digital realm, we rely on authentication to protect our valuable online data and assets.  Usernames and passwords remain the predominant method for securing online data.  World Password Day is important as it draws attention to the need to adequately protect online data with a strong password.

While today is World Password Day, how often should we evaluate our passwords and consider changing them?

Everyone should evaluate their passwords and consider changing them as least once per year.  If you use the same password on multiple websites, then you should consider changing the password more frequently; however, the best advice is to have a unique password per website and application.

What are some best practices when creating or changing a password?

Current guidance by the National Institute of Standards and Technology recommends creating an easy-to-remember password that is long and composed of a series of unrelated words.  The minimum recommended password length depends on the sensitivity of the data being protected but it is generally agreed that 8 characters should be the minimum length. 

An example of an easy-to-remember password composed of unrelated words is redfootballthreebutterflies.  This password does not use any numbers or symbols and is easier for the end user to remember.  From a security perspective, the length of 27 characters is exponentially more difficult for a machine to crack, and the unrelated words make it extremely difficult to guess.  Even with this long, much more secure password, individuals should change their passwords at least once per year.

How else can people protect themselves online besides staying aware of passwords?

In general, people should always use anti-virus software and not click on links or attachments in emails that appear suspicious.  Additionally, users should only download files from trusted websites. One optional item to keep users’ accounts safe is enabling multi-factor authentication (MFA) on their accounts.  MFA, also referred to as two-step verification, provides a second method for verifying authentication for accounts usually via text message or email notification.  Enabling MFA will greatly improve the security of your accounts online.

Given that today is World Password Day, it’s the perfect time to take the pledge to #LayerUp. Add multi-factor authentication and evaluate your current passwords. It could save you a lot of trouble in the future.

 

Memorial Healthcare Systems to pay $5.5M over potential HIPAA violations

Posted on by Posted in Uncategorized Tagged , , , , , , , , , Leave a comment

http://www.healthcaredive.com/news/memorial-healthcare-systems-to-pay-55m-over-potential-hipaa-violations/436400/

Dive Brief:

  • Memorial Healthcare Systems has paid HHS $5.5 million to settle potential HIPAA violations, HHS disclosed on Thursday.
  • The six-hospital nonprofit system disclosed to HHS’ OCR that 115,143 individuals’ protected health information (PHI) had been impermissibly accessed by employees and impermissibly disclosed to affiliated physician office staff.
  • The settlement comes weeks after Children’s Medical Center of Dallas was fined $3.2 million over HIPAA violations.

Memorial Healthcare System provided Healthcare Dive the following statement on the subject:

It’s important to put this settlement in perspective to the fact that this situation happened six years ago, and that Memorial Healthcare System proactively reported the actions of the two employees and the findings of its internal investigation regarding the affiliated physicians’ staff to the Department of Health and Human Services’ Office of Civil Rights (OCR). Upon learning of the breaches, Memorial quickly acted to implement new, sophisticated technologies designed to monitor use and access of patient data, further restricted access to protect patient information, and enacted new policies and procedures to enhance password security. 

Memorial’s February 2017 settlement with the OCR resolves all allegations surrounding these breaches.  While Memorial strongly disagrees with many of OCR’s allegations, has admitted no liability and has chosen to settle this case, it nevertheless agrees with the importance OCR places on maintaining the security of patient information. We will continue to vigorously monitor access and use of patient information and maintain rigorous cybersecurity and internal safeguards.