In April, CISA, aka the Cybersecurity and Infrastructure Security Agency, published a handy trends findings summary that they pulled from 192 healthcare and public health sector entities (HPH). From fiscal year 2019 – 2020, the agency discovered, HPH’s four most common cyber risks were: Phishing Out-of-date patches Unsupported software and operating systems Poorly configured internet-accessible … Read more
Chris Apgar, President & CEO of Apgar & Associates, recently joined the Health Sector Coordinating Council’s (HSCC) Joint Cybersecurity Working Group on behalf of the American Health Information Management Association (AHIMA). HSCC is a coalition of industry associations and their members that collaborates with healthcare industry leaders and the government to address the healthcare sector’s … Read more
For healthcare organizations and the businesses that support them, regulation and legislation too often turn into lawsuits and settlements. What’s happening to get you into trouble in the first place? How can you avoid the serious costs they bring – to the bottom line and to reputation? Here’s what Julia and I often see from … Read more
It’s time to circle back to the topic of remote access. Earlier I provided you a checklist to send to your remote working employees to assess workspace and workstation security. With new portable devices and web apps that support working from home, including transmitting large amounts of data with minimum resources, I feel it’s important … Read more
Remember that brief moment when we thought the COVID-19 business impact was lifting? It was a nice thought, but we were wrong. We’re firmly in the midst of the pandemic with alleviation an ever-moving target. What does this mean for businesses, especially covered entities (CE) and business associates (BA)? Telework and telehealth present security risks, … Read more
As things ease up, and slowly people return to the office, what steps do you need to take to make sure data and devices are secure? It’s not quite a reversal of what covered entities (CE) and business associates (BA) went through when everyone who was non-essential was required to go to remote work, but … Read more
The healthcare industry reports that video hijacking, or teleconference hijacking, emergence on the rise as telehealth appointments replace typical in-person ones during the COVID-19 crisis. The FBI has received multiple reports of conferences being disrupted by pornographic images, hate images and threatening language. Yet another reason that, even though OCR has indicated it will not … Read more
It’s one of those questions that never goes away. The answer is, “Maybe” and very definitely, “Not always.” Contrary to popular belief, even after ransomware attacks, the safe harbor still applies when it comes to breaches. If your PHI data was encrypted prior to the ransomware attack that encrypted (aka “held for ransom”) it, you … Read more
Are you sure your medical records aren’t accessible by outsiders? Maybe check your perimeter security. I’m not talking about fancy technical security gadgets, but the simple, obvious things like setting a password on your internet-facing applications. Here’s why I ask. Did you hear about the 187 medical system servers not protected by passwords or necessary … Read more
Isn’t it rewarding when a fellow security professional posts about an attempted hack of his personal website that he turned into a lesson in website security? And in the end, hacked the hacker? That’s exactly what happened with Larry Cashdollar, a senior security response engineer at Akamai. Cashdollar noticed something peculiar in the logs on … Read more
Apgar & Associates, LLC
7100 SW Hampton St #137
Tigard, OR 97223
503-384-2538
©Copyright 2023 Apgar and Associates. All rights reserved.
