Minimize Risk: Healthcare’s Need to Address the Unknown Unknowns

risk management

Government agencies – state and federal – have spent the past several months trying to get healthcare’s attention about cybersecurity and simple steps that organizations can take to reduce their risk of ransomware (aka minimize risk). “There are known knowns; there are things we know we know. We also know there are known unknowns; that … Read more

CISA: On Cyber Risks, Mitigation & Best Practices

In April, CISA, aka the Cybersecurity and Infrastructure Security Agency, published a handy trends findings summary that they pulled from 192 healthcare and public health sector entities (HPH). From fiscal year 2019 – 2020, the agency discovered, HPH’s four most common cyber risks were: Phishing Out-of-date patches Unsupported software and operating systems Poorly configured internet-accessible … Read more

Apgar & Associates’ President & CEO Joins HSCC Joint Cybersecurity Working Group on Behalf of AHIMA

Chris Apgar, President & CEO of Apgar & Associates, recently joined the Health Sector Coordinating Council’s (HSCC) Joint Cybersecurity Working Group on behalf of the American Health Information Management Association (AHIMA). HSCC is a coalition of industry associations and their members that collaborates with healthcare industry leaders and the government to address the healthcare sector’s … Read more

Video Hijacking Have You Worried? Try these 5 Steps from the FBI

video hijacking fbi advice apgar

The healthcare industry reports that video hijacking, or teleconference hijacking, emergence on the rise as telehealth appointments replace typical in-person ones during the COVID-19 crisis. The FBI has received multiple reports of conferences being disrupted by pornographic images, hate images and threatening language. Yet another reason that, even though OCR has indicated it will not … Read more

RFI Vulnerability Lesson: Beware of Who You (try to) Hack

Beware of Who You Hack

Isn’t it rewarding when a fellow security professional posts about an attempted hack of his personal website that he turned into a lesson in website security? And in the end, hacked the hacker? That’s exactly what happened with Larry Cashdollar, a senior security response engineer at Akamai. Cashdollar noticed something peculiar in the logs on … Read more

Communication Disconnect: Sales Promises & the Information Security Audit

Has this happened to your company? The sales team has a hot prospect who wants them to conduct an information security audit. Sales promises that not only can that happen, but also that it will happen by a specific deadline. The problem? No one checked with the C-suite or operations management before committing. This communication … Read more

Phishing: Help Good Employees Avoid the Hook of a Cybersecurity Nightmare

The sneakiest of cyber-attacks, phishing has grown in sophistication even as organizations work to tighten cybersecurity programs. Phishing attacks have always been an easy backdoor into an organization’s – or individual’s – network. With one click as you rush through daily emails, you can unleash malicious software into the system. Phishing fools the best employees. … Read more

WiFi Vulnerability & the KRACK Infiltration: Tips from Techs

By now, you’ve heard of the KRACK WPA2 infiltration of WiFi. Basically, a vulnerability in the WPA2, the standard for most WiFi communications between your mobile phone, computer and anything else that connects to a wireless access point, is a wide-open door for cyber attackers. When a cyber attacker exploits the WiFi vulnerability, they can … Read more

How Vulnerable to Cybercrime is your Healthcare Organization?

For some time now, we’ve been blogging about increases in cybercrime as well as what you can do about it.  The Workgroup for Electronic Data Interchange (WEDI) has published a cybercrime issue brief that explores some of healthcare’s common vulnerabilities typically exploited by cybercriminals today. WEDI also recommends best practices you can apply to help mitigate … Read more

Serious Implications of DDoS & DOS Attacks Prompts OCR to Share Prevention Tips

The Internet of Things (IoT) is leaving gaps that malicious software can exploit, bringing down extensive systems. The increasing frequency and severity of the attacks has healthcare systems and their supporting technology vendors on pins and needles. Healthcare organizations may lose ability to access systems that are critical to patient care, in addition to affecting … Read more