Blogs » The Redspin Report

The latest updates on penetration testing, breaches, and healthcare security.

Why Cyber Insurance Isn’t All It’s Cracked Up To Be

Posted on by mmak Posted in Main | Leave a comment
With the number of breach victims in 2014 thus far reaching over 77 million, investing in a cyber insurance policy may sound like a good idea. But before latching on to this safety net and calling it a day, it is important to remember that cyber insurance policies are still in their early stages of development. While cyber insurance should be considered part of your risk management arsenal, it is not a substitute for regular penetration testing and vulnerability assessments. [ Read More ]

Helpful Reminders About HIPAA Security Risk Analysis

Posted on by mmak Posted in Main | Leave a comment
If protecting the integrity of patient health care information were not already sufficient incentive to improve IT security, being HIPAA compliant comes with even more perks for most providers. Medicare and Medicaid Electronic Health Care Record (EHR) Incentive Programs have been implemented to provide financial incentives to eligible medical professionals and hospitals that demonstrate they have satisfied the requirements of the HIPAA Security Rule. The core objective of “Protect Electronic Health Information” complements the foundation laid by the HIPAA Security [ Read More ]

All Roads in the Digital Future Lead Through Security Says Gartner

Posted on by Dan Berger Posted in Main | Leave a comment
Gartner recently released their Top 10 Strategic Technology Trends for 2015. These aren't your run-of-the-mill trends mind you. These are the disruptive (and often distressing) realities that appear to be just 'round the corner and will require organizations and individuals to adapt and invest or risk being left in the evolutionary dust. While some trends have been percolating along quite nicely such as cloud computing and software-defined infrastructures and applications, I don't think the real impact of "the Internet of [ Read More ]

4 Things You Should Know About Social Engineering

Posted on by mmak Posted in Main | Leave a comment
No matter how many firewalls are put up or how complex passwords may be, if your employees are unknowingly giving out their credentials to strangers, your information security will never be immune to breach. A recent flash poll conducted on security professionals by Dark Reading found that the biggest social engineering threat to organizations is not a specific type of scam, but a general lack of employee awareness. Social engineering is a tactic by which intruders use psychological manipulation and [ Read More ]

Redspin Events in September

Posted on by mmak Posted in Main | Leave a comment
Redspin will be participating in several great healthcare and security conferences this September. Make sure you tune in to get useful information about IT security, policy compliance, and penetration testing! Stanford Medicine X  (Palo Alto, CA) "Practical Information and Security Risk Management for ePatients" by Redspin VP Chris Campbell September 6 @ 9:20am HIMSS Privacy and Security Forum (Boston, MA) Look for Redspin's co-exhibition with EMC September 8-9 The Summit of the Southeast (Nashville, TN) September 15 Cyber Security Summit (New [ Read More ]

OIG Finds NASA Web Application Security Lacking. Is it Time to Assess Yours?

Posted on by Dan Berger Posted in Main | Leave a comment
On July 10, 2014 the Office of Inspector General (OIG) released an evaluation of the effectiveness of NASA's efforts to secure its publicly accessible web applications. While OIG noted some improvement over the past few years, it found "deficiencies... that leave the Agency's publicly available web applications at risk of compromise." Of specific concern was that the identification of vulnerabilities were not prioritized by seriousness of impact (i.e risk rating) nor was the underlying cause of the vulnerabilities determined. The [ Read More ]

Why I Disagree With Google’s Founders About the Healthcare Market

Posted on by Dan Berger Posted in Main | 1 Comment
Google's founders, Sergey Brin and Larry Page, were recently asked at a conference if they could imagine Google becoming a healthcare company. They both said "no" and explained their reasoning as follows. Brin felt the regulatory obstacles would "dissuade a lot of entrepreneurs" from entering the market and added "it's just a painful business to be in." Page gave an example of what he thought could be a useful medical research tool and said "that's almost impossible to do because [ Read More ]

The Risks of a HIPAA Security Risk Analysis

Posted on by Dan Berger Posted in Main | 1 Comment
Believe it or not, there are even risks inherent in conducting a HIPAA security risk assessment. The first risk is in defaulting to a "do-it-yourself" process. Clearly many organizations are capable of doing this work themselves. But many others are not. So before making the decision to stay in-house or to find a competent outside vendor, ask yourself these questions: 1. Do we have sufficient expertise, particularly in IT security, to identify threats, external and internal vulnerabilities, and other risks [ Read More ]

BYOD Security – The Next Problem? Data Sprawl

Posted on by David Carlino Posted in Main | 1 Comment
Submitted by David Carlino Mobile devices are designed to store less data than traditional laptops and desktop workstations. Cloud-based storage continues to enable a steady migration away from local device storage. Due to local storage limits, mobile users are increasingly turning to a wide array of cloud storage options to maintain and access their data. This is very helpful when a device is lost or stolen but there are unintended consequences in complexity, security, and risk... Enabling increased “mobile” storage [ Read More ]

Largest HIPAA Compliance Settlement – A Prescription for IT Security Health

Posted on by Dan Berger Posted in Main | Leave a comment
The key to Redspin’s rapid rise as the leader in HIPAA compliance for healthcare providers has been our unyielding focus on IT security. Last week’s news that OCR had reached a $4.8 million settlement agreement with New York-Presbyterian hospital and Columbia University Medical Center relating to HIPAA compliance violations further affirms our position. What started as an investigation of a 6,800 record ePHI breach became a multi-million dollar black-eye for those providers. At the source of the breach was an [ Read More ]