skip to Main Content
Talk to a Security Expert Now: (800) 721-9177

IT Security Blog

Independent research and articles on IT security, healthcare security, and hacking techniques.

Contact Us

HackedIn

In June 2012, a hacker posted 8 million “hashed” passwords on an underground forum, looking for assistance in cracking them. About a fifth of the user credentials appeared to have come from eHarmony.com, an online dating site, with the remainder…

Read More

The First Step In Cyber Insurance: Know Your Risk And What You’re Insuring Against.

Cyber insurance provides an opportunity to address residual risk in your information security program to offset the costs due to a data breach of ePHI. However, individuals polices, coverage and exclusions are highly variable, so just like any security control it's important to understand your security risk profile before an appropriate security insurance policy can be defined. An assessment, such as a HIPAA Security Risk Analysis should be the first step in any insurance policy strategy. Here's why: A) You'll have to do it anyway, B) The safest approach is to avoid a breach in the first place, C) Your risk profile will enable a better tailored policy.
Read More

A Blue Note: Looking Deeper at the 2009 PHI Breach at BlueCross BlueShield Tennessee

Did BCBST get off easy? Well, they certainly did a good job of damage control. But in today’s environment, I doubt anyone could follow suit. BCBST very likely benefitted from HHS/OCR not being in position to immediately enforce the Breach Rule given that the HITECH Act itself has only just been enacted a few months prior to the breach. Now, some 2½ years later, they’ve had a chance to implement a stronger IT security program, including the encryption of its PHI data-at-rest, a step we at Redspin strongly advocate. Also, no cases of ID theft or fraud have come to light as a result of their breach.
Read More
Back To Top