HIPAA Compliance Solutions

MANAGED SUPPORT SECURITY

Keep your company competitive and increase profits with strong and reliable it support services

HIPAA Safeguards.com specializes in providing IT services for healthcare organizations. We help you get the most of your information technology – making sure you can provide the highest level of patient care possible while also maintaining HIPAA compliance.

When it comes to information technology for healthcare organizations, we know you’re focused on two specific goals:
Allowing your staff members to stay productive in the way they take care of patients, and making sure confidential PHI remains secure against unauthorized access.

That’s why you need to work with an IT services company that understands the unique needs of healthcare organizations like yours.

FBI: BEC scams accounted for half of the cyber-crime losses in 2019

The FBI received 467,361 internet and cyber-crime complaints in 2019, which the agency estimates have caused losses of more than $3.5 billion, the bureau wrote in its yearly internet crime report released today.

The FBI said that almost half of the reported losses — an estimated $1.77 billion — came from reports of BEC (Business Email Compromise), also known as EAC (Email Account Compromise) crimes.

BEC/EAC is a sophisticated scam targeting businesses and individuals performing wire transfer payments.

“At its heart, BEC relies on the oldest trick in the con artist’s handbook: deception,” the FBI said back in 2017, when it started receiving an increased number of BEC scams reports.

A typical BEC scam happens after hackers either compromise or spoof an email account for a legitimate person/company. They use this email account to send fake invoices or business contractors. These are sent to employees in the same company, or upstream/downstream business partners.

The idea is to trick counterparts into wiring money into the wrong bank accounts.

BEC scams are popular because they’re (1) dead simple to execute, and (2) don’t require advanced coding skills or complex malware.

According to the FBI’s 2019 Internet Crime Report, BEC scams were, by a considerable margin, the most damaging and effective type of cyber-crime last year in 2019.

Only 23,775 BEC victim accounted for $1.77 billion in losses for victims, which is on average $75,000/complaint.

In comparison, phishing/smishing/vishing accounted for $500 in losses per complaint, while ransomware averaged $4,400.

“In 2019, the IC3 observed an increase in the number of BEC/EAC complaints related to the diversion of payroll funds,” the FBI said.

“In this type of scheme, a company’s human resources or payroll department receives an email appearing to be from an employee requesting to update their direct deposit information for the current pay period. The new direct deposit information generally routes to a pre-paid card account.”

Ransomware situation

Another point of interest in the FBI’s internet crime report for 2019 was ransomware. Last year, we saw a decrease in the number of complaints and a rise in the amount of losses caused by ransomware incidents.

This year, losses continued to increase, but the number of ransomware incidents spiked right back up. All in all, the report’s findings are surprising.

2019 has been a year flooded with news about ransomware infections hitting left and right. Companies in the private sector, managed service providers, schools, and municipalities have been hit the most.

According to reports from Armor and Emsisoft, ransomware crew took US entities in their sights last year. Emsisoft reported that ransomware hit in 2019:

  • 113 state and municipal governments and agencies.
  • 764 healthcare providers.
  • 89 universities, colleges and school districts, with operations at up to 1,233 individual schools potentially affected.

As ransomware these new mode of operation became more popular in 2019, new ransomware gangs joined the fold, increasing the number of attacks we saw in 2018.

According to multiple experts, both BEC and ransomware attacks are expected to continue to rise in 2020, as there’s little to deter cyber-crime groups from launching new operations.

Source

Take a quick compliance survey

Accelerate and Simplify HIPAA Compliance Management

Any organization that transmits any health information in electronic form, including health plans, healthcare clearing houses, healthcare providers, and business associates of a covered entity, must comply with HIPAA.

Yet, according to the US Department of Health and Human Services, one of the top issues that organizations have is failure to sufficiently safeguard electronic protected health information. One of the big challenges is the number of security controls that organizations need to deploy, often requiring numerous security point products that are costly to procure and difficult to deploy and manage.

To help you achieve HIPAA compliance, including satisfying the HIPAA Security Rule, you need a HIPAA compliance software solution that is easy to deploy and monitors your critical infrastructure.

AlienVault® Unified Security management™ (USM) delivers a comprehensive threat detection, incident response, and HIPAA compliance management solution for your cloud and on-premises environments that costs less and delivers results in significantly less time than traditional SIEM products.

The AlienVault USM platform delivers multiple security essentials to help you prepare for your next HIPAA audit faster and more easily, and in a single, unified platform:

  • m1

    (888) 275-2459

    Contact Sale

  • Discover All IP

    Discover all IP-enabled assets, including OS details, across your on-premises and cloud environments

  • Systems Identification

    Identify systems with vulnerabilities, understand which assets are high-, medium-, and low risk, and identify any available patches or workarounds

  • Threats Detection

    Intrusion detection detects threats, including malware and ransomware, that are active in your network with advanced, automatic correlation

  • Identification Logon Attempts

    Identify both successful and failed logon attempts, and monitor user and administrator activities

  • Accelerate Responses

    Accelerate incident response with built-in remediation guidance for every alarm, and integrated orchestrated responses that can be manually or automatically executed

  • Cloud Environments

    Collect events from across your on-premises and cloud environments and cloud applications for analysis, and store them for at least 12 months

Why choose us

4 REASONS TO PARTNER WITH HIPAA SAFEGUARDS

AlienVault USM Anywhere implements multiple mechanisms to assure the confidentiality, integrity, and availability of your security monitoring data, both from external and insider threats, and across your cloud, on-premises , and hybrid environments.
  • conversations-4872_af60b258-251e-41af-b238-dfb706d7b3d4

    Dedicated Data Store

    Unlike other SaaS-delivered services that use a multi-tenant architecture, AlienVault uses a single-tenant, dedicated data store architecture to securely store your security monitoring data. This assures that your data is completely isolated from other customers’ data, compared to multi-tenancy misconfigurations or failures that can result in data leakage and breakage, and that can affect multiple customer accounts.

  • diploma-2983_a6bb0b64-dbc1-431e-ac00-a83597982a0

    Data Secured

    Every USM Anywhere Sensor uses the Transport Layer Security (TLS) protocol to create a secure connection with the USM Anywhere central service. Both your USM Anywhere Service and each of your USM Anywhere Sensors has a unique digital certificate, which are used to securely authenticate one another. Once authenticated, a unique encryption key is created, which then encrypts all security monitoring data sent from the USM Anywhere Sensor to your USM Anywhere service, maintaining its confidentiality and its integrity.

  • flag-2979_1fd1d414-4b4f-4887-a94a-493ba8e0b0c7

    Data Integrity

    Any event and log collected by USM Anywhere is stored within compliant-ready and secure “cold storage.” By default, USM Anywhere enables at least 12 months of cold storage, with the ability to extend the long-term storage capacity as needed.

    USM Anywhere uses a “write once, read many” (WORM) approach to log storage to prevent log data from being modified or otherwise tampered with. You can download your raw logs at any time by initiating a request from within USM Anywhere. If you ever decide not to renew your contract, your unique encryption key and data are securely destroyed 90 days after your contract expires.

  • messaging-app-4876_473fc710-9ecc-4785-9e78-8c9f00ae9498

    Confidentiality of Data Security

    To assure the confidentiality of your security monitoring data at rest, USM Anywhere encrypts both your hot (online) and cold (long-term) storage data using the Advanced Encryption Standard (AES) with a 256-bit encryption key, which is unique to your USM Anywhere service.

Stop wasting time and money on technology. Explore our company

Threat Detection for Healthcare Organizations

According to the Identity Theft Resource Center, healthcare organizations suffered 34.5% of breaches identified in 2016. It’s nearly impossible to stop a persistent attacker from penetrating even the most secure environment. Therefore, it’s essential to not only focus on preventing attacks, but also on detecting and responding to attacks as quickly as possible.

AlienVault USM has helped healthcare organizations like Shriners Hospitals, Kaiser Permanente and Novo Nordisk accomplish these key tasks:

  • m1

    (888) 275-2459

    Contact Sale

  • Identify vulnerabilities on assets that store electronic protected health information (ePHI)
  • Maintain an audit log of who has accessed ePHI, helping meet audit management requirements
  • Identify systems communicating with malicious IPs, a sign of possible compromise
  • Identify and respond to security incidents, including remediation advice for every alert

Reporting and Management for HIPAA Compliance

HIPAA Part § 164.312 (B) “Audit Controls” states that you must “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.” AlienVault USM is updated regularly with new compliance reports as these regulatory standards evolve, greatly reducing the time required to assess HIPAA compliance.

HIPAA Part § 164.312 (C) (2) deals with data integrity and requires that any covered organization “Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.”

The AlienVault USM platform helps entities satisfy this requirement by providing File Integrity Monitoring (FIM) on files as well as Windows registry entries and digitally signed audit logs. The USM platform’s FIM feature performs regular audits on files (ePHI, security configuration, or other sensitive files) to identify any unanticipated or unauthorized changes that could be an attack or create a misconfiguration that opens new vulnerabilities.

To ensure that the logs themselves have not been tampered with, the AlienVault USM platform implements multiple levels of protection of your security data in transit and at rest. This ensures the integrity and confidentiality of your security data, which allows for your logs to be admissible in a court of law.

How It Works

GET A IT SOLUTIONS QUOTE

Please contact our team or complete the form below. A representative will contact you shortly.

  • Let’s Talk

    We’ll chat about your business, how you use technology, and what you want to get out of IT.

  • Choose Your Plan

    If we’re the right fit, you’ll choose the IT service agreement that works best for your organization.

  • Start Your IT Experience

    Within days, you’ll be experiencing IT like never before.