Assess and Plan
Consulting and planning services that address the essentials of security with a multi-layered approach.
Protect and Prevent
Expert resources to enhance all stages of your incident management lifecycle, helping to minimize losses.
Detect and Respond
Services that filter traffic flowing into your network, trigger alerts, and block and analyze traffic.
Handle Incident Response
Gain key insights into cyber security trends and learn how to help keep your organization protected.
Safe Healthcare Facility
HIPAA Safe Guards can help ensure that your network’s information is not only protected by multilayer security.
HIPAA Safeguards.com specializes in providing IT services for healthcare organizations. We help you get the most of your information technology – making sure you can provide the highest level of patient care possible while also maintaining HIPAA compliance.
When it comes to information technology for healthcare organizations, we know you’re focused on two specific goals:
Allowing your staff members to stay productive in the way they take care of patients, and making sure confidential PHI remains secure against unauthorized access.
That’s why you need to work with an IT services company that understands the unique needs of healthcare organizations like yours.
FBI: BEC scams accounted for half of the cyber-crime losses in 2019
The FBI received 467,361 internet and cyber-crime complaints in 2019, which the agency estimates have caused losses of more than $3.5 billion, the bureau wrote in its yearly internet crime report released today.
The FBI said that almost half of the reported losses — an estimated $1.77 billion — came from reports of BEC (Business Email Compromise), also known as EAC (Email Account Compromise) crimes.
BEC/EAC is a sophisticated scam targeting businesses and individuals performing wire transfer payments.
“At its heart, BEC relies on the oldest trick in the con artist’s handbook: deception,” the FBI said back in 2017, when it started receiving an increased number of BEC scams reports.
A typical BEC scam happens after hackers either compromise or spoof an email account for a legitimate person/company. They use this email account to send fake invoices or business contractors. These are sent to employees in the same company, or upstream/downstream business partners.
The idea is to trick counterparts into wiring money into the wrong bank accounts.
BEC scams are popular because they’re (1) dead simple to execute, and (2) don’t require advanced coding skills or complex malware.
According to the FBI’s 2019 Internet Crime Report, BEC scams were, by a considerable margin, the most damaging and effective type of cyber-crime last year in 2019.
Only 23,775 BEC victim accounted for $1.77 billion in losses for victims, which is on average $75,000/complaint.
In comparison, phishing/smishing/vishing accounted for $500 in losses per complaint, while ransomware averaged $4,400.
“In 2019, the IC3 observed an increase in the number of BEC/EAC complaints related to the diversion of payroll funds,” the FBI said.
“In this type of scheme, a company’s human resources or payroll department receives an email appearing to be from an employee requesting to update their direct deposit information for the current pay period. The new direct deposit information generally routes to a pre-paid card account.”
Another point of interest in the FBI’s internet crime report for 2019 was ransomware. Last year, we saw a decrease in the number of complaints and a rise in the amount of losses caused by ransomware incidents.
This year, losses continued to increase, but the number of ransomware incidents spiked right back up. All in all, the report’s findings are surprising.
2019 has been a year flooded with news about ransomware infections hitting left and right. Companies in the private sector, managed service providers, schools, and municipalities have been hit the most.
- 113 state and municipal governments and agencies.
- 764 healthcare providers.
- 89 universities, colleges and school districts, with operations at up to 1,233 individual schools potentially affected.
As ransomware these new mode of operation became more popular in 2019, new ransomware gangs joined the fold, increasing the number of attacks we saw in 2018.
According to multiple experts, both BEC and ransomware attacks are expected to continue to rise in 2020, as there’s little to deter cyber-crime groups from launching new operations.
Accelerate and Simplify HIPAA Compliance Management
Any organization that transmits any health information in electronic form, including health plans, healthcare clearing houses, healthcare providers, and business associates of a covered entity, must comply with HIPAA.
Yet, according to the US Department of Health and Human Services, one of the top issues that organizations have is failure to sufficiently safeguard electronic protected health information. One of the big challenges is the number of security controls that organizations need to deploy, often requiring numerous security point products that are costly to procure and difficult to deploy and manage.
To help you achieve HIPAA compliance, including satisfying the HIPAA Security Rule, you need a HIPAA compliance software solution that is easy to deploy and monitors your critical infrastructure.
AlienVault® Unified Security management™ (USM) delivers a comprehensive threat detection, incident response, and HIPAA compliance management solution for your cloud and on-premises environments that costs less and delivers results in significantly less time than traditional SIEM products.
The AlienVault USM platform delivers multiple security essentials to help you prepare for your next HIPAA audit faster and more easily, and in a single, unified platform:
Why choose us
4 REASONS TO PARTNER WITH HIPAA SAFEGUARDS
Stop wasting time and money on technology. Explore our company
Threat Detection for Healthcare Organizations
According to the Identity Theft Resource Center, healthcare organizations suffered 34.5% of breaches identified in 2016. It’s nearly impossible to stop a persistent attacker from penetrating even the most secure environment. Therefore, it’s essential to not only focus on preventing attacks, but also on detecting and responding to attacks as quickly as possible.
AlienVault USM has helped healthcare organizations like Shriners Hospitals, Kaiser Permanente and Novo Nordisk accomplish these key tasks:
Reporting and Management for HIPAA Compliance
HIPAA Part § 164.312 (B) “Audit Controls” states that you must “Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.” AlienVault USM is updated regularly with new compliance reports as these regulatory standards evolve, greatly reducing the time required to assess HIPAA compliance.
HIPAA Part § 164.312 (C) (2) deals with data integrity and requires that any covered organization “Implement electronic mechanisms to corroborate that electronic protected health information has not been altered or destroyed in an unauthorized manner.”
The AlienVault USM platform helps entities satisfy this requirement by providing File Integrity Monitoring (FIM) on files as well as Windows registry entries and digitally signed audit logs. The USM platform’s FIM feature performs regular audits on files (ePHI, security configuration, or other sensitive files) to identify any unanticipated or unauthorized changes that could be an attack or create a misconfiguration that opens new vulnerabilities.
To ensure that the logs themselves have not been tampered with, the AlienVault USM platform implements multiple levels of protection of your security data in transit and at rest. This ensures the integrity and confidentiality of your security data, which allows for your logs to be admissible in a court of law.