Code Grey: The Evolving Threat Landscape of Healthcare IT

/in , /by

In our recent webinar, we discussed the evolving threat landscape of healthcare IT. Healthcare might be one of the most confidential industries in the world, which makes it one of the most targeted by cybercriminals.

From ransomware attacks to phishing emails and insider threats, healthcare organizations must be prepared for a multitude of potential security threats.

You can view the webinar in its entirety here. 

Evolution of IT in Healthcare

Prior to the last 3 years, the transition in healthcare technology has been somewhat gradual. The covid-19 pandemic not only amplified the gaps in current patient care but also sped up innovation to find more efficient and better solutions to deliver quality care.  The need for secure healthcare technology solutions has nearly affected every aspect of patient care. 

Healthcare organizations started seeing the value in online platforms and doctors started to become more available via phone which ultimately got more patients access. However, this opened the doors for new threats: cyber attacks. This shift required them to adapt to these new security challenges.

Healthcare providers are focused on patients whereas IT is focused on the cybersecurity of protected health information(PHI) stored. This new wave of technological importance meant there was a lot more training to be done in healthcare, the kind of training that IT support was responsible for.

Understandably so, the healthcare industry is fearful of ransomware. This is because they carry a high risk of experiencing it due to a recent survey where it was reported by HIPPA Journal that 66% of surveyed healthcare organizations said they had experienced a ransomware attack in 2021, up from 34% in 2020 and the volume of attacks increased by 69%, which was the highest of all industry sectors. Healthcare had the second-highest increase (59%) in the impact of ransomware attacks.

Additionally, they carry highly sensitive information including

  • Personal Health Information(PHI)
  • Financial data
  • Intellectual property

The healthcare sector is at such a high risk for cyber threats that now in order to get more advanced protective cybersecurity, prices have skyrocketed creating new challenges for smaller healthcare providers. 

Cybersecurity Threats and Ransomware Prevention

The ever-increasing cybersecurity threats are more prevalent than ever and the importance of knowing how to prevent them is insurmountable. 

According to HIPPA Journal, In 2018, healthcare data breaches of 500 or more records were being reported at a rate of around 1 per day. Fast forward 4 years and the rate has doubled. In 2021, an average of 1.95 healthcare data breaches of 500 or more records were reported each day. Healthcare organizations are targeted due to their high propensity of paying the ransom, the value of patient records, and the inadequate security measures they often have in place.

It is essential for healthcare organizations to have multiple security measures implemented. The following is a list of steps you can take to protect your data.

Multi-Factor Authentication

MFA solutions provide an additional layer of security and are a user-friendly and cost-effective solution for boosting your healthcare organization’s cyber hygiene.  MFA adds a second layer of security through the use of biometric technology, such as facial or voice recognition, or via an authorization code being sent to a user’s device.  As the threat landscape continues to grow, most cyber insurance policies will not cover your organization unless you have MFA enabled on all applications. 

Patch and Vulnerability Management

In the healthcare industry, this added layer of protection tends to take a back burner. The act of patch and vulnerability management is the process in which you apply security patches to systems and software. Your resources don’t always cover everything, this is one of those things that can cover the leaks your resources may miss.

Formulate an Incident Response Plan

A plan beyond calling your cyber insurance company must be implemented, in order to prevent these attacks before they happen. In fact, Comparitech reported that the average ransomware victim loses around 35 percent of their data.

Waiting until a breach occurs without a plan in place puts yourself in a position where you not only have to rely on an unlikely payout but may never fully recover your data.

Train Your Employees with Security Awareness Training 

Employees are your first line of defense against cyber threats.  Ensuring that your team is well-trained on the importance of proper cyber hygiene and is following security measures in place will help boost your cyber posture.  Training 

them repeatedly on password hygiene, phishing emails, and suspicious links is vital in preventing a breach.

Review Your RPD Policies

Your RPD (raw programming data) policies should be reviewed often to make sure they comply with HIPAA and HITECH regulations. This is a necessary step in preventing a breach as well as having proper documentation in the case of one.

Data Backup and Recovery

One of the most important steps in preventing a breach is having a solid backup and disaster recovery plan. This ensures that if something were to happen, you have a way to recover your data and continue operations smoothly.

Preparing for the Future of Healthcare

Because of the new technology debt in healthcare, it’s important to stay ahead of the game. This means keeping up with technology, staying educated on new threats, and constantly reviewing and updating your security measures.

When preparing for the future of healthcare, it’s important to take a look around and delegate expertise appropriately. CEOs don’t need to be IT experts – they just need to find IT support that is not only affordable but provides all of the benefits so your time is spent well in other places. With the right provider, there should be no worry that your IT is not in the right hands.

As healthcare IT continues to evolve, we must adapt and protect ourselves against these evolving threats in order to continue providing top-notch care for our patients. Partner with ISG Tech for our healthcare IT services.

Critical Fortinet Remote Authentication Bypass Vulnerability [CVE-2022-40684] – What it is & What to Action to Take

/in /by

About CVE-2022-40684

On October 6, 2022, Fortinet disclosed a critical remote authentication bypass vulnerability impacting FortiOS, FortiProxy, and FortiSwitchManager – CVE-2022-40684 that could allow a remote unauthenticated threat actor to obtain access to the administrative interface and perform operations via specially crafted HTTP or HTTPS requests.

On October 10th, Fortinet became aware of an instance where this vulnerability was exploited and provided remediation guidance. At this time, it was added to CISA’s Known Exploited Vulnerabilities Catalog with a recommended due date for resolution of November 1, 2022.

On October 12th, our detection and response services observed threat actors begin exploiting CVE-2022-40684 on a widespread basis by:

  • Accessing and downloading the appliance’s configuration file.
    • We have observed threat actors leverage Node.js and Report Runner to download the file.
    • This includes and is not exclusive to cleartext rules, policies, filtering, usernames, routing configurations. As well as encrypted passwords encrypted via the private-encryption-key.
  • Creating privileged administrator accounts.
  • Uploading and running scripts.

Upon hearing this, ISG and our security partners are recommending prompt patching of all impacted systems, which are listed below.

ISG Managed Perimeter Security customers are being contacted to identify the ideal time to complete these patches and identify any potential impact. ISG has patched our internal systems and is working in lock-step with our security partners to stay appraised of the latest threat intelligence on this vulnerability.

Impacted Systems

  • FortiOS versions 5.x, 6.x are NOT impacted.
  • FortiOS version 7.2.0 through 7.2.1
  • FortiOS version 7.0.0 through 7.0.6
  • FortiProxy version 7.2.0
  • FortiProxy version 7.0.0 through 7.0.6
  • FortiSwitchManager version 7.2.0
  • FortiSwitchManager version 7.0.0

Recommended Actions to Take

  • Please upgrade to FortiOS version 7.2.2 or above
  • Please upgrade to FortiOS version 7.0.7 or above
  • Please upgrade to FortiProxy version 7.2.1 or above
  • Please upgrade to FortiProxy version 7.0.7 or above
  • Please upgrade to FortiSwitchManager version 7.2.1 or above

Additional Recommendations

As always, ISG recommends following change management best practices for applying upgrades, including:

  • Testing changes in a dev environment before deploying to production to avoid any operational impact
  • Do not expose administrative interfaces externally
  • Limit IP addresses that can reach the administrative interface using a local-in-policy
  • Implement multi-factor authentication (MFA) to make successful exploitation significantly more difficult

For more best practices around network access, reference Fortinet’s user authentication best practices document.

If you should need help applying patches or have any questions, contact us today.

The First 48 When Ransomware Strikes

/in /by

The content of this blog post comes from our webinar that you can watch here.

Ransomware is an increasingly popular and dangerous threat to businesses and organizations around the world. As cybercriminals continue to advance their techniques, it’s up to businesses and IT professionals to do what they can to stop and mitigate attacks. 

The Security Landscape

There were more than 300 million ransomware attempts in the first half of 2021 alone. Since then, the number of ransomware attacks have only increased, and the resulting damage has been extremely costly.

The current cybersecurity threat landscape for businesses and organizations is complex, with a wide variety of threats to consider. Without cybersecurity experts or even basic cyber hygiene practices, many organizations leave themselves vulnerable as easy victims for cyberattacks such as ransomware and phishing.

When Ransomware Strikes

Ransomware is a type of malware that encrypts a victim’s files and demands a ransom be paid in order to decrypt them. Once ransomware has encrypted a file, the only way to get the data back is through decryption, which can only be done with a special key.

Ransomware attacks can happen to any business or organization, no matter how big or small. In fact, smaller businesses are often targeted because they may not have the same level of security as larger organizations.

Once an organization has been owned by a ransomware attack, there’s little they can do to mitigate the loss unless they had previous protection measures in place such as a secure data backup. Additionally, even if a backup exists, the process of restoring data can be time-consuming and expensive.

The Importance of Managed Backups

In the event of a ransomware attack, having a secure backup is critical to mitigating loss. Backups should be stored offline and not connected to the network in order to prevent them from being encrypted by ransomware. Additionally, it’s important to have multiple backups in different locations in case one is lost or destroyed. As an ISG Backup client, we follow the best practice of a 3-2-1 solution. This means our team creates 3 copies of your data, in 2 different media formats, with 1 of those off-site.

The Remediation Process

Once a ransomware attack has occurred, the first step is to contain the spread of the malware. This can be done by disconnecting any infected devices from the network and taking them offline. Once the infection has been contained, the next step is to start the process of cleaning and rebuilding any infected systems.

Payments, Prevention, and Preparation

There are a few things businesses and organizations can do to prevent themselves from being targeted by ransomware attacks. The first is to have proper cybersecurity measures in places, such as firewalls, anti-virus software, and email filtering. Additionally, it’s important to educate employees on cybersecurity best practices and have an incident response plan in place in the event of an attack. 

For a thorough list of the controls, you should have in place, check this clip that speaks to the 12 Critical Controls Cyber Insurance providers are now required to qualify for cyber insurance. 

12 Critical Controls Cyber Insurance Providers Are Now Required

In the event that an organization is targeted by a ransomware attack, it’s important to not give in to the attacker’s demands. Paying a ransom only incentivizes cybercriminals to continue their attacks and doesn’t guarantee that files will be decrypted.

The best way to prepare for a ransomware attack is to have a comprehensive backup and disaster recovery plan in place. This will ensure that in the event of an attack, data can be quickly restored and business reducing the amount of downtime allowing business to continue as usual.  

Partnering With ISG Tech Mitigates Ransomware Risk

Ransomware attacks are becoming more and more common, and they can happen to any size business or organization within any industry. In order to protect yourself, it’s important to have proper cybersecurity measures in place and to educate employees on best practices. Additionally, having a secure backup is critical in the event of an attack.

If you do find yourself the victim of a ransomware attack, the best course of action is to not give in to the attacker’s demands and reach out to cybersecurity professionals such as ISG Technology.  By partnering with a managed service provider for IT security you are increasing your cybersecurity posture, give us a call today or visit our contact us page here to schedule a call with a security expert today. 

Cyber Insurance. And The War on Ransomware.

/in /by

The content of this blog post is based on our recent webinar that you can watch here.

Cyber insurance is a must-have cyber defense weapon for all organizations trying to mitigate modern security threats. But the exponential increase in ransomware has created an industry chain reaction – Insurance providers are leaving the market, premiums are on the rise, more security controls are being required, and organizations are left scrambling.

As cyber criminals continually advance and develop new tactics to disrupt IT infrastructures, it’s critical that experts, businesses, and insurance companies work together to slow down the rise of cybercrime. 

The Rise of Ransomware and the Industry Chain Reaction

Video: State of The Cyber Insurance Industry in 2 Minutes

Ransomware attacks are rising at an alarming rate, and businesses of all kinds are threatened by this cybercrime. One reason for the recent growth of ransomware is that more and more businesses are digitizing their valuable data, which allows for more accessibility and therefore more opportunity for human error.

Essentially, this transition to digital business processes makes it easier for cybercriminals to gain access to company data. Another reason for the rise in ransomware attacks is that many businesses don’t have comprehensive cybersecurity measures in place to defend themselves against even basic hacking attempts. 

Video: How Much Will Cyber Insurance Cost Going Forward?

As a result, when a ransomware attack does occur, businesses are often left with no choice but to pay the ransom in order to get their data back. This only serves to encourage cybercriminals, who know that there’s a good chance they’ll be able to get away with their crimes.

According to the Global Insurance Market Index U.S., cyber insurance prices have increased by 79% from last year.  The cost of cyber insurance has soared due to the rise in cyber-attacks and threats.  Due to these circumstances, insurance companies are asking for more in-depth information about organizations’ cyber policies and procedures, and those that don’t have the level of security needed face higher premiums and less coverage. 

How Businesses and IT Partners Must Partner Together

In order to protect businesses from ransomware and other cyber threats, it’s important for businesses and their IT partners to work together. By collaborating, businesses can ensure that comprehensive cybersecurity measures are in place to defend against attacks.

IT partners can also help educate businesses about the importance of having a robust incident response plan in place in the event that an attack does occur. This plan should include information about how to contact the appropriate people, what data needs to be backed up, and what steps need to be taken to minimize the damage caused by an attack.

The Role of Cyber Insurance in Incident Response Plans

Webinar Preview: Cyber Insurance & The War On Ransomware

Cyber insurance can play a critical role in incident response plans. In the event of a ransomware attack, cyber insurance can help businesses recover lost data and get back up and running as quickly as possible.

Cyber insurance can also help businesses cover the costs of hiring a professional to clean up any malicious software that might have been installed on their systems as part of the attack. In some cases, and depending on your policy, cyber insurance may even cover the cost of the ransom itself.

The Increasing Controls Insurance Providers are Requiring

Video: 12 Critical Controls You Need to Get Cyber Insurance

As the threat of ransomware and other cyber threats continues to grow, insurance providers are starting to require businesses to take more comprehensive security measures in order to qualify for coverage. 

For example, many insurance providers now require businesses to have incident response plans in place before they will provide coverage. This helps to ensure that businesses are prepared in the event of an attack and can take steps to minimize the damage caused.

Managed Security + Cyber Insurance Mitigates Cyber Risk

In the current cybersecurity threat landscape,  it’s important for businesses, IT partners, and insurance providers to work together to fight the war on ransomware. By taking comprehensive security measures and being prepared with incident response plans, businesses can minimize the damage caused by an attack and be ready to quickly recover lost data.

Cyber insurance can play a critical role in these plans, but insurance providers are increasingly requiring businesses to take more security measures before they will provide coverage. ISG Technology can work with your company to ensure you have the proper security controls in place to not only proactively protect your infrastructure but also prepare you in the event of an attack.  Give our team a call today or visit our contact us page to schedule a consultation with one of our cybersecurity experts. 

Service Update

/in /by

Recently, ISG Technology became aware of an IT security incident involving unauthorized access to our environment. Upon discovery, we immediately initiated ISG Technology’s comprehensive incident response plan and engaged industry-leading cybersecurity specialists to help secure our systems, investigate the incident and further enhance security protocols.

Our priority is the security of our systems, and the safety of our customer’s data and operations. As part of our response plan, and out of an abundance of caution, we have disabled access to some services to ensure a safe, secure and protected environment for all customers.

This will impact some of the services we provide to our customers, including:

  • Veeam Backups and Replication – Offsite backups and restoration. Some monitoring and notifications will be impacted.
  • Enterprise Cloud virtual server hosting – Access to vCloud management console may be limited; as well as the ability to add, move or change the virtually hosted environment.
  • Access to the ticketing and portal system – Proactive external alerts will not be available

We are working to bring those systems back online as quickly and securely as possible to minimize the impact on customers.

We apologize for any inconvenience this may have caused, and will provide up-to-date information here as it becomes available. If you have questions, please contact our Service Desk at: servicedesk@isgtech.com or 866.915.1197.

UPDATE SEPTEMBER 30, 12:00 P.M.

This is an update to confirm that this incident has been resolved and all client services are restored and operational.

Throughout this process, our incident response plan prioritized the integrity of the ISG network, and the safety of the data and systems of our customers. The most significant service disruption was due to our proactive security approach – and a commitment to investigate every relevant system to ensure any access was identified and secured.

Based on our investigation, we are confident that systems are secure from the unauthorized access, and our enhanced security protocols will mitigate further risks associated with this incident. We thank our customers for their patience through this experience.

UPDATE AUGUST 18, 12:00 P.M.

At this time, primary customer services are online. Some systems may be experiencing delays as they automate through backlogs, but services are functioning.

If you are continuing to experience system disruption or are unable to access services, please contact our Service Desk at: servicedesk@isgtech.com or 866.915.1197.

UPDATE AUGUST 15, 8:00 A.M.

Significant progress has been made on all ISG systems, and we intend to have most services restored this week. Please note the following about these services:

Veeam Backups & Replication – Starting Monday 8/15, some customers will experience successful backups as this system is brought back online. We will be in touch with customers as this occurs to ensure services are back to standard operations, including daily monitoring and remediation for managed customers.

Enterprise Cloud virtual server hosting – We intend to have vCloud management online this week, as well as access to the ticketing and portal system. Should you need any assistance with server management prior to vCloud access being restore, please reach out to the service desk.

Access to the ticketing and portal system – We intend to restore access to our ticketing portal and resume standard ticketing processes this week. Until further notice, please continue to contact our Service Desk at: servicedesk@isgtech.com or 866.915.1197.

We’d like to thank all of our customers for their patience through this experience. All of the work to date has been to ensure that environments have been secured before being restored.

With our cybersecurity partner, we have been thorough in examining the network and servers. According to our investigation, the unauthorized access was caught and removed before any customer data was lost, and all service interruption has been due to our proactive security approach.

As we proceed through this, we are making changes to improve customer experience and to enhance security protocols. If you experience any issues, please contact our Service Desk at: servicedesk@isgtech.com or 866.915.1197.

UPDATE AUGUST 10, 12:00 P.M.

ISG Engineering teams are continuing to work to ensure that impacted systems are secured and fully functional when brought back online and are taking additional time to further enhance security protocols. We will provide an updated estimate for restoration when the timeline is confirmed.

ISG Engineering teams are continuing to work to ensure that impacted systems are secured and fully functional when brought back online and are taking additional time to further enhance security protocols. We will provide an updated estimate for restoration when the timeline is confirmed.

For customers with managed backup systems, backups are being successfully stored locally but remote storage is not yet available.

UPDATE AUGUST 7, 9:00 P.M.

ISG Engineering teams have been working through the weekend and made significant progress to review and secure systems.

Veeam backups and replication, enterprise cloud virtual server hosting and access to the ticketing and portal system remain impacted. They are expected to have limited functionality for at least another 48 hours as we further enhance security protocols. No other services are expected to be affected at this time.

Thank you for your patience. If you experience any issues, please contact our Service Desk at: servicedesk@isgtech.com or 866.915.1197.

UPDATE AUGUST 5, 9:00 P.M.

In an exercise of caution as previously stated in the note above, we briefly restricted data center access around 7:00 p.m. this evening. We have addressed the situation, and brought services back to their previous state. We apologize for any inconvenience or disruption this may have caused. Our investigation into the situation continues. We will continue to update this post as we have information to share.

What’s the Difference between Co-Managed and Managed IT?

/in , /by

When it comes to managed IT services, there are two main options: co-managed and managed. So what’s the difference? In this blog post, we will discuss the advantages and disadvantages of both options, so you can make an informed decision about which type of service is best for your business.

What is Co-Managed IT?

Co-managed IT is a type of service where the client and IT service provider share responsibility for the management of the IT infrastructure. This can include tasks such as monitoring, patching, and incident response. 

These services are often used by businesses that have in-house IT staff, but lack the expertise or resources to effectively manage their IT infrastructure.

Advantages of Co-Managed IT

There are several advantages to this type of service:

  • Co-managed IT services can be customized to fit the needs of the client.
  • Co-managed IT services can be less expensive than managed IT services, since the client is sharing the cost of the service with the provider.
  • Co-managed IT services can provide a higher level of support than in-house IT staff, since the provider has more expertise and resources.

Disadvantages of Co-Managed IT

There are some disadvantages to co-managed services:

  • The client may have to share confidential information with the provider.
  • The provider may not be available 24 hours a day, which can be a problem if there is an issue with the IT infrastructure outside of normal business hours.

What is Managed IT?

Managed IT is a type of service where the IT service provider takes full responsibility for the management of the client’s IT infrastructure. Managed IT services are utilized by businesses that do not have any kind of professional IT systems in place.

Advantages of Managed IT

There are several advantages to managed IT services:

  • Managed IT services can provide a higher level of support than in-house IT staff, since the provider has more expertise and resources.
  • Managed IT services can be available 24 hours a day, which can be helpful if there is an issue with the IT infrastructure outside of normal business hours.
  • Managed IT services can take care of all the details of managing the IT infrastructure, so the client can focus on their business.

Disadvantages of Managed IT

There are some disadvantages to managed IT services:

  • Managed IT services can be more expensive than co-managed services, since the client is not sharing the cost of the service with the provider.
  • The provider may have to share confidential information with other clients.
  • The client may not have as much control over their IT infrastructure as they would with co-managed services.

Looking for Co-managed or Managed IT Services?

Both co-managed and managed IT services have their advantages and disadvantages. The best option for your business will depend on your needs and budget. If you need a high level of support but want to save money, co-managed IT services may be the best option.

Do you have any questions about co-managed or managed IT services? Reach out to ISG Technology today to learn more about the right options for your business.

The Benefits of Co-Managed IT Service for Healthcare Providers

/in , /by

Fast network speeds and a quality cybersecurity plan are probably not the first things that come to mind when you think about technology for healthcare. But these tools can be just as important as medical supplies when it comes to providing quality patient care.

That’s where co-managed IT services come in. By outsourcing your organization’s IT needs to a team of experts, you can focus on your core mission while a managed service provider takes care of the rest.

Why Does Your Organization Need Customized Healthcare IT Services?

There’s a lot that goes into keeping a healthcare facility up and running, from maintaining compliance with regulations to ensuring secure data storage. Here are some of the IT services that are essential for healthcare providers:

Cybersecurity: In the age of digital medical records, protecting patient data is more important than ever. A managed service provider can help you implement the latest cybersecurity tools and best practices to keep your data safe.

Network Management: Healthcare providers need fast, reliable network connections to access patient records, schedule appointments, and more. Managed IT services will redesign your network for maximum speed and efficiency.

Compliance: Healthcare organizations must comply with a variety of regulations, from HIPAA to the HITECH Act. Working with a managed service provider will help you stay up-to-date on the latest compliance requirements and ensure that your systems are compliant.

Data Storage: Healthcare providers generate a lot of data, from medical records to X-rays. A managed service provider can help you store this data securely and ensure that it is accessible when you need it.

Managed IT services can provide your healthcare organization with a wide range of benefits, from improved network speeds to secure data storage. By outsourcing your IT needs to a team of experts, you can focus on providing quality patient care instead of putting out IT fires. 

What Specialized IT Services Are Available for Healthcare?

As the world becomes increasingly digital, healthcare providers are finding that they need to upgrade their IT systems in order to keep up. While many organizations are turning to managed IT services to get the help they need, not all providers offer specialized services tailored specifically for healthcare providers.

A proactive managed IT provider for healthcare will offer:

  • Electronic health records (EHR)
  • Telemedicine
  • Revenue cycle management (RCM) software
  • Practice management software
  • EHR/EMR handling and processes
  • Support for medical interface problems

These days, it’s not enough to simply have an IT department. In order to keep up with the rapidly changing world of healthcare technology, you need a team of dedicated IT professionals who are up-to-date on the latest trends and developments.

What Are the Benefits of Specialized IT Services for Healthcare?

When a managed service provider creates a curated strategy just for you, you’re sure to see a return on your investment. Here are just a few of the benefits of having specialized IT services for healthcare:

  • Improved patient care: When you outsource your IT, you can focus on your core mission of providing quality patient care.
  • Increased efficiency: A managed service provider can help you streamline your processes and make better use of your time.
  • Compliance: Stay up to date on the latest compliance requirements with an IT technician who specializes in healthcare compliance.
  • Improved security: By outsourcing your IT, you can benefit from the latest cybersecurity tools and best practices.
  • Lower costs: With fixed-cost pricing, you can save money on infrastructure costs and avoid the need to hire additional staff.

A managed service provider can help you make the most of your time and resources so that you can focus on providing quality patient care. When you partner with an MSP, you can be confident that your IT needs are in good hands.

Avoid Costly IT Challenges with ISG Technology

When it comes to technology, healthcare is changing fast. In order to keep up with the latest trends and developments, you need a team of dedicated IT professionals who are up-to-date on the latest trends and developments.

At ISG Technology, we understand the unique challenges that healthcare organizations face. We’ve worked with hundreds of healthcare providers, from large hospitals to small specialty clinics and everything in between. We help take the IT burden off healthcare providers’ shoulders.

With our help, you can focus on providing quality patient care while we take care of your IT needs. Contact us today to learn more about our healthcare IT services.

How to Become HIPAA Compliant

/in /by

How to Become HIPAA Compliant

HIPAA compliance is of utmost importance for any business that handles private health information (PHI). If you are not currently HIPAA compliant or are unsure of what steps to take to become compliant, this blog post is for you! We’ll discuss what HIPAA is, why compliance is important, and two different ways to go about becoming HIPAA compliant.

What is HIPAA?

HIPAA stands for Health Insurance Portability and Accountability Act, which began in 1996. This legislation protects sensitive health information by regulating security and data privacy measures.

Because of the increase in healthcare data breaches caused by ransomware assaults and cyber attacks, the need for compliance with HIPAA has become more drastically clear in recent years. Healthcare organizations must be familiar with and fully comply with each HIPAA rule to fully protect patient data and avoid fines and actions that put PHI at risk.

Why is HIPAA Important?

HIPAA compliance is important because it protects patients’ information and privacy. When patient data is breached, it affects not only the patients, but also the healthcare organization’s reputation. In some cases, patients may lose trust in the organization and seek treatment elsewhere.

There are also financial implications—if a healthcare organization is fined for non-compliance, total financial damages can number in the millions of dollars. The financial implications that can come from non-compliance with HIPAA are hefty, and with cyber criminals targeting healthcare as a vulnerable industry, it’s well worth it to take action to fully comply with HIPAA’s cybersecurity requirements.

How to Comply With HIPAA

It’s critical to understand how to comply with HIPAA regulations if you run a medical practice or have access to sensitive health-related data. The do-it-yourself approach and working with an experienced HIPAA consultant are the two most common methods for ensuring that you are completely compliant.

Do It Yourself

If you want to achieve HIPAA compliance on your own, you’ll need to be familiar with each of the six HIPAA Rules plus the HITECH Act, and their full list of standards. (This is a summary of just one of those rules, the HIPAA Security Rule.) Keep the following checklists and tools handy to ensure that you satisfy all criteria:

  • HIPAA Self-Assessment Checklist: This is a useful tool that has a complete list of HIPAA criteria and lets you tick things off as you’ve completed them. You should continue to utilize this checklist as a reference every time you check or update your compliance status.
  • Risk Assessment Tools: Risk assessment tools can help you find security flaws in your company’s security that could result in noncompliance. The National Coordinator for Health Information Technology’s risk assessment tool might assist you in determining where risks may apply to your company.
  • HIPAA Security Rule Toolkit: This NIST toolkit helps you comply with the Security Rule over time, and it’s especially useful for companies that have recently restructured their IT systems.

If you’re going to do the do-it-yourself route, make sure you have all the tools you’ll need to fully comply with HIPAA regulations. Even if you do have dedicated IT support staff, keeping all of your company’s systems up to speed may be difficult.

Work with a HIPAA Compliance Expert

If you want to ensure that you are compliant with HIPAA, working with an IT provider that’s experienced with helping organizations become HIPAA compliant is the best option. Your provider will be able to help you put all of the necessary safeguards in place and make sure that your systems are secure with minimal time and effort needed from you. 

The experience, tools, and knowledge that a healthcare-focused MSP has can help your company achieve HIPAA compliance. Your provider should be well-versed in HIPAA rules and regulations, as well as the technology required to keep your IT department functioning optimally and securely.

Get Help with Your HIPAA Compliance

HIPAA compliance can be daunting, but it’s important to ensure the privacy of your patients’ data and the continued success of your organization. ISG Technology is here to help you with all of your HIPAA compliance needs. We have a team of experts that will work with you to make sure that your systems are secure, compliant, and optimized for your organization’s needs. Contact us today to learn more about how we can help you!

Recommendations for Mitigating Cyber Risks During Russia/Ukraine Conflict

/in , /by

The White House has warned about the potential for Russia to engage in malicious cyber activity against the United States in response to the unprecedented economic sanctions we have imposed. To prepare, we recommend all organizations implement the following cybersecurity practices as soon as possible.

Improve Network Monitoring at Your Perimeter

Ensure you have visibility for incoming and outgoing traffic with appropriate safeguards.

  • Monitor and consider blocking high-risk outbound network traffic:
    • SSH (TCP 22)
    • MSRPC (TCP 135)
    • SMB (TCP 139, 445)
    • Unsecured LDAP (TCP 389)
    • Secured LDAP (TCP 636)
    • MSSQL (TCP 1433)
    • RDP (TCP/UDP 3389)
    • WinRM (TCP 5985, 5986)
  • Review your WAF configuration and set to blocking mode to mitigate zero-day attacks.
  • Log, correlate, and review events. Focus on threat intelligence, lower alerting thresholds if possible, and be aware of risk patterns associated with Russian actor tactics, techniques, and procedures (TTPs).

Create Contingency Plans to Disconnect High Risk External Connections

Preparedness, control, and proactiveness are key in a successful defense.

  • Inventory any unfiltered VPNs and other vendor/contractor connections. Make sure you have monitoring in place and understand access risks.
  • Limit traffic destinations for high-risk protocols wherever possible (see column to the left).
  • Watch for collateral damage and propagation via automation. NotPetya showed us that poorly monitored and unpatched interconnected systems provide reliable attack surfaces.
  • Perform tabletop exercises to ensure readiness during any disruptive event and at least annually. Ensure all your key resources have current contact information and can support business continuity on short notice.
  • Validate your backup and recovery processes.

Bolster Your Security Awareness Program

Educating end users will lower your risk from malware and social attack vectors.

  • Implement or execute a simulated phishing campaign. These attacks are usually carried out via email but now are frequently delivered via SMS, phone calls, and social
  • media. Ensure your employees are vigilant.
  • Reassess your password standard. Encourage pass phrases and strong passwords: easy to remember, hard to guess. Use a secure password manager to reduce call
  • center events due to users who use complex, hard-to-guess passwords.
  • Implement MFA on any external ingress points. Consider expanding scope to those that don’t store or transmit sensitive information. If they pose a risk by being able to pivot to other systems if compromised, assume the worst.
  • Timely and effective communication is paramount. Consider the human factor: most people are scared during conflicts. You’ll receive the best outcome by keeping your communications simple, actionable, and direct while delivering with calmness.

Improve Your Rigor Around Patching and Update Consistently

Poorly monitored, unpatched assets create additional risk.

  • Ensure your assets are patched and up to date (computer systems, mobile devices, applications, etc.). Automatic updates are strongly encouraged.
  • Ensure your endpoint detection and response agents are active, receiving threat intelligence feeds, and set to protect/block risks.
  • Enable an allow-listing policy on your EDR solution (which files can execute). Recent attacks have showed Russian actors have misused legitimate drivers from trusted vendors, such as EaseUS (Partition Master), to weaponize wiper attacks and in some cases bypass poorly configured or mismanaged EDR/MDR.
  • Look for behavioral evidence or network and host-based artifacts from known Russian state-sponsored TTPs. Table 1 from CISA’s Alert (AA22-011A) lists commonly observed TTPs.

Webinar: Cyber Insurance. And The War On Ransomware.

/in , , , , /by

Cyber insurance is a must-have weapon for all organizations trying to mitigate modern security threats. But the exponential increase in ransomware has created an industry chain reaction – Insurance providers are leaving the market, premiums are on the rise, more security controls are being required, and organizations are left scrambling.

Prepare For The War On Ransomware

In this executive panel discussion, you’ll get actionable advice directly from an industry-leading cyber insurance provider as well as the technology/solution providers actively fighting the war on ransomware. View the full webinar here

What You’ll Learn:

  • The rise of ransomware and industry chain reaction
  • The role of cyber insurance in incident response plans
  • Evaluating your current policy (Good? Bad? Or Ugly?)
  • The increasing controls insurance providers are requiring
  • How business and IT leaders must partner together