HCAR SECURITY BULLETIN - MARCH 14, 2005
Business security becomes more critical every day. Not only must you comply with federal regulations such as HIPAA, but you must keep your company safe from hackers, spammers, viruses, worms and other threats. This weekly summary of significant security events is brought to you at no charge by Stony Hill Management, publishers of Home Care Automation Report and developers of GetHIP-Security, home care’s most widely-used HIPAA compliance tool.
Stricter Healthcare Security Guideline on the Horizon?
The National Committee on Vital and Health Statistics, one of the key organizations helping shape the president’s electronic medical records initiative, has called for research into the need for more well-defined security standards for healthcare providers. According to a recent Healthcare IT News article, Jeff Blair, co-chairman of the NCVHS Subcommittee on Standards and Security, characterized HIPAA as a set of general guidelines that do not necessarily define a minimum security threshold that healthcare organizations should provide. “We’re suggesting the government should have a research agenda for what should be the security and authentication requirements,” Blair said. “We’re calling for research to be done to assess future risks.”
Congress Moving Quickly on Privacy Front
Web Mobs Compared to La Cosa Nostra
What do shadowcrew, carderplanet, stealthdivision and darkprofits have in common? They are all virtual crime families that Baseline Magazine writers John McCormick and Deborah Gage characterize as the modern day, internet-based, equivalent of La Cosa Nostra. According to McCormick and Gage, “...members of Web mobs don't have to break into a bank to rob it. Instead, they provide a framework and services for criminals to trade in their chosen stock — stolen credit cards and identity documents.” Citing a Secret Service report on shadowcrew, they note that the group’s 4,000 members ran a worldwide marketplace in which 1.5 million credit card numbers, 18 million e-mail accounts, and scores of identification documents were offered to the highest bidder. If you want to find out just how serious the issue of cybercrime is getting, you do not want to miss this story.
Auntie Em... The BotNets Are Coming!
It doesn’t sound like a particularly insidious threat, but a German university in just three months using only a few computers set up as “honeypots” (machines intentionally set up to be vulnerable to attack) identified more than 100 botnets. These are networks of compromised computers that can be used by hackers to launch attacks or distribute spam. The networks ranged in size from only a few hundred PCs to several that had more than 50,000 compromised machines. According to InformationWeek’s Greg Keizer, security experts believe more than 1 million machines are compromised throughout the world and that the bulk of the botnets are built using just a handful of exploits that take advantage of a few Windows vulnerabilities.
HIPAA Tip of the Week – Security Responsibility
The Security Rule includes a required implementation specification with regard to designating someone to serve as the security official in your organization. This is analogous to your privacy official designation. The same individual can wear both hats and is likely to do so in most small organizations. Your Security Official should be designated early in the compliance process, as they will most likely be responsible for completing your risk analysis and developing your risk management plan. For a free copy of a sample Security Official Job Description contact Stony Hill Management at firstname.lastname@example.org and put "Job Description" in the subject line.
Stony Hill’s GetHIP-Security software is used at more than 1,000 locations throughout the U.S. and is endorsed by more than 25 state and national associations. It includes more than 60 sample documents including a comprehensive risk analysis, policies and procedures, forms and training materials. To download an evaluation copy of the software or to access Stony Hill’s free four-part web-based Security Rule seminar visit our website at www.hipaahomecare.com.