HIPAA FAQs
+− What is HIPAA compliance?
HIPAA (The Health Information Portability and Accountability Act) is a federal mandate that, among other things, requires organizations to keep patient data secure. Compliance requires a myriad of privacy and security actions outlined in the mandate’s specific rules, such as password policy creation, patient data protection, and employee training.
+− What happens if I don’t become HIPAA compliant?
If you are found in violation of HIPAA, both the HHS and state attorney generals can levy fines against you. In fact, the HHS assesses fees of up to $50,000 per day per violation.
If noncompliance leads to a breach, you are required by law to notify the HHS, your patients, and, if more than 500 records are involved, the media. This could severely damage brand equity and publicly embarrass your organization. According to a recent survey, 76% of patients state they will stop dealing with an organization responsible for a privacy breach.
+− What is a HIPAA violation?
Each failure to follow one or more of the HIPAA standards, requirements, or implementation specifications is considered a violation. HIPAA violation examples: sharing passwords among nurses, not using an industry-standard firewall, and not encrypting emailed patient data are all separate violations.
+− Who is required to comply with HIPAA regulations?
Covered entities and the entities with whom they share Protected Health Information (PHI) must comply with HIPAA. A covered entity is:
- A health plan.
- A health care clearinghouse.
- A health care provider who transmits protected health information in electronic form in connection with a transaction covered by the HIPAA transactions regulation. (HHS Regulations Definitions 160.103)
Security FAQ
+− How can I prevent ransomware attacks?
By the time the ransom message pops up on a machine, it is too late to save the system. That’s why it’s important to take steps in advance to prevent a ransomware attack from occurring in the first place including:
- Education and training
- Automated backups
- Endpoint monitoring and protection
+− What is Ransomware?
Ransomware is a type of malicious software that threatens you with harm, usually by denying you access to your data. The attacker demands a ransom from the victim, with the promise to restore access to the data upon payment.
- Ransomware has become a popular form of attack in recent years growing 350% in 2018.
- Ransomware detections are on the rise with Ryuk detections increasing by 543% over Q4 2018, and since its introduction in May 2019
- 81% of cyber security experts believe there will be more ransomware attacks than ever in 2019.
- In 2019 ransomware from phishing emails increased 109% over 2017.
- 21% of ransomware involved social actions, such as phishing.
- New ransomware variants grew 46% in 2019.
- 68,000 new ransomware Trojans for mobile were detected in 2019.
- Ransomware attacks increased 41% in 2019 with 205,000 businesses who lost access to their files.
- It’s estimated that a business will fall victim to a ransomware attack every 14 seconds.
- From 2013 to 2016, the primary ransomware variants reported were CryptoLocker and CryptoWall.
- In 2017 and 2018, that transitioned to WannaCry and SamSam.
- In late 2018 and early 2019, the primary ransomware families have been GandCrab and Ryuk.
- 20% of ransomware victims are small to mid-sized businesses.
- 85% of MSPs report ransomware as a common threat to small to mid-sized businesses.
- 29% of small businesses had experience with ransomware, making them more likely to be unprepared for the threat.
+− Typically, what’s the weakest link in SMB cybersecurity?
In a word, people. People face choices of what to click and what not to click every day, and some of them seem to consider outsmarting the most sophisticated antivirus protection a challenge worth taking. But in their defense, sometimes the most innocent-looking links, downloads or images in emails and on websites are actually part of phishing schemes. These schemes can be quite elaborate, waiting days, weeks or even months for a trigger mechanism to launch the malware they’ve deposited into your network, thanks to an unsuspecting click.
+− Don’t hackers focus on large organizations? How concerned do I need to be about virus protection at an SMB?
The idea that only large organizations need to be concerned about cybersecurity is one of the most pervasive and most dangerous myths circulating today. While there are instances of specific organizations being hacked, most cyberattacks aren’t focused at all. Malware is created and let loose online where it is distributed via websites, ads, images, email and any kind of device that connects with the internet. That’s why antivirus software is so important.
SMBs are particularly vulnerable to cyberattack. According to IBM, 62% of all attacks (4,000 per day) strike SMBs. The Ponemon Institute reports that the average cleanup costs are $690,000 for a small business and more than $1 million for a medium-sized company.
The U.S. National Cyber Security Alliance tells us that 60% of small businesses close within six months of a successful cyberattack.
If you care about your company’s future, you must be very concerned about cyberattack.
+− Why are firewalls important?
Firewalls are often compared to a lock on the door to your network. But it might be more accurate to say that a firewall is the door.
Without a firewall in place, any connection can flow freely in or out of your network. Including connections from known malicious sources. This means you could experience unauthorized access to networked files. Leading to a data breach, malware infection or worse.
You need a firewall to filter out the bulk of malicious connections. And there’s a lot of malicious connections. One study found that within 52 seconds of being online, servers were being probed by hackers. With an average rate of 757 connection attempts per hour.
+− How does a firewall work?
Firewalls work by inspecting data packets (small chunks of data) against an internal list of rules. Here are some of the more common ones:
- IP addresses – filter out traffic from suspicious IPs
- Domain names – block traffic from known malicious domains
- Ports – deny traffic trying to enter through a certain port
- Contents – block data packets containing certain keywords
A firewall scans the contents of the packet and then determines whether to let it through based on the rules in place. On a typical network setup, all connections to the Internet flow through the firewall. Meaning it inspects all inbound or outgoing packets.
+− What is a firewall?
A firewall is a network security device located between your internal network and the wider Internet. A firewall monitors incoming and outgoing network traffic – blocking or allowing it based on a set of configurable rules.
Firewalls are a fundamental piece of security and typically form the first line of defense on a network. Acting as a filter against bad connections from the outside world.
A firewall works by comparing the data sent into or out of the network against a list of rules. Based on the results of the rule checking, the firewall will then either block or allow the connection.