Category Archives: Cybersecurity
What Are The Top Office365 HIPAA Mistakes
Office365 is a fantastic product, and it can certainly be HIPAA-compliant. But only if you take the time to set everything up the right way for the organization.
Here the top Office365 HIPAA mistakes that we see organizations make:
Free Outlook.com is not HIPAA compliant! Unfortunately, Microsoft’s HIPAA Business Associate Agreement (BAA) doesn’t cover their free email. That means there’s no way to make your free Outlook.com compliant with HIPAA. Let me mention that using free email is also unprofessional.
Rushing through the setup. A proper office365 configuration should take around 3 to 5 hours to do a proper setup to meet compliance with industry best practices. If you didn’t spend a similar amount of time, there’s more work to do.
Don’t mess up the HIPAA BAA. Did you even read the Microsoft BAA? I doubt it… The BAA is the FIRST step to being HIPAA-compliant. A lot of practices
Keeping Windows 7 Will Put Companies And Users At Risk
Keeping Windows 7 will put Companies and users at risk if they do not move onto Windows 10. Microsoft will terminate support for Windows 7 on January 14, 2020 and this is coming up quickly there is not much time.
It’s not just Windows 7 and Windows Server 2008 that are approaching the end of life. This table shows you the Microsoft products that are approaching the end of life.
| Operating System | End of life date |
| Windows 7 | January 14th 2020 |
| Windows Server 2008 | January 14th 2020 |
| Office 2010 | October 13th 2020 |
| Windows Server 2012 | January 10th 2023 |
| Windows 8 / 8.1 | January 10th 2023 |
| Office 2013 | April 11th 2023 |
| Windows 10 | October 14th 2025 |
| Office 2016 | October 14th 2025 |
What is end of life?
Products go through life cycles and as a company produces a new version of software the one it replaces heads towards end of life. When … Read the rest
Government Database On 92M Brazilians Found For Sale
A Government Database on 92 million Brazilians was found for sale on a dark web forum. Following a tip-off from a analyst known as Breach Radar, a BleepingComputer reporter investigated the auction of an alleged government database containing the personal information.
It was found that the seller called X4Crow was claiming that the database includes personal information such as names, mother’s name, gender, dates of birth and taxpayer IDs of the 92 million citizens. The data is sorted across provinces in Brazil, and a sample acquired by Ilascu verified the accuracy of this claim. BleepingComputer also has information to suggest that this is a government database.
Ionut Ilascu found that the database was being auctioned across multiple restricted access dark web marketplaces. The starting price for this 16GB, SQL format, database is $15,000
- Automating System Updates with Unattended-Upgrades on Ubuntu
- How to Add a Large Disk Partition as Storage
5 Points To Success In A Zero Trust Model
If you did not know already, a Zero Trust security model is based on the creation of zones and segmentation to control sensitive IT resources. This also entails the deployment controls to monitor and manage data between zones, and more importantly, user interactions within a zone(s).
Based on the Forrester Research the Zero Trust Model of information security is built on the assumption that any person or device with access to an organization’s data is a threat to the enterprise. Zero Trust protects sensitive data by limiting access to only those who require it and strictly enforcing access through intelligent access control and network segmentation.
5 Points To Success In A Zero Trust Model
Here are 5 essential steps to establish a successful Zero Trust Model in your organization or for your clients.
- Identify your sensitive data at rest and in motion
- Perform data discovery and classification
- Segment and zone
Best HIPAA Compliant UTM Firewalls
Do you know what UTM firewalls are the best to use to be HIPAA compliant? Is your Network Secure? How is your organization doing with UTM Firewall logging? If you don’t know the answer to these questions, you’re not alone.
I am going to bluntly state that medical offices need to have a UTM Firewall (Unified Threat Manager Firewall) appliance. These types of Firewalls will make it more simpler for you to pass a HIPAA audit. Inspectors from Health and Human Services (HHS) Office of Civil Rights (OCR) check that patient health information (PHI) is secure in its storage, transference, and disposal. A firewall allows or denies access to anywhere PHI is kept.
Your Firewalls should have application-level inspection
To protect PHI data the UTM Firewall can authenticate access within applications that healthcare uses to provide care. In networking terms, layer 7 of the OSI is the application layer. The … Read the rest
Simple Checklist For Creating A Business Continuity Plan
No one can predict the future; however, you can be ready with a sound business continuity plan. The business continuity checklist is the first step in the BCP process. The checklist is not an exhaustive list, it is a simple tool that can be used to ensure that the basic BCP process has been initiated and the Division management has considered what needs to be done to keep essential functions operating if an adverse event occurs. The checklist is somewhat “information centric” as organisation’s reliance on information is increasing and its successful management provides a competitive advantage.
- Automating System Updates with Unattended-Upgrades on Ubuntu
- How to Add a Large Disk Partition as Storage in Proxmox VE
- How to Remove Radmin Viewer with PowerShell
- How to Automate Ubuntu Server System Updates and Package Installation
- Introducing Zevonix: Your Pathway to Smarter IT
Apple iTunes Bug Exploited To Deliver Ransomware
The Hackers have been exploiting the “unquoted path” flaw in the Bonjour updater in iTunes for Windows to deliver BitPaymer/iEncrypt ransomware.
The Researchers from Morphinsec Labs have identified this flaw with Bonjour updater back in August the team from Morphisec immediately disclosed the vulnerability to Apple. Apple has recently patched the flaw for Windows. Windows desktops will still need to rely on iTunes for the foreseeable future even though Apple is dropping iTunes in their own ecosystem.
The type vulnerability allowed a combination of BitPaymer/iEncrypt ransomware to be exploited. The attack exploits an unquoted path vulnerability in Bonjour, which is a software that organizations may not even know is running on their systems, the firm said in a Thursday posting.
This vulnerability makes it easy for attackers to evade common detection because most of the Antivirus programs now a days are based on behavior monitoring, and the Bonjour component … Read the rest
What Firewalls To Use To Be HIPAA Compliant
Do you know what firewalls to use to be HIPAA compliant? Is your Network Secure? How is your organization doing with logging? If you don’t know the answer to these questions, you’re not alone.
I am going to bluntly state that medical offices need to have a UTM Firewall (Unified Threat Manager Firewall) appliance. These types of Firewalls will make it more simpler for you to pass a HIPAA audit. Inspectors from Health and Human Services (HHS) Office of Civil Rights (OCR) check that patient health information (PHI) is secure in its storage, transference, and disposal. A firewall allows or denies access to anywhere PHI is kept.
Your Firewalls should have application-level inspection
To protect PHI data the UTM Firewall can authenticate access within applications that healthcare uses to provide care. In networking terms, layer 7 of the OSI is the application layer. The UTM firewall is smart enough to … Read the rest
Does A Office Printer Have To Be HIPAA Compliant?
Ensuring that your office printer is HIPAA compliant isn’t only important for the security of your patients but it’s also the law. That being said, all printer technology must be secured and maintained according to the standards outlined in HIPAA.
Types of print technology defined:
Print technology is defined as printers, copiers, multifunction printers, fax machines, and all other devices with similar functions.
How to know if my printer is HIPAA Compliant?
I have some advice here for you when it comes to HIPPA compliance security and the print technology devices your office uses.
One of the BIGGEST weaknesses I continue to see when working with healthcare organizations is the lack of attention and knowledge of printing technologys play in HIPAA compliance.
As you know the confidentiality of health information of all your patients is vital, and the craziest part is that you might not even know your putting your … Read the rest
Google Warns Zero-Day Bug For Android Under Active Attack
Google has stated a warning of an Android zero-day flaw actively being exploited in the wild. This flaw impacts 18 Android models including Google’s flagship Pixel, Samsung, Huawei and Xiaomi.
Project Zero member Maddie Stone wrote in a technical post . which said the unpatched vulnerability(CVE-2019-2215) can be exploited in several ways. In one scenario, a target is enticed to download a rogue app. The second method of infection includes chaining the bug with an additional vulnerability in code the Chrome browser uses to render content.
“It is a kernel privilege escalation [bug] using a use-after free vulnerability, accessible from inside the Chrome sandbox,” Stone said. “The vulnerability is exploitable in Chrome’s renderer processes under Android’s ‘isolated_app’ SELinux domain, leading to us suspecting Binder as the vulnerable component.”
A patch for the vulnerability is expected in the next few days as part of Google’s October Android security … Read the rest
Loading ...