Category Archives: Security Policies and Compliance
HIPAA Requirements For Passwords
Did you know, within the HIPAA security requirements there are guidelines for deploying and creating a passwords management policy, this would include: creating, changing and protecting passwords? These guidelines were established under the HIPAA Security Rule and within the HIPAA Security Rule it is required to provide Security Awareness and Training for creating policies and procedures on how to preform the storing, changing and creation of passwords.
Complying With HIPAA Security Policies
Many security professionals tend to argue over the HIPAA best practices for passwords but they are all in agreement that there should be a minimum of 8 characters, include upper and lower case letters, numbers, and special characters, this practice has been challenged in recent years, as has the practice of enforcing changes to passwords regularly. However keep in mind that many healthcare organizations are choosing to make it a minimum of 12 characters.
Keeping up with randomly … Read the rest
Is OpenDNS Umbrella HIPAA Compliant?
So the question your asking Is OpenDNS Umbrella HIPAA Compliant? Surely OpenDNS Umbrella and its software client is questionable, right? Is this a breach of HIPAA Compliance?
Lets Review The Basics…
Lets go back to the basics, OpenDNS is a company and service that extends the Domain Name System by adding features such as Logging, phishing protection, malware protection and content filtering in addition to DNS lookup, if its DNS servers are used. So knowing this it already seems to be better than Comcast DNS of 75.75.75.75 or Googles DNS of 8.8.8.8. Open DNS Umbrella actually provides something of value.
Let’s look at exactly how a DNS request works.
- A DNS request starts when you try to access a computer on the internet. For example, you type PatrickDomingues.com in your browser address bar.
- The first stop for the DNS request is the local DNS cache. As you access different computers,
TOP Horrible Passwords To Use For 2020
How many Horrible Passwords are there? Let me tell you there are about 500 of them and we will show you the TOP Horrible Passwords To Use For 2020. Any password documented publicly or available in the darkweb can be used in a dictionary attack. This is a form of brute force attack technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.
NO | Top 1-100 | Top 101–200 | Top 201–300 | Top 301–400 | Top 401–500 |
1 | 123456 | porsche | firebird | prince | rosebud |
2 | password | guitar | butter | beach | jaguar |
3 | 12345678 | chelsea | united | amateur | great |
4 | 1234 | black | turtle | 7777777 | cool |
5 | pussy | diamond | steelers | muffin | cooper |
6 | 12345 | nascar | tiffany | redsox | 1313 |
7 | dragon | jackson | zxcvbn | star | scorpio |
8 | qwerty | cameron | tomcat | testing | mountain |
9 | 696969 | 654321 | golf | shannon | madison |
CoronaVirus Business Continuity Plan Checklist
No one can predict the future; however, you can be ready with a sound CoronaVirus Business Continuity Plan. This CoronaVirus business continuity checklist is the first step in the BCP process. The checklist is not an exhaustive list, it is a simple tool that can be used to ensure that the basic CoronaVirus Business Continuity Plan process has been initiated and the division management has considered what needs to be done to keep essential functions operating if an adverse event occurs. The CoronaVirus Business Continuity Plan Checklist is somewhat “information centric” as organisation’s reliance on information is increasing and its successful management provides a competitive advantage.
- Automating System Updates with Unattended-Upgrades on Ubuntu
- How to Add a Large Disk Partition as Storage in Proxmox VE
- How to Remove Radmin Viewer with PowerShell
- How to Automate Ubuntu Server System Updates and Package Installation
- Introducing Zevonix: Your Pathway to Smarter IT
Your Not HIPAA Compliant Using Windows Server 2008
If your using Windows Server 2008 or older on your network it makes you none HIPAA Compliant and should be ashamed for putting your clients and patient information at risk.
What Windows Server 2008 “END OF LIFE” and HIPAA mean for you?
What you need to worry about is that Windows Server 2008 will no longer receive windows security updates for vulnerabilities and this in itself is a breach in HIPAA compliance. This also means that Microsoft will no longer offer technical support for any issues, software updates, and security updates or fixes.
One of the main reasons why Your Not HIPAA Compliant Using Windows Server 2008 is because of the lack of security updates and fixes. This puts all information stored on Windows Server 2008, including confidential client information, will be at risk. Hackers and external security threats will know about this stop date, and as such will … Read the rest
Your Not HIPAA Compliant Using Windows 7
If your using Windows 7 or older on your network you are not HIPAA Compliant and should be ashamed for putting your clients and patient information at risk.
What WINDOWS 7 “END OF LIFE” and HIPAA mean for you?
What you need to worry about is that Windows 7 will no longer receive windows security updates for vulnerabilities and this in itself is a breach in HIPAA compliance. This also means that Microsoft will no longer offer technical support for any issues, software updates, and security updates or fixes.
One of the main reasons why Your Not HIPAA Compliant Using Windows 7 is because of the lack of security updates and fixes. This puts all information stored on Windows 7, including confidential client information, will be at risk. Hackers and external security threats will know about this stop date, and as such will find it easier to push through … Read the rest
Is Microsoft Teams HIPAA Compliant?
Many still seem to wonder and ask what is Microsoft Teams and is this software questionable for use? This includes compliance and security officers in the Healthcare industry leading them to ask is this HIPAA Compliant? However lets go back to the basics, Microsoft Teams is a cloud platform that combines workplace chat, meetings, notes, and attachments. Microsoft Teams is Microsoft’s was created to be the competitor to Slack and Google Hangouts Chat.
Microsoft Teams and the Business Associate Agreement
I have previously mentioned that their is a office365 Business Associate Agreement which is the written contract between a Covered Entity and a Business Associate. It is required by law for HIPAA compliance.
I have checked Microsoft’s site and found a page called:
Microsoft Teams Security Features
Certification and Compliance
Microsoft created Teams to be fully Office 365 Tier-C compliant, … Read the rest
What Are The Top Office365 HIPAA Mistakes
Office365 is a fantastic product, and it can certainly be HIPAA-compliant. But only if you take the time to set everything up the right way for the organization.
Here the top Office365 HIPAA mistakes that we see organizations make:
Free Outlook.com is not HIPAA compliant! Unfortunately, Microsoft’s HIPAA Business Associate Agreement (BAA) doesn’t cover their free email. That means there’s no way to make your free Outlook.com compliant with HIPAA. Let me mention that using free email is also unprofessional.
Rushing through the setup. A proper office365 configuration should take around 3 to 5 hours to do a proper setup to meet compliance with industry best practices. If you didn’t spend a similar amount of time, there’s more work to do.
Don’t mess up the HIPAA BAA. Did you even read the Microsoft BAA? I doubt it… The BAA is the FIRST step to being HIPAA-compliant. A lot of practices
5 Points To Success In A Zero Trust Model
If you did not know already, a Zero Trust security model is based on the creation of zones and segmentation to control sensitive IT resources. This also entails the deployment controls to monitor and manage data between zones, and more importantly, user interactions within a zone(s).
Based on the Forrester Research the Zero Trust Model of information security is built on the assumption that any person or device with access to an organization’s data is a threat to the enterprise. Zero Trust protects sensitive data by limiting access to only those who require it and strictly enforcing access through intelligent access control and network segmentation.
5 Points To Success In A Zero Trust Model
Here are 5 essential steps to establish a successful Zero Trust Model in your organization or for your clients.
- Identify your sensitive data at rest and in motion
- Perform data discovery and classification
- Segment and zone
Best HIPAA Compliant UTM Firewalls
Do you know what UTM firewalls are the best to use to be HIPAA compliant? Is your Network Secure? How is your organization doing with UTM Firewall logging? If you don’t know the answer to these questions, you’re not alone.
I am going to bluntly state that medical offices need to have a UTM Firewall (Unified Threat Manager Firewall) appliance. These types of Firewalls will make it more simpler for you to pass a HIPAA audit. Inspectors from Health and Human Services (HHS) Office of Civil Rights (OCR) check that patient health information (PHI) is secure in its storage, transference, and disposal. A firewall allows or denies access to anywhere PHI is kept.
Your Firewalls should have application-level inspection
To protect PHI data the UTM Firewall can authenticate access within applications that healthcare uses to provide care. In networking terms, layer 7 of the OSI is the application layer. The … Read the rest