Because PCI 3.0 introduces more SAQs, SecurityMetrics offers combination SAQs when more than one SAQ applies.
Train employees to stop and question anyone who does not work for the company, especially if the person tries to enter back office or network areas.
Make the simple change to require unique usernames and passwords on the network level for each one of your staff members.
If you have any questions, please contact SecurityMetrics support, 801.705.5700.
Doreen Espinoza answers some tough questions about her audit with the HHS.
Businesses must ensure their key servers, certificate authorities, open SSL libraries, and server updates are secure.
The problem is, many offices don’t have their Wi-Fi set up correctly, turning that free patient asset into a liability.
The plug-and-play mindset is ruining Point-of-Sale (POS) security.
Understand HIPAA Privacy and Security Rules, and how they apply to your organization.
Neglecting the simple security measures is what allows hackers into a business network and allows them to steal your sensitive information.
Choose your vendors wisely and make sure you have a Business Associate Agreement (BAA) in place.
Shellshock, also known as the Bash Bug, is a software vulnerability that could make your systems vulnerable.
Learn about PCI compliance scanning requirements.
The HIPAA minimum necessary rule helps covered entities manage healthcare information by requiring them to limit access to and disclosure of PHI.
Cross-site scripting allows bad guys to embed malicious code into a legitimate website to ultimately steal user data.
Covered entities don’t have the option to hide behind BAA if a Health and Human Services (HHS) auditor comes knocking.
Learn what to do when you are hacked (or suspect you’ve been hacked).
Businesses around the world call us in a panic, needing to decipher what went wrong with their security.
Healthcare providers are responsible to make sure those with access to ePHI require that access to adequately do their jobs.
Unencrypted payment card data is relatively simple for a hacker to detect, scoop up, and steal.
Don’t forget to document every HIPAA compliance effort as evidence to present to the OCR if your entity is chosen for auditing.
To help further the fight against fraudsters and data thieves, the SecurityMetrics Forensic Investigation team has identified several common attack types associated with recent breaches.
My stance on patient sign-in sheets is that unless there is a valid business reason for having them, don’t do it.
Some falsely assume because mobile devices are technologically advanced and marketed as ‘secure’, PHI will automatically be protected.
.svg)
