The HIPAA legislation requires that covered entities implement technical safeguards to protect all electronic Personal Healthcare Information or PHI whereas the HITECH Act mandates that a successful breach of “unprotected” ePHI must be publicly disclosed. Furthermore, the HIPAA Omnibus Rule holds business associates liable for non-compliance.
How to protect PHI against cyber threats and insider attacks?
According to recent reports over $1B in revenue is attributable to ransomware in 2016. 25% of healthcare entities utilizing the public cloud are not encrypting their data. 38% of those surveyed have…
The GDPR became law in April 2016, but organizations were given a two-year grace period to comply. The effective date for compliance is on May 25, 2018.
The purpose of the General Data Protection Regulation, GDPR, is to protect and strengthen the rights of data subjects/EU citizens. The law grants data subjects rights whereby data controller, the entity that is collecting personal information, has to
Commercial off-the-shelf (COTS) operating systems, which are used by most cloud providers to offer virtual servers or containers to their customers, pose their own set of challenges. Operating systems, meaning not only the kernel, but also all the associated libraries, services, and so on, are designed to cater to the widest possible range of applications and users.
Problem:
In the case of a regular server, an external or a malicious internal user may gain unauthorized access to the sensitive information and then perform acts to conceal the breach by removing or editing audit log files. These log files contain crucial information that is needed to prove regulatory compliance and to conduct forensic analysis in case of an actual breach.
Solution:
These days attacks that are being launched on an organization’s computing infrastructure are becoming more sophisticated and potentially more damaging. Threats have escalated as IT organizations are increasingly being asked to provide more services. Security officers are fighting these threats on a daily basis, but
Elevating Users From Products to Customers – The GDPR Data Subject Empowerment The purpose of the General Data Protection Regulation, GDPR, is to protect and strengthen the rights of data subjects/EU citizens. The law grants data subjects rights whereby data controller, the entity that is collecting personal information, has to reveal the actual identity of … Read more
Enterprises Should Think Twice Before Using Their Cloud Provider’s Data-At-Rest Encryption We live in a multi-cloud world. Managing data security across multiple public clouds can be challenging. There are three main reasons why enterprises should think twice before using data-at-rest encryption solution offered by their cloud provider. If you envision moving from one cloud platform … Read more
GDPR – How Not To Screw Up Consent? The General Data Protection Regulation, or GDPR, replaces the Data Protection Directive (“Directive”), which has been in effect since 1995. The GDPR became law in April 2016, but organizations were given a two-year grace period to comply. The effective date for compliance is on May 25, 2018. … Read more