HIPAA Blog Archives

By Gil Vidals, September 10, 2014, HIPAA Blog, Resources

Largest Patient Breach Blamed on Chinese Hacker Group

On Monday, August 18th, Community Health Systems (CHS) reported that it had been the victim of a cyber attack from a Chinese hacking group named “APT 18”, a group alleged to have ties to the Chinese government. APT 18 successfully stole a large quantity of PHI data, including social security numbers, contact information, and other... Continue reading

By Gil Vidals, September 4, 2014, HIPAA Blog, Resources

Strengthening IT Security for HIPAA Compliance

Per the Health Insurance of Portability and Accountability Act of 1996 (otherwise known as HIPAA) Security Rule, a number of “technical safeguards” combined with the physical security of the computer systems that store and interact with protected health information (PHI) make up the bulk of what is required in order to fall within the realm... Continue reading

By Gil Vidals, August 19, 2014, HIPAA Blog, Resources

Best SQL Server for HIPAA Compliant Businesses

The term “SQL Server” refers to the Relational Database Management System (RDBMS) software which runs on the physical/virtual host. There are many different implementations of SQL (Structured Query Language) and choosing between them is dependent upon the database requirements and can have an impact on compliance efforts when dealing with HIPAA guidelines. Many choices are... Continue reading

By Gil Vidals, August 14, 2014, HIPAA Blog, Resources

Retaining Data for a HIPAA Audit

HIPAA guidelines regarding data retention state that the logs (access/activity) and protected health information (PHI) documentation proving that the covered entity is adhering to the HIPAA Security Rule are retained for six (6) years. This regulation mandates that records are to be retained for essentially any interaction with patient PHI and personally identifiable information (PII),... Continue reading

By Gil Vidals, August 12, 2014, HIPAA Blog, Resources

Server Hardening for HIPAA Systems

When compromising a HIPAA server, more often than not, the fundamental shortcoming (“exploit”) of the software that has allowed a user to gain unauthorized access is not inherent to the software being used, but is often a weakness caused by improper configuration or lack of patch application. The process of disabling the system services that... Continue reading

By Gil Vidals, August 5, 2014, HIPAA Blog, Resources

Multi-factor Authentication, Code Spaces, and the Amazon Attack

Most people are familiar with the idea of passwords, and the importance of using strong ones. However, what many don’t know is that there’s no such thing as an uncrackable password. With proper resources and time, an attacker can crack any password by means of brute force (trying every permutation in a given table). With... Continue reading