Why Establish a Security Culture

13Apr 2019
By Stephen Trout

Five “Security Culture” Markers:

    • Cybersecurity is a top-down, strategic part of the company’s vision
      Security is linked to business goals and relevant to board-level decisions
    • You’ve determined a “data blueprint” of how data is used
      Your team understands the context in which the data is created and used, and how it is subject to regulation.
    • Annual risk assessments are being conducted
      All risk areas, including staff, practices, and technology, are evaluated regularly.
    • Security skills and governance tools are becoming integrated into daily activities
      You’re enabling the latest protocols and encryption ciphers for data protection, using…
Read more

Why Healthcare Has a Cyberattack Target On It…

14Mar 2019
By Stephen Trout

We’ve all heard by now that healthcare is seriously lagging in cybersecurity effectiveness. According to a recent study, healthcare ranked 15th out of 18 major U.S. industries in terms of overall cyber health. Another study indicates that in the past seven years, 2,149 breaches have occurred, amounting to 176.4 million patient records disclosed.

If you’re a member of the healthcare industry, or even just a consumer of it (aren’t we all?), these statistics should prompt you to sit up and ask, “Why does healthcare seem to have a target on its back?”…

Read more

Mobile Device Management & HIPAA

26Feb 2019
By Stephen Trout

Back in 2014, Catholic Health Care Services (CHCS) of the Archdiocese of Philadelphia was serving as an active business associate to six skilled nursing facilities, providing information technology services.

Unfortunately, one of their iPhones containing the unencrypted, protected health information of 412 nursing home patients – including their social security numbers, diagnosis and treatment information, and the names of family members and legal guardians – was stolen.

The resulting breach led to a $650,000 HIPAA fine.

At present, 90 percent of healthcare organizations use or plan to use mobile devices

The incident with CHCS should raise our security caution level, for the…

Read more
Snooping and Security Breaches

Security Breaches: Surprising Fact of Employee Snooping

21Feb 2019
By Stephen Trout

Secure your healthcare information so you’re not at risk for security breaches!

According to a privacy breach survey of healthcare providers – 70% of which admitted to having at least one security breach – 35% attributed the breach to unauthorized access by employees.

Take note of that stat: essentially, the survey found that the most common cause of HIPAA security breaches is actually small-scale snooping by employees.

The results went on to reveal that 27% of breaches occurred when an employee viewed the medical records of friends and family, and 35% when employees checked the medical records of their work…

Read more

DevSecOps Mindset Promotes Better Security

21Feb 2019
By Stephen Trout

Changing a company’s security culture is hard sometimes. Consider the techy world of applications development, if you will. (Even if this doesn’t apply strictly to you, the lessons are helpful).

Typically, as one network security expert points out, the old ways of bringing usable software to market involved “every man to his island.” You had an IT island, a DevOps island, and last but not least, a Security island.

The Devops island had its goal: do continuous deployment and continuous release of code, with automation being a driving force wherever possible. Sure, you employed a Source Code scanner…

Read more
HIPAA Compliant Gmail

Podcast – Is GMAIL HIPAA Compliant?

19Feb 2019
By HIPAA Vault

Andrew Kroninger, TOTAL HIPAA’s Director of Customer Success, recently interviewed Gil Vidals, founder and CEO of HIPAA Vault, a HIPAA compliant cloud managing solution. The two discussed Gmail’s potential for HIPAA compliant email messaging. You can listen to this episode of our podcast HIPAA Talk! here or on your mobile device via Apple Podcasts. Or, read our summary:

AK: Can I email PHI?

GV: HIPAA mandates that you protect PHI (Protected Health Information) in transit, in storage, and at rest. There is a common misconception that email is a secure way to send and receive PHI….

Read more

The HIPAA Vault Story

19Feb 2019
By HIPAA Vault

(The following is a transcription of a podcast produced by CloudBerry, where each week Doug Hazelman talks to different managed service providers about their business)

Doug: Hello and welcome to the MSP Voice Webinar series. Today I’m pleased to be joined by Gil Vidals, from HIPAA Vault, and he’ll be talking about their HIPAA compliant cloud. So Gil, why don’t you go ahead and take it away.

Gil: Alright Doug, thanks for inviting me. I’m looking forward to talking about my passion. You’re looking at a picture of a guy (who’s not me – but looks just like…

Read more


19Feb 2019
By Stephen Trout

The Department of Justice recently charged a physician for violating HIPAA Rules, after he permitted a sales representative from a major pharmaceuticals company to access the confidential health information of his patients – without their consent.

The motive, as usual, was greed. If particular patients could be targeted for the new drug, the pharmaceutical company as well as the doctor stood to gain.

The result? The pharmaceuticals company pleaded guilty, and was fined $35 million; the doctor also pleaded guilty, and was sentenced to 6 months probation with a fine.

Now, whether the physician should have actually lost his license or…

Read more

When an employee saw an “urgent” email from her boss

19Feb 2019
By Stephen Trout

…requesting that she purchase $1,000 worth of Google Play gift cards to give to company clients, she wasted no time. “In hindsight, I should have been like, ‘This is weird,’ but your boss asks you to do something and you do it,” said Kari Hornfeldt, a Chicago marketing professional.

When the company credit card didn’t process, Kari purchased the cards using her own debit card, trusting the company would reimburse her. It turns out, the company knew nothing about it.

Kari and her company soon discovered they’d been scammed, by an increasingly common (and surprisingly effective)…

Read more
HIPAA Compliant Health App

Make your Healthcare App HIPAA Compliant

26Jan 2019
By Stephen Trout

Making your healthcare app HIPAA compliant is only the start. Consider the reality: a 7-year study conducted by researchers from Michigan State and Johns Hopkins University found that approximately 53% of all data breaches reported to the Office for Civil Rights (OCR) were actually the result of internal negligence.

Reasons for these data breaches might include:

  • theft of data by current or former employees
  • poor password policies
  • careless use of laptops or mobile devices
  • stolen hard drives (from the workplace, or employee’s cars or homes) with unencrypted data
  • email phishing scams, etc.

All of which to say that when…

Read more

Our certifications