This article was written the just prior to the firing of FBI Director James Comey. The article highlights the concerns of many government agencies, especially with the this past weeks global cyberattacks targeting healthcare around the world.
The Federal Bureau of Investigations (FBI) Former Director James Comey delivered a keynote speech at The American Hospital Association Annual Membership Meeting this week.
“Healthcare organizations are major targets for cybercriminals, Comey said, because the sensitive data they collect in droves can be sold at a high price for use in fraud and identity theft. Medical devices are also increasingly becoming a target”.
While Comey’s comments were in reference to hospital industry, these same scenarios are playing out in many organizations which are handling their clients, employees or patients “sensitive data”.
Another government agency, the Federal Trade Commission (FTC) launched a new website aiming to assist small business protect their networks and systems from cyberattack, as well as protect customer and employee data. Access to the FTC's tips and advice are free. ftc.gov/SmallBusiness
FireEye recently published a white paper entitled Five Reasons Small and Midsize Enterprises are Prime Targets for Cyber Attack. The paper states: “Cyber attackers are increasing targeting small and midsize enterprises (SMES) as well. One SME may not seem like a worthwhile target for a cyber-attack, but collectively, SMES are a gold mine. SME’s account for approximately 90% of business worldwide, creates four out of every five new positions and generates 33% of the gross national income (GNP).
I would argue that you don’t have to be an organization which falls into the health care definition to be subject to a cyber-attack or breach. Whether you are an attorney, healthcare provider or a grocery store, you handle sensitive data of your employees, clients or patients.
Cybercriminals make a business out of obtaining data and they view your employees as one of the weakest links in the security chain. With mobile devices being viewed as an easy way of gaining access to data and corporate networks.
Two out of ten companies have already experienced a mobile device cyberattack, although in many cases, organizations are not even aware that an attack has happen.
These numbers and concerns should alarm any organization, no matter of their size to take a proactive approach of protecting their sensitive data. Employees are your weakest link.
Ensure that your organization has adopted, written security and privacy policies, procedures and has trained employees. Back-up your data, ensure that it is not corrupt and store offsite.
Judith has just released her comprehensive Information Security System. Here is a brief excerpt:
“Security breaches are commonplace and organizations of all sizes and types have become popular targets for attack. Confidential customer, employee information collected and used by companies in the normal course of business has become the target of cybercriminals and identity thieves. The Company’s confidential and sensitive information must be protected from intrusion, loss, exposure and theft. The Company should meet or exceed the best practices or minimum requirements in applicable federal, state and industry regulations for information, security, privacy and identity theft protection. Policies, procedures should meet the “reasonable and appropriate” test for the time which the Information Security System was implemented. These common best practices include administrative, physical and technical safeguards, as well as a breach response plan that must be set up, maintained and updated regularly.”
Judith is an accredited Certified HIPAA Professional (CHP) and member of HIMSS. As the owner of JAL, Judith is your subject matter expert providing guidance to organizations within HIPAA, GLBA, False Claim and other regulatory agencies. Judith provides reasonable and appropriate compliance policies, procedures within your Compliance Program. As a guru in compliance, Judith delivers compliance employee training programs, and participates in educational speaking engagements for the industries who handle Protected Health Information. To read more about the world of compliance subscribed to JAL’s insightful newsletter at www.jalconsultantsaz.com.
Personal Information Collected Online
•Personal Information means personally identifiable information such as information provided via forms, surveys, applications or other online fields including name, postal or email addresses, telephone, fax or mobile numbers, or account numbers.
•Before or at the time of collecting personal information, JAL will identify the purposes for which the information is being collected.
•JAL will collect and use personal information solely for the purpose of fulfilling specific contracted engagements or for other compatible purposes, unless consent is obtained from the company and/or individual concerned or as required by law.
•JAL will retain personal information as long as necessary for the fulfillment of a specific contract or for a specific purpose.
•JAL will collect personal information as deemed lawful and where appropriate with the knowledge and/or the consent of the individual or company.
•Personal data should be relevant to the extent of necessary purposes and should be accurate, complete and up-to-date.
•JAL will protect personal information by reasonable safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
•JAL will make readily available to customer’s information about our policies and practices relating to the management of personal information. Terms and Conditions
JAL is committed to conducting our business in accordance with these principals in order to ensure that the confidentially of personal information is protected and maintained. By accessing this website, you are agreeing and bounded by these Website Terms and Conditions of Use, all applicable laws and regulations. If you do not agree with these Terms and Conditions, you are prohibited from using or accessing this website. The materials contained in this Web Site are protected by all applicable copyright and trade mark laws.
Our Online Notices are subject to change. Please review it periodically. If we make changes, we will revise the “Last Updated” date at the top of this Notice. Any changes will become effective the date the revised Notice is posted on the Site.