CloudHealth Launches New Tools to Operationalize AWS Savings Plans Management
Sep21

CloudHealth Launches New Tools to Operationalize AWS Savings Plans Management

CloudHealth has announced a significant expansion of its AWS Savings Plan capabilities with the general release of several new tools that help drive better business outcomes through the entire lifecycle of Savings Plans management. AWS launched Savings Plans in late 2019 to give businesses an alternative to Reserved Instances to save money on their AWS spending. CloudHealth incorporated Savings Plans into its cloud cost optimization and governance platform, initially providing customers with Cost History Reports to provide information on costs as they are incurred or over the life of the Savings Plan. Usage Reports gave customers insights into where Savings Plans had been applied to show how much compute usage was covered by the Savings Plan discounts. Convertible Reservation Exchanger was introduced to allow businesses to get the most out of their existing Reserved Instances before taking advantage of Savings Plans, and the company established a Strategic Savings Desk staffed by AWS experts to help customers with Savings Plans and discount management. Now new tools have been...

Read More
OCR Publishes New Resources for MHealth App Developers and Cloud Services Providers
Sep04

OCR Publishes New Resources for MHealth App Developers and Cloud Services Providers

The Department of Health and Human Services’ Office for Civil Rights has announced it has published additional resources for mobile health app developers and has updated and renamed its Health App Developer Portal. The portal – Resources for Mobile Health Apps Developers – provides guidance for mobile health app developers on the HIPAA Privacy, Security, and Breach Notification Rules and how they apply to mobile health apps and application programming interfaces (APIs). The portal includes a guidance document on Health App Use Scenarios and HIPAA, which explains when mHealth applications must comply with the HIPAA Rules and if an app developer will be classed as a business associate. “Building privacy and security protections into technology products enhances their value by providing some assurance to users that the information is secure and will be used and disclosed only as approved or expected,” explained OCR. “Such protections are sometimes required by federal and state laws, including the HIPAA Privacy, Security, and Breach Notification Rules.” The portal provides access to...

Read More
Global Cloud Budget Survey Reveals Complexity of IT Spend Management
Aug22

Global Cloud Budget Survey Reveals Complexity of IT Spend Management

Rackspace has published the findings from its Global Cloud Budget Survey, revealing some of the key challenges companies have managing their IT and cloud spending. The survey, Technology Budgets: Managing Shifting Priorities, explored the proliferation of IT budget management across organizations. With many groups within an organization being given part of the IT budget it has become difficult for organizations to have visibility into how the It budget is being spent, making it difficult to control costs. This is especially true of cloud costs. The survey revealed cloud environments were not subject to appropriate governance and optimization, resulting in considerable waste and excessive spending. 50% of IT decision makers who took part in the survey lacked a basic understanding of cloud cost governance and cloud cost optimization. As a result, the companies are at risk of cloud sprawl – excess machines and workloads running in the cloud, oftentimes without the knowledge of the company. All companies that fail to monitor and manage their cloud environment face a high risk of cloud...

Read More
AI Company Exposed 2.5 Million Patient Records Over the Internet
Aug21

AI Company Exposed 2.5 Million Patient Records Over the Internet

The personal and health information of more than 2.5 million patients has been exposed online, according to technology and security consultant Jeremiah Fowler. The records were discovered on July 7, 2020 in two folders that were publicly accessible over the Internet and required no passwords to access data. The folders were labeled as “staging data” and had been hosted by an artificial intelligence company called Cense AI, a company that provides SaaS-based intelligent process automation management solutions. The folders were hosted on the same IP address as the Cense website and could be accessed by removing the port from the IP address, which could be done by anyone with an Internet connection. The data could have been viewed, altered, or downloaded during the time it was accessible. An analysis of the data suggests it was collected from insurance companies and relate to individuals who had been involved in automobile accidents and had been referred for treatment for neck and spinal injuries. The data was quite detailed and included patient names, addresses, dates of birth,...

Read More
Healthcare Data Leaks on GitHub: Credentials, Corporate Data and the PHI of 150,000+ Patients Exposed
Aug17

Healthcare Data Leaks on GitHub: Credentials, Corporate Data and the PHI of 150,000+ Patients Exposed

A new report has revealed the personal and protected health information of patients and other sensitive data are being exposed online without the knowledge of covered entities and business associates through public GitHub repositories. Jelle Ursem, a security researcher from the Netherlands, discovered at least 9 entities in the United States – including HIPAA-covered entities and business associates – have been leaking sensitive data via GitHub. The 9 leaks – which involve between 150,000 and 200,000 patient records – may just be the tip of the iceberg. The search for exposed data was halted to ensure the entities concerned could be contacted and to produce the report to highlight the risks to the healthcare community. Even if your organization does not use GitHub, that does not necessarily mean that you will not be affected. The actions of a single employee or third-party contracted developer may have opened the door and allowed unauthorized individuals to gain access to sensitive data. Exposed PII and PHI in Public GitHub Repositories Jelle Ursem is an ethical security...

Read More
70% of Companies Have Suffered a Public Cloud Data Breach in the Past Year
Jul20

70% of Companies Have Suffered a Public Cloud Data Breach in the Past Year

A recent study conducted by Sophos has revealed 96% of companies are concerned about the state of their public cloud security. There appears to be a valid cause for that concern, as 70% of companies that host data or workloads in the cloud have experienced a breach of their public cloud environment in the past year. The most common attack types were malware (34%), followed by exposed data (29%), ransomware (28%), account compromises (25%), and cryptojacking (17%). Data for the study came from a survey conducted by Vanson Bourne on 3,521 IT managers in 26 countries including the United States, Canada, France, Germany, India, and the United Kingdom. More than 10 industry sectors were represented.  Respondents used one or more public clouds from Azure, Oracle Cloud, AWS, VMWare Cloud on AWS, Alibaba Cloud, Google Cloud and IBM Cloud. The findings of the survey were published in the Sophos report: The State of Cloud Security 2020. The biggest areas of concern are data loss, detection and response and multi-cloud management. Companies that use two or more public cloud providers...

Read More
Webinar: A Practitioner’s Guide to Cloud Security and Compliance Processes
Jul07

Webinar: A Practitioner’s Guide to Cloud Security and Compliance Processes

Many organizations find it difficult to keep their cloud environments secure and compliant with data protection standards as cloud usage grows. While they had effective security processes for their on-premises infrastructure, they do not always translate to the cloud and fail to mitigate risks associated with decentralized cloud usage. Ensuring security processes are in place that are effective at identifying cloud misconfigurations that could be exploited by threat actors to gain access to cloud data is essential, but if those processes are not implemented, security becomes an impossible task. One of the problems is that while standalone configurations may be correct, they can combine with other configurations which can potentially allow unauthorized access to sensitive data. These complex violation chains can be difficult to identify and are a common cause of cloud security breaches. Creating security policies to address risks can cause problems, as security policies can easily have an impact on productivity. The creation of effective security policies that do not negatively...

Read More
Windows CMS Hosting Specialist ServerSide Acquired by Liquid Web
Jun30

Windows CMS Hosting Specialist ServerSide Acquired by Liquid Web

The Lansing, MI-based managed hosting and managed application service provider, Liquid Web LLC, has announced it has acquired the leading Microsoft Windows CMS hosting provider ServerSide for an undisclosed sum. In 2019, Liquid Web launched its managed private cloud powered by VMware and NetApp. The new offering provided small- and medium-sized businesses with the features and functions of a managed private cloud that are usually only available to enterprises. The acquisition of ServerSide will expand Liquid Web’s SMB offerings further, adding proven experience in hosting leading Microsoft Content Management solutions to Liquid Web’s portfolio, accelerating the company’s move into the Progress Sitefinity, Kentico, and Sitecore hosting market. ServerSide joins Nexcess, iThemes, and InterWorx in the Liquid Web Group of companies, which together serve more than 45,000 customers in 150 countries, managing more than 1.5 million sites. ServerSide founder and CEO, Steve Oren, has joined the Liquid Web team and is spearheading Liquid Web’s drive to migrate customers to the Liquid Web...

Read More
CloudHealth by VMware Platform Added to Microsoft Azure Marketplace
Jun30

CloudHealth by VMware Platform Added to Microsoft Azure Marketplace

VMware has announced it has deepened its collaboration with Microsoft and has now added the CloudHealth multi-cloud management platform to the Microsoft Azure Marketplace. The CloudHealth platform helps organizations quantify, understand, optimize and automate cloud infrastructure and provides full visibility into an organization’s entire multi-cloud or hybrid cloud environment. The platform unites discreet data from essential cloud tools and services to give a holistic perspective of the cloud ecosystem. The increased visibility helps with organizational governance, shows cloud usage, provides recommendations for optimization to improve resource utilization and greatly reduce wastage, resulting in significant cost savings. “Having CloudHealth on the Azure Marketplace both strengthens and deepens our collaboration with Microsoft,” said Tom Axbey, GM, Cloud Management at VMware. “Moreover, it enables us to deliver on the promise of helping customers innovate at cloud speed, which has always been core to our DNA and serves as the foundation for all new CloudHealth features and...

Read More
Is VMware HIPAA Compliant?
Jun24

Is VMware HIPAA Compliant?

If you are a HIPAA-covered entity considering moving some of your IT infrastructure to the cloud, you may be wondering if VMware is HIPAA compliant and if you can use VMware’s services in a manner compliant with HIPAA Rules. VMware provides a platform that supports the virtualization of IT infrastructure, with the company best known for its vSphere VMware Hypervisor that allows the virtualization of x86 or x64 architecture. The company has also developed a wide range of products and services including virtualized storage and networking, desktop software, cloud management services through CloudHealth, private data centers and the hybrid cloud solution, VMware Cloud on AWS. VMware Cloud on AWS In June 2018, VMware announced that it had completed its third-party examination of VMware Cloud on AWS and has confirmed that it now offers a HIPAA-compliant virtual cloud environment for HIPAA covered entities and vendors serving the healthcare industry. Through VMware Cloud on AWS, healthcare customers “can operate a consistent and seamless hybrid IT environment that combines the VMware...

Read More
Lack of Visibility and Poor Access Management are Major Contributors to Cloud Data Breaches
Jun23

Lack of Visibility and Poor Access Management are Major Contributors to Cloud Data Breaches

More companies are now completing their digital transformations and are taking advantage of the flexibility, scalability, and cost savings provided by public cloud environments, but securing public clouds can be a major challenge. One of the main factors that has stopped companies from taking advantage of the public cloud has been security. Security teams often feel protecting an on-premise data center is much easier than protecting data in public clouds, although many are now being won over and understand that public clouds can be protected just as easily. Public cloud providers now offer a range of security tools that can help companies secure their cloud environments. While these offerings can certainly make cloud security more straightforward, organizations must still ensure that their cloud services are configured correctly, identities and access rights are correctly managed, and they have full visibility into all of their cloud workloads. Cloud security vendor Ermetic recently commissioned IDC to conduct a survey of CISOs to explore the challenges associated with cloud...

Read More
Is Amazon Web Services HIPAA Compliant?
Jun22

Is Amazon Web Services HIPAA Compliant?

If you are a healthcare organization in the United States that is required to comply wit the Health Insurance Portability and Accountability Act (HIPAA) you may be wondering if Amazon Web Services is HIPAA compliant and if the public cloud provider’s platform can be used to store, process, or transmit protected health information (PHI). Is Amazon Web Services HIPAA Compliant? Under HIPAA Rules, any provider of a product or service that ‘touches’ PHI is classed as a business associate, which means they must comply with HIPAA Rules and need to implement appropriate safeguards to ensure the confidentiality, integrity, and availability of any PHI that is accessible through their products or services. Any healthcare entity required to comply with HIPAA must ensure that they obtain a signed business associate agreement from a vendor before their products and services are used in connection with PHI. The business associate provides reasonable assurances that appropriate safeguards are in place and that the business associate is aware of its responsibilities under HIPAA. Covered entities...

Read More
Is Alibaba HIPAA Compliant?
Jun20

Is Alibaba HIPAA Compliant?

Alibaba is now the third largest public cloud provider behind Amazon Web Services and Microsoft Azure and is currently experiencing growth in excess of its competitors. While Alibaba is vying to become the leading public cloud provider worldwide, the company has yet to make great inroads into healthcare in the United States. Healthcare organizations in the United States must ensure that any public cloud provider is HIPAA compliant before their services can be used in connection with protected health information, so how does Alibaba Cloud stack up? Is Alibaba Cloud HIPAA compliant? Public cloud providers are classed as business associates under HIPAA, so before their products and services can be used in connection with protected health information it is necessary for a HIPAA-covered entity or business associate to enter into a business associate agreement with the company. The business associate agreement serves as a contract between the covered entity and the cloud service provider and confirms that the cloud service provider is aware of its responsibilities under HIPAA and...

Read More
Cloud Security Alliance Publishes Guidance on Storing Telehealth Data Securely in the Cloud
Jun19

Cloud Security Alliance Publishes Guidance on Storing Telehealth Data Securely in the Cloud

COVID-19 has prompted regulators to remove many telehealth restrictions and healthcare delivery organizations have increased their utilization of telehealth capabilities and are now conducting more virtual visits and are treating patients in their own homes. The regulatory changes have helped to prevent the spread of COVID-19 by reducing the risk of exposure for healthcare providers, and while the regulatory changes are only temporary, there is considerable support for many of the changes to become permanent. The provision of telehealth services means patents’ protected health information is sent over the internet and is being stored in the cloud. While the Department of Health and Human Services’ Office for Civil Rights has issued a Notice of Enforcement Discretion and will not be imposing sanctions and penalties on healthcare providers for data breaches and other HIPAA violations related to the good faith provision of telehealth services, the Notice of Enforcement Discretion is only temporary and only applies for the duration of the nationwide public health emergency. It is...

Read More
iland Wins MSP of the Year Award at Zertocon Virtual 2020
Jun13

iland Wins MSP of the Year Award at Zertocon Virtual 2020

The global cloud service provider iland has collected the MSP of the Year Award at the fifth annual Zerto user conference, ZertoCON. The 2019 Novel Coronavirus pandemic sent ZertoCON virtual this year, yet that did not deter thousands of IT professionals from attending the online event. ZertoCon brings together IT professionals from around the world and gives them the opportunity to learn data protection and disaster recover best practices from leaders in the field, and discuss strategies for ensuring IT resilience and mobility across hybrid and multi-cloud environments. With the volume of ransomware attacks and security breaches now occurring, there is a very real threat of data loss and unplanned downtime and businesses need to be prepared should disaster strike. It is therefore no surprise that developing an effective IT resilience strategy is now a top priority for many businesses. Zerto is an industry leader in IT resilience and iland has helped roll out its technologies to organizations to help them protect their data against internal and external threats. The MSP of the Year...

Read More
Webinar 6/18: Best Practices to Ensure Cloud Center of Excellence Success
Jun12

Webinar 6/18: Best Practices to Ensure Cloud Center of Excellence Success

When businesses first adopt the public cloud and migrate some of their workloads, management is straightforward but as cloud usage grows in size and complexity increases, visibility typically decreases, management becomes a challenge, and there is often considerable wastage of resources. That means that while there are clear benefits that come from the cloud, businesses often fail to achieve the maximum value from their investment. Effective management of cloud infrastructure requires the creation of a Cloud Center of Excellence (CCoE) to oversee cloud usage, manage resources, and ensure all internal stakeholders have adopted best practices. The CCoE team must ensure close collaboration between all teams and departments that consume cloud resources, and any tasks that have been delegated are being properly managed.  The CCoE is also responsible for ensuring cloud costs are kept under control and resources are being fully utilized. Establishing a Cloud Center of Excellence is one thing, ensuring it is successful and achieves its goals is another. CCoEs often struggle to manage...

Read More
Misconfigured Public Cloud Databases are Found and Attacked Within Hours
Jun11

Misconfigured Public Cloud Databases are Found and Attacked Within Hours

Misconfigured public cloud databases are often discovered by security researchers. Misconfigurations that leave cloud data exposed could be due to a lack of understanding about cloud security or policies, poor oversight to identify errors, or negligent behavior by insiders to name but a few. A recent report from Trend Micro revealed cloud misconfigurations were the number one cause of cloud security issues. Security researchers at Comparitech often discover unsecured cloud resources, commonly Elasticsearch instances and unsecured AWS S3 buckets. When the unsecured cloud databases are discovered, the owners are identified and notified to ensure data is secured quickly. Providing the owner can be identified, the databases are usually secured within a matter of hours, but there have been several cases where the database owner has been contacted but no response is received, and it is not always apparent to whom the data belongs. In these cases, data can be left exposed online for several days or even weeks. During that time, the databases remain unprotected and can be accessed and...

Read More
Attacks on Cloud Services Increased by 630% Between January and April
Jun10

Attacks on Cloud Services Increased by 630% Between January and April

COVID-19 has forced businesses to close their offices and allow employees to work from home. Cloud services have been provisioned to support home working and communication solutions such as Zoom, Cisco WebEx, and Microsoft Teams have allowed remote workers in collaborate effectively. A recently published report from cybersecurity company McAfee shows business use of cloud services increased by 50% in the first 4 months of 2020 and collaboration services saw an increase of 600% in usage during the same period. These solutions have allowed businesses to continue to operate, and many have reported productivity has actually improved during the pandemic; however, the rapid change to a largely at-home workforce has introduced vulnerabilities and cybercriminals have taken advantage. Attacks on Cloud Services Have Surged During the Pandemic An analysis of data from over 30 million McAfee cloud customers revealed cyberattacks on cloud services increased by 630% between January and April, 2020. Threats to cloud services were split into two main categories: Excessive usage from an anomalous...

Read More
Rackspace Adopts New Name and Launches New Multicloud Solutions
Jun10

Rackspace Adopts New Name and Launches New Multicloud Solutions

Rackspace has announced the company has changed its name to Rackspace Technology to better reflect the company’s diverse offerings. The renaming follows a series of acquisitions and new strategic partnerships that has allowed the company to expand its services considerably over the course of the past year. The past year has seen Rackspace Technology undergo a massive transformation. The company has now gone all-in on multicloud to help its customers overcome the challenges of adopting a successful multicloud strategy. The company has now created a roadmap that will allow it to continue to deliver innovative solutions to help its customers across the entire technology transformation lifecycle and accelerate their multicloud transformation. The company’s solutions are now divided into four key areas: Cloud optimization – To help customers improve performance while reducing cloud costs to improve ROI Cloud security – To help customers secure their cloud infrastructure and data and assist with compliance Cloud Native Enablement – To accelerate customers’ multicloud transformation,...

Read More
CloudHealth Swaps In-Person Conferences for Online Demos During COVID-19 Pandemic
Jun05

CloudHealth Swaps In-Person Conferences for Online Demos During COVID-19 Pandemic

The COVID-19 pandemic has forced many businesses to accelerate their digital transformation plans in order to better support a fully remote workforce and there has been an increased focus on improving cost efficiency and eliminating wastage during the pandemic. These are areas where CloudHealth by VMware’s solutions are invaluable. CloudHealth usually attends many conferences and trade shows to showcase its solution which helps companies with cost management, governance, automation, security, and performance, but the pandemic has put a stop to these in-person events. CloudHealth has responded by going 100% virtual. The recent CloudLIVE conference was scaled back from a 3-day in-person event to a 1-day virtual event, which was a tremendous success. Following on from that event, CloudHealth has announced the company will be conducting a series of 30-minute virtual group demos as a replacement for the missed trade shows.  During the group demos, CloudHealth will introduce its platform and will demonstrate the benefits. As with the in-person events, attendees will find out more about...

Read More
Otava Cloud Backup Service for Microsoft 365 Launched to Protect Against Data Loss
Jun05

Otava Cloud Backup Service for Microsoft 365 Launched to Protect Against Data Loss

The HIPAA-compliant hosting provider Otava has launched a new comprehensive Veeam-powered backup solution for Microsoft 365. The Otava cloud-backup SaaS service for online Microsoft 365 applications uses Otava’s compliant cloud infrastructure and is available as a fully managed or self-managed solution. The new service provides protection against the accidental deletion of critical data, addresses data retention policy gaps, and provides protection against security threats such as ransomware. A 2019 study conducted by Veeam revealed almost three quarters (74%) of Microsoft 365 users do not have a data protection strategy for their Microsoft 365 applications, even though Microsoft 365 does not have any long-term backup capabilities. When data is deleted from Microsoft 365 applications it is sent to the recycle bin, but in the event of accidental deletion, files can only be recovered for one month, after which time the contents of the recycle bin are permanently deleted. The data of departed employees is also permanently deleted after one month, and while SharePoint and OneDrive...

Read More
Atlantic Receives Gold Stevie Award for Best Healthcare Technology Solution
Jun04

Atlantic Receives Gold Stevie Award for Best Healthcare Technology Solution

The HIPAA-compliant hosting company Atlantic.Net has won two Stevie Awards at the 18th Annual American Business Awards, the premier business award program in the United States. The Stevie Awards are part of a global business award program that recognizes companies and individuals who have made a big impact over the past 12 months and have demonstrated outstanding performance in the workplace. The program is split into 8 geographic regions with nominations received from organizations in more than 70 countries. Each year approximately 12,000 nominations are received globally. This year, more than 3,600 nominations were received from organizations of all types and sizes in America. Almost all industry sectors were represented, including for-profit and non-profit organizations, and public and private sector companies. The nominations were assessed by more than 230 professionals worldwide. Atlantic.Net is a global cloud service provider that specializes in managed and non-managed Windows, Linux, and FreeBSD server hosting solutions with data centers located in New York, London, San...

Read More
Web Application Attacks Double as Threat Actors Target Cloud Data
May21

Web Application Attacks Double as Threat Actors Target Cloud Data

The 2020 Verizon Data Breach Investigations Report shows malware attacks are falling as threat actors target data in the cloud.  This is the 13th year that the report has been produced, which this year contains an analysis of 32,002 security incidents and 3,950 confirmed data breaches from 81 global contributors in 81 countries. The report confirms that the main motivator for conducting attacks is financial gain. 86% of all security breaches were financially motivated, up from 71% last year. 70% of breaches were due to external actors, with 55% of attacks conducted by cybercriminals. 67% of breaches were the result of credential theft or brute forcing of weak credentials (37%) and phishing and other social engineering attacks (25%). 22% of those breaches involved human error. Only 20% of breaches were due to the exploitation of vulnerabilities. It should be noted that it is much easier to conduct attacks using stolen credentials rather than exploiting vulnerabilities, so the relatively low number of vulnerability-related attacks may not be due to organizations patching...

Read More
Microsoft Cloud for Healthcare Launched
May19

Microsoft Cloud for Healthcare Launched

Microsoft Cloud for Healthcare was launched on May 19, 2020. The new healthcare-specific offering from Microsoft is available in public preview, is being offered on a free trial for the next 6 months and is expected to be rolled out in Q4, 2020. The new cloud offering brings together a host of current capabilities for high-value workflows that aim to improve collaboration and help clinicians with decision making by delivering the right information at the right time. The platform also supports automation of workflows and helps healthcare providers improve operational efficiency. The capabilities, which already exist through the likes of Microsoft Dynamics 365, Microsoft Azure, Azure IoT, Microsoft 365, and Microsoft chatbots, will help improve patient engagement, empower closer collaboration between health teams, and allow in-depth data analytics of both structured and unstructured data to improve operational and clinical data insights. Microsoft Cloud for Healthcare is built on a platform that makes it easy to share data between applications and analyse any data that those...

Read More
Rackspace Named Leader in Gartner’s 2020 Magic Quadrant for Public Cloud Infrastructure Professional and Managed Services
May09

Rackspace Named Leader in Gartner’s 2020 Magic Quadrant for Public Cloud Infrastructure Professional and Managed Services

Gartner has published its 2020 Magic Quadrant for Public Cloud Infrastructure Professional and Managed Services, Worldwide and, for the fourth consecutive year, Rackspace has been named a Leader. The Magic Quadrant is a series of market research reports that are compiled using Gartner’s proprietary qualitative data analysis methods. The reports highlight current market trends and demonstrate the level of maturity of companies. The Magic Quadrants plot the position of a company based on its ability to execute and its completeness of vision. A low score in each sees companies categorized as Niche Players, a high score for ability to execute with a low score for completeness of vision sees companies classed as Challengers. A relatively low ability to execute score but high score for completeness of vision sees companies classed as Visionaries, while high scores in both see companies named Leaders. 20 public cloud infrastructure managed and professional services providers were rated in this year’s report, 10 of which were placed in the Leader’s Quadrant. According to Gartner, Leaders...

Read More
May 20, 2020: CloudHealth Takes CloudLIVE 100% Virtual
Apr02

May 20, 2020: CloudHealth Takes CloudLIVE 100% Virtual

CloudLIVE is the industry-leading multicloud conference dedicated to transforming and scaling businesses in the cloud. The conference is hosted by CloudHealth by VMware and draws in professionals from across the cloud computing industry from all around the world. CloudLIVE started life two years ago as an in-person event running over three days. Attendees can learn best practices in cloud management, find out about the latest cloud trends, and get to meet cloud leaders who share a mission of harnessing the power of the cloud to fuel innovation. In September 2019, the event took place at the Boston Encore Hotel but the COVID-19 pandemic has meant an in-person event was a non-starter. Rather than cancel such a valuable and important event, CloudHealth by VMware has taken CloudLIVE online. The event has been shortened from 3 days to a single day and will take place on May 20, 2020. The event kicks off at 8 a.m and will run until sunset, and throughout the day content will be streamed to hundreds of people. There will be industry-leading breakout sessions, customer-led sessions with...

Read More
iland Named 2019 Veeam Impact Cloud & Service Provider Partner of the Year
Mar25

iland Named 2019 Veeam Impact Cloud & Service Provider Partner of the Year

iland has been named 2019 Veeam Impact Cloud & Service Provider Partner of the Year in North America by Veeam Software. This is the fifth year of the annual awards and the fourth time iland has collected the title, having also received the award in 2015, 2017, and 2018. The annual awards recognize North America Veeam ProPartners and Veeam Cloud & Service Provider (VCSP) partners that have extensive knowledge of Veeam Software and have demonstrated success in delivering Veeam solutions to their customers and providing first-class support. To be considered for the awards, companies must also display a high level of innovation and continued product education. iland’s cloud solutions have been developed to ensure that businesses are well protected from cyberattacks and ransomware, and provide peace of mind that should disaster strike, customer data will be protected and recoverable. The cloud backup and disaster-recovery-as-a-service offerings provide direct integration and 100% compatibility with Veeam’s backup and replication software and are provided to businesses by more...

Read More
Cybersecurity Best Practices for Protecting Remote Employees During the COVID-19 Crisis
Mar24

Cybersecurity Best Practices for Protecting Remote Employees During the COVID-19 Crisis

The COVID-19 crisis has meant many individuals have had to self-quarantine or self-isolate, and organizations are under increasing pressure to let their employees work from home whenever possible. While these measures are necessary to keep people safe and avoid infection, having so many employees working remotely increases cyber risk. When people work from home and connect to work networks remotely using portable electronic devices, the attack surface grows considerably and new vulnerabilities are introduced that can exploited by attackers. With attacks targeting remote workers increasing, it is important to ensure that cybersecurity best practices for protecting remote employees are adopted to reduce risk. Phishing Campaigns Targeting Remote Workers Cybercriminals are already exploiting the coronavirus pandemic and are using COVID-19 and coronavirus-themed lures in phishing and social engineering attacks to steal credentials and spread malware. The first major coronavirus-themed phishing and malware distribution campaigns were detected in early January and the volume of malicious...

Read More
Senators Demand Answers from Ascension About Project Nightingale as Google’s Response was Deemed Incomplete
Mar05

Senators Demand Answers from Ascension About Project Nightingale as Google’s Response was Deemed Incomplete

Following the revelation that a considerable volume of patient data had been shared with Google by the Catholic health system Ascension, the second largest health system in the United States, a bipartisan group of Senators – Sen. Bill Cassidy, M.D., (R-LA), Elizabeth Warren (D-MA), and Richard Blumenthal (D-CT) – wrote to Google demanding answers about the nature of the agreements and the information the company received. Ascension operates 150 hospitals and more than 2,600 care facilities in 20 states and the District of Columbia and has more than 10 million patients. In November 2019, a whistleblower at Google passed information to the Wall Street Journal on the nature of the collaboration and claimed that patient data, including patient names, dates of birth, lab test results, diagnoses, health histories and other protected health information, had been shared with Google and was accessible by more than 150 Google employees. In response to the story, Google announced that the partnership, named Project Nightingale, was a cloud migration and data sharing initiative....

Read More
Healthcare Organizations are Overconfident About Their Ability to Protect PHI and Control Data Sharing
Feb28

Healthcare Organizations are Overconfident About Their Ability to Protect PHI and Control Data Sharing

Healthcare organizations are confident they are protecting regulated data and are controlling data sharing, but that confidence appear to be misplaced in many cases according to a recent report from Netwrix. Data has a life cycle. When it is no longer required it should be deleted, but oftentimes sensitive data can remain hidden away on networks for long periods of time. Documents containing sensitive information can be stored in the wrong place where they are no longer subject to the protection measures organizations have implemented to keep confidential information secure and prevent unauthorized access. Misplaced data can be exposed for weeks or months. A recent survey conducted by Netwrix has revealed the extent of the problem. For its 2020 Data Risk & Security Report, Netwrix surveyed 1,045 IT professionals from a wide range of industries and found that the 91% were confident that their sensitive data was stored securely. However, a quarter of respondents said they had found sensitive data stored outside designated storage locations in the past 12 months, indicating that...

Read More
iland Secure Cloud Console Update Improves Visibility of Global BaaS Environments
Feb26

iland Secure Cloud Console Update Improves Visibility of Global BaaS Environments

iland has announced its Secure Cloud Console has been updated and enhanced with Veeam Cloud Connect to provide greater visibility and control of multi-location backups for large enterprises and managed service providers (MSPs). The update gives large enterprises and MSPs a single pane of glass view and support for global cloud backups. Customers are provided with increased granularity that allows them to leverage real-time data over multiple accounts and gives them greater control over multiple tenants without extra work or permissions. Storage management has also been simplified with greater opportunities for self-service, allowing customers to reallocated resources and add new tenants. The update allows global MSPs and enterprises to provide backup-as-a-service internally and, through a single interface, manage multiple repositories and locations. The iland BAAS Insider Protection feature is an air-gapped repository for data that provides protection against internal and external threats, including ransomware attacks. Customers can now view the status of multi-tenant environments...

Read More
Carbon Neutral Green Cloud Launched by Connectria
Feb25

Carbon Neutral Green Cloud Launched by Connectria

Connectria has announced it has launched a carbon neutral ‘green cloud’ in its data centers in the European Union and North America. The new green cloud is available for companies running IBM i and VMware systems and it has been made possible by a new systems architecture at Connectria’s advanced data centers. Companies taking advantage of the new green cloud can reduce their energy consumption by up to 95%. Connectria explained that data centers account for 3% of worldwide energy consumption, so making data centers carbon neutral is not just a token gesture. It can significantly reduce energy consumption and help companies reduce their carbon footprint. “Connectria’s Amsterdam data center is a model of energy efficiency and sustainability, designated as a Leed Gold facility,” said Rusty Putzler, COO of Connectria. The data center uses a combination of biomass and hydroelectric power, drawing all of its power from 100% renewable energy sources. This is achieved while still ensuring reliability for its customers. Data centers generate a lot of heat. To ensure that energy is not...

Read More
Connectria is Now HITRUST CSF Certified
Feb19

Connectria is Now HITRUST CSF Certified

Connectria has announced it has achieved HITRUST Common Security Framework (CSF) Certification for its dedicated customer hosting environments. The HITRUST CSF is a common framework that contains a set of prescriptive controls that ensure compliance with a range of industry regulations and standards. The framework includes the standards laid down in regulations such as the ISO/IEC 27000-series, GDPR, PCI, and the Health Insurance Portability and Accountability Act (HIPAA). HITRUST has a healthcare focus and many healthcare organizations have adopted the HITRUST CSF to demonstrate their privacy and security controls are compliant with HIPAA and the HITECH Act, and they are ensuring the security and privacy of personally identifiable information (PII) and protected health information (PHI) in the cloud. Achieving HITRUST CSF Certification, which requires the successful completion of a comprehensive independent compliance audit, demonstrates Connectria’s data centers are secure and meet the requirements of HIPAA and the HITECH Act. Healthcare clients that partner with Connectria are...

Read More
Acronics Cyber Backups for Dedicated Hosting Launched by Liquid Web
Feb19

Acronics Cyber Backups for Dedicated Hosting Launched by Liquid Web

Liquid Web has announced the launch of Acronis Cyber Backups for Dedicated Hosting to help its customers protect data and ensure quick recovery in the event of disaster. Acronis is the leading provider of on-premise and cloud backup and disaster recovery solutions. The Acronis Cyber Backup Cloud is used by many organizations to protect their virtual, physical and cloud environments and ensure that in the event of a disaster such as a ransomware attack, their data can be easily recovered. Given the number of attacks now taking place, backups are no longer an option. They are a necessity. The Acronis Cyber Backup Cloud can be used by businesses of all sizes to ensure their data is 100% secured. Acronis backup solutions are easy to use, reliable, and have been developed to improve recovery time while creating more efficient uptime. The new Acronis Cyber Backups for Dedicated Hosting service gives Liquid Web customers new capabilities including the ability to self-manage backups and customize their backups through a powerful new portal. Customers can create custom backup plans, set...

Read More
PHI Exposed Due to Sunshine Behavioral Health Group Amazon AWS S3 Bucket Misconfiguration
Feb11

PHI Exposed Due to Sunshine Behavioral Health Group Amazon AWS S3 Bucket Misconfiguration

Portland, OR-based Sunshine Behavioral Health Group, a network of drug an alcohol addiction treatment facilities in California, Colorado, and Texas, has experienced a breach of sensitive patient information. An Amazon AWS S3 bucket was misconfigured which allowed files containing patient billing information to be accessed over the internet. An individual discovered the breach and reported it to Dissent at Databreaches.net. Dissent verified the data and contacted Sunshine Behavioral Health on September 4, 2019 to report the breach and ensure the S3 bucket was secured. Dissent reports that the exposed S3 bucket contained approximately 93,000 files, although that did not correspond to 90,000 patients. A notification about the data breach was sent by ID Experts to the Vermont Attorney General which explains the error was identified on September 4, 2019. The report states that steps were taken to prevent the records from being accessed by unauthorized individuals and further actions were taken on November 14, 2019 to remove the records from general internet access. On December 23, 2019,...

Read More
CloudHealth by VMware Joins the Cloud Security Alliance Security, Trust & Assurance Registry
Jan30

CloudHealth by VMware Joins the Cloud Security Alliance Security, Trust & Assurance Registry

CloudHealth by VMware has announced it became a Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR) registrant on January 23, 2020. The Cloud Security Alliance is a not-for-profit organization that promotes the use of best practices to provide security assurance in cloud computing. The CSA has developed a library of online courses to help its 80,000 worldwide members ensure their cloud environments are properly secured. The CSA also hosts many webinars, events, and community discussions as part of its efforts to educate the business community on cloud security. Cloud service providers can take advantage of the CSA Security, Trust & Assurance Registry Program, which allows them to become certified against industry standards. Cloud customers can use the registry to find cloud companies that meet the level of assurance they need, and to find out more about the measures each vendor has implemented to protect cloud infrastructure and safeguard cloud data. Cloud service providers that have validated their cloud security offerings and been certified can...

Read More
iland Launches New Data Center in Toronto
Jan28

iland Launches New Data Center in Toronto

iland has announced it has launched its 10th global cloud region in Canada, with the opening of a new data center in Toronto, Ontario. The company will be launching another data center in Canada later this year. All of the company’s cloud services are available in the new cloud region, including Infrastructure as a Service (IaaS) Disaster Recovery as a Service (DRaaS), and Backup as a Service (BaaS), and Office 365 backup services. iland will be adding Cloud Object Storage later in 2020. The addition of the new cloud region allows iland to provide hosting services to customers and partners that are looking to achieve the benefits of cloud computing but need to comply with Canada’s data sovereignty requirements. The new cloud region meets Canada’s strict data privacy and security standards and as well as certification requirements for ISO 9001, ISO 27001, CSA STAR and BS 10012. The 242,000 square-foot facility is protected by numerous physical security measures, wand has security officers guarding the facility 24/7/365. The facility has also earned the Gold Level for Leadership in...

Read More
Atlantic.Net Strengthens Cloud Backup Options with New File-Level Recovery Feature
Jan28

Atlantic.Net Strengthens Cloud Backup Options with New File-Level Recovery Feature

Atlantic.Net, the healthcare industry-focused HIPAA-compliant hosting provider, has announced the launch of a brand data recovery feature which has been made available to all customers at no extra cost. A new File-Level Recovery feature has been added that allows Atlantic.Net customers to restore individual files from a backup, instead of having to restore the full system from a point in time backup. Atlantic.Net customers now have the option of enabling ‘Full System Restore’ or ‘File-Level Recovery’ when enabling backups for their Cloud Servers from within the Atlantic.Net Cloud control panel. If File-Level Recovery is selected, individual files can be recovered from any point in time backup. To restore files, customers need to log into their Cloud Server, mount the desired file-level recovery backup, and then select the files they wish to recover. After file recovery has been completed, the file-level backup can be unmounted and detached. “Our File-Level Recovery feature introduces a unique and flexible way to quickly recover data from Atlantic.Net Cloud Backups,” said Marty...

Read More
Rackspace Partners with Alert Logic to Help SMBs Assess AWS and Hybrid Cloud Security
Jan27

Rackspace Partners with Alert Logic to Help SMBs Assess AWS and Hybrid Cloud Security

Rackspace has announced a new partnership with Alert Logic to help SMBs and mid-market AWS customers identify and address security issues in their AWS environments. The partnership will see a new AWS Security Review program offered, which is based on the Alert Logic Managed Detection and Response (MDR) solution. The Security Review gives customers an overview of the security of their AWS environment, by assessing their AWS configuration against AWS CIS Foundations Benchmarks. Security experts at Rackspace will then offer a consultation to customers to review the findings of the analysis and will provide recommendations on how security gaps can be addressed to provide ongoing protection. This program will be particularly valuable for SMB customers, who likely lack the in-house skills to perform comprehensive security reviews of their AWS and hybrid cloud environments. “The AWS Security Review provides customers with a fantastic starting point to begin their security transformation. The combined 24×7 support of Rackspace and Alert Logic experts is a critical enabler of keeping...

Read More
Otava Earns HITRUST Certified Status for Cloud Servers and Services
Jan15

Otava Earns HITRUST Certified Status for Cloud Servers and Services

The Ann Arbor, MI-based HIPAA-compliant hosting company, Otava, has announced it has earned HITRUST Certified Status for information security, covering its private cloud servers, colocation services, and data protection services across five locations in Michigan and Indianapolis and for the OTPortal platform. The HITRUST Common Security Framework (CSF) is a comprehensive and flexible framework with prescriptive, scalable security controls. The HITRUST CSF meets the requirements of several federal regulations including ISO 27001 and the Health Insurance Portability and Accountability Act (HIPAA). Through adoption of the HITRUST CSF, and by taking a risk-based approach, organizations can ensure appropriate information security controls are implemented to protect sensitive information. By achieving HITRUST Certified Status, Otava has demonstrated its hosting solutions and self-service portal have met strict, industry-defined requirements for information security and that risk is being effectively managed. “Security and compliance are the foundation of everything we do at Otava and we...

Read More
Atlantic.Net Introduces New Snapshots Feature with 50GB Free for 1 Year
Dec11

Atlantic.Net Introduces New Snapshots Feature with 50GB Free for 1 Year

Atlantic.Net has announced the launch of a new Snapshots feature, which allows customers to save a point-in-time copy of their cloud server’s local storage. Snapshots allow Atlantic.Net customers to restore their cloud server to the moment the snapshot was taken. It is also possible to transfer a copy the snapshot over to a different location and create a new server based on a snapshot. All snapshots are automatically encrypted to ensure snapshot data is kept 100% secure. Snapshots have been made available at all seven Atlantic.Net data center locations – New York, Dallas, Toronto, San Francisco, Ashburn, Orlando, and London. As an introductory offer, Atlantic.Net is offering customers 50GB of snapshot storage free of charge for the first year. Any additional gigabytes of snapshot data used are charged at Atlantic.Net’s standard rate of 5 cents per month, for each location where the snapshots are stored. Atlantic.Net’s pricing is based on the size of the snapshot, not the size of the disk or file system being saved. This introductory offer is available to all customers and expires...

Read More
Healthcare Threat Detections Up 45% in Q3 and 60% Higher Than 2018
Dec04

Healthcare Threat Detections Up 45% in Q3 and 60% Higher Than 2018

Cyberattacks on healthcare organizations have increased in frequency and severity in the past year, according to recently published research from Malwarebytes. In its latest report – Cybercrime Tactics and Techniques: The 2019 State of Healthcare – Malwarebytes offers insights into the main threats that have plagued the healthcare industry over the past year and explains how hackers are penetrating the defenses of healthcare organizations to gain access to sensitive healthcare data. Cyberattacks on healthcare organizations can have severe consequences. As we have seen on several occasions this year, attacks can cause severe disruption to day to day operations at hospitals often resulting in delays in healthcare provision. In at least two cases, cyberattacks have resulted in healthcare organizations permanently closing their doors and a recent study has shown that cyberattacks contribute to an increase in heart attack mortality rates. Even though the attacks can cause considerable harm to patients, attacks are increasing in frequency and severity. Malwarebytes data shows the...

Read More
Otava Launches New Suite of Veeam-Powered Cloud Backup Solutions
Nov19

Otava Launches New Suite of Veeam-Powered Cloud Backup Solutions

Otava, a provider of secure, compliant hybrid cloud solution provider for enterprises and channel partners, has announced it has expanded its Veeam-powered offerings with a new suite of Veeam Availability Suite cloud-backup solutions which give its customers greater flexibility and control over their backup and disaster recovery environments. Three new solutions have been added to the Otava portfolio which will help its clients and partners manage all of their cloud backups through a single console. The three new additions are: Otava Cloud Connect, Otava-Managed Cloud Backup, and Self-Managed Cloud Backup. Otava Cloud Connect can be used as a primary or secondary data repository, irrespective of where data resides. This cloud backup solution protects against data loss in the event of a ransomware attack or other malicious cyberattack. The solution incorporates Veeam insider Protection and creates a 7-day backup window with an extra copy of the user’s data which can be used if data is remotely wiped. Otava-Managed Cloud Backup helps businesses protect mission-critical data and focus...

Read More
NIST Releases Final Big Data Interoperability Framework
Nov01

NIST Releases Final Big Data Interoperability Framework

The National Institute of Standards and Technology (NIST) has released its final Big Data Interoperability Framework (NBDIF) to help with the creation of data analysis software tools that can run on any computing platform and be easily moved from one computing platform to another. NBDIF is the culmination of several years of work and collaboration with more than 800 experts from the government, academia, and private sector. The final document is divided into nine volumes covering big data definitions and taxonomies, use case & requirements, privacy and security, reference architecture, roadmap standards, a reference architecture interface, and modernization and adoption. The main purpose of NBDIF is to guide developers on the creation and deployment of widely useful tools for big data analysis that can be used on different computing platforms; from a single laptop computer to multi-node cloud-based environments. Developers need to create their big data analysis tools to allow them to easily be moved from one platform to another and allow data analysts to be able to switch to...

Read More
Is AWS HIPAA Compliant?
Oct27

Is AWS HIPAA Compliant?

Is AWS HIPAA compliant? Amazon Web Services has all the protections to satisfy the HIPAA Security Rule and Amazon will sign a business associate agreement with healthcare organizations. So, is AWS HIPAA compliant? Yes. And No. AWS can be HIPAA compliant, but it is also easy to make configuration mistakes that will leave protected health information (PHI) unprotected and accessible by unauthorized individuals, violating HIPAA Rules. Amazon Will Sign a Business Associate Agreement for AWS Amazon is keen for healthcare organizations to use AWS, and as such, a business associate agreement will be signed. Under that agreement, Amazon will support the security, control, and administrative processes required under HIPAA. Previous, under the terms of the AWS BAA, the AWS HIPAA compliance program required covered entities and business associates to use Amazon EC2 Dedicated Instances or Dedicated Hosts to process Protected Health Information (PHI), although that is now no longer the case. As part of its efforts to help healthcare organizations use AWS safely and securely without violating...

Read More
Gartner Releases 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations
Oct16

Gartner Releases 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations

Gartner has published its 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations (HDOs). The report contains an analysis of the healthcare cloud market and explains how the cloud can be a viable option for healthcare organizations seeking greater efficiency and flexibility than is achievable with traditional on-premises infrastructure. Many healthcare organizations are now realizing the value of cloud-based solutions and how intelligent use of the cloud can help improve efficiency, eliminate waste, and drive down the cost of healthcare delivery. The industry may lag behind other sectors in terms of cloud adoption, but the landscape is changing fast as the healthcare cloud market matures. Healthcare CIOs are now viewing the cloud as an extension of their internal infrastructure. While initially there was a great deal of skepticism about the cloud due to the security risks and potential for costs to spiral out of control, there is now widespread acceptance that the cloud can serve as an IT service delivery model and the healthcare industry is now much more...

Read More
Study Explores State of the Cloud for MSPs
Sep26

Study Explores State of the Cloud for MSPs

Many Managed Service Providers (MSPs) have realized the cloud is the key to growth and success over the next few years. Assisting companies that are taking a cloud-first approach as part of their digital transformation will help MSPs boost their profits, but there are many challenges that need to be overcome to ensure success. To explore the opportunities and challenges faced by MSPs in a multicloud world, CloudHealth by VMware recently commissioned Forrester Consulting to conduct a survey to identify the state of the cloud for MSPs. The survey was conducted online on 245 Managed Service Providers, and directors, VPs and executives within MSPs that organize service offerings were interviewed. The findings of the survey have been published in the report, The State of the Cloud for MSPs. MSPs expect their cloud offerings to drive growth by around 40% in the next two years but many MSPs have faced significant challenges operating in a multicloud world which they are struggling to overcome. 80% of surveyed MSPs said multicloud challenges were impacting their ability to provide services...

Read More
SpamTitan Named Cloud Email Security Leader by G2 Crowd for 3rd Consecutive Quarter
Sep22

SpamTitan Named Cloud Email Security Leader by G2 Crowd for 3rd Consecutive Quarter

SpamTitan has been named the leader in the G2 Crowd Grid Summer 2019 Report for Cloud Email Security. This is the third consecutive quarter that TitanHQ’s 100% cloud-based anti-spam and anti-phishing solution has been named leader in G2 Crowd’s Grid reports. G2 Crowd is an independent review website that provides SMBs and MSPs with insights into the best software companies and products on the market. The Grid reports cover the top-reviewed security products and software solutions. Each company’s position in the Grid is calculated from user reviews and aggregated data from online sources and social networks. G2 Crowd applies an algorithm to calculate scores for customer satisfaction and market presence, the latter being based on market share, vendor size, and social impact. Low customer satisfaction and a small market footprint see products/companies classed as niche players. Low customer satisfaction and strong market presence see a company/product classed as a contender. High customer satisfaction and a small market footprint place companies and products in the high performers...

Read More
iland Enhances Catalyst Cloud Migration Tool
Sep16

iland Enhances Catalyst Cloud Migration Tool

The Houston, TX-based cloud service provider, iland, has announced that it has enhanced its complimentary Catalyst cloud migration tool. The tool can be used by companies to help plan migrations to the cloud from traditional data centers and ensure they right-size their cloud environments and avoid under- and over-provisioning. When migrating from traditional data centers to cloud-based infrastructure, businesses have to predict what resources they will need. Decisions are made based on the size of applications, the frequency of use, and it is also necessary to determine whether certain workloads are actually compatible with cloud services. Businesses must also assess the costs involved to determine whether cloud migration is viable and cost-effective. The Catalyst cloud migration tool takes the guesswork out of the equation and allows businesses to accurately estimate the service costs per month as well as ad hoc costs. The tool also helps determine whether DRaaS, BaaS, and cloud migration is feasible and allows businesses to get things right first time around. The latest update...

Read More
iland is Now VMware Cloud Certified
Aug27

iland is Now VMware Cloud Certified

The global cloud service provider iland has announced it has achieved VMware Cloud Verified status. VMware Cloud Verified status confirms the secure iland cloud platform integrates with VMWare-based services and that iland’s services can be run on top of the complete VMware Cloud infrastructure. iland has a long history of working with VMware and has helped several thousand VMware customers protect their data and applications in the cloud. iland’s cloud platform fully integrates with VMware services, providing customers with a familiar experience across iland’s infrastructure-as-a-service (IaaS), backup-as-a-service (BaaS), and disaster recovery-as-a-service (DRaaS) offerings. The VMware Cloud Certified badge confirms that VMware cloud infrastructure users are able to retain the full capabilities of VMware Cloud infrastructure such as interoperability, flexibility, and cost optimization, while taking advantage of iland’s IaaS, Baas, and DRaaS services. Under the VMware Partner Program, companies that have been VMware Cloud Verified have been confirmed as being able to offer the...

Read More
CloudHealth Launches Solution That Gives Visibility into Cost, Usage, and Performance of Hybrid Cloud Resources
Aug27

CloudHealth Launches Solution That Gives Visibility into Cost, Usage, and Performance of Hybrid Cloud Resources

CloudHealth By VMware is about to launch a new solution to help businesses with hybrid cloud management and optimization: CloudHealth Hybrid. CloudHealth Technologies was acquired by VMware a year ago and became CloudHealth By VMware. The acquisition has boosted investment in the public cloud by 88% and, during the past year, CloudHealth’s customer base has increased by 29%. CloudHealth now has more than 180 partners worldwide and serves more than 7,000 business customers. More than $8.8 billion in public cloud spending is now managed through the platform. The company is a leader in multicloud management and now hybrid cloud customers will soon be provided with a solution that gives full visibility into cost, usage, and performance for all their hybrid cloud resources. CloudHealth Hybrid, which will be released by the end of Q3, 2019, incorporates the functionality of the CloudHealth Data Center and VMware vRealize Business for Cloud (vRBC), which have been combined into a single SaaS offering. vRealize helps organizations achieve operational efficiency and automation, while...

Read More
Is iCloud HIPAA Compliant?
Aug01

Is iCloud HIPAA Compliant?

Is iCloud HIPAA compliant? Can healthcare organizations use iCloud for storing files containing electronic protected health information (ePHI) or sharing ePHI with third-parties? This article assesses whether iCloud is a HIPAA compliant cloud service. Cloud storage services are a convenient way of sharing and storing data. Since files uploaded to the cloud can be accessed from multiple devices in any location with an Internet connection, information is always at hand when it is needed. There are many cloud storage services to choose from, many of which are suitable for use by healthcare providers for storing and sharing ePHI. They include robust access and authentication controls and data uploaded to and stored in the cloud is encrypted. Logs are also maintained so it is possible to tell who accessed data, when access occurred, and what users did with the data once access was granted. iCloud is a cloud storage service that owners of Apple devices can easily access through their iPhones, iPads, and Macs. iCloud has robust authentication and access controls, and data is encrypted in...

Read More
Atlantic.Net Celebrates 25 Years as Internet and Cloud Services Provider
Aug01

Atlantic.Net Celebrates 25 Years as Internet and Cloud Services Provider

Atlantic.Net, a cloud service provider that specializes in HIPAA-compliant hosting for the healthcare industry, is celebrating its 25th anniversary this year. The company was formed in 1994 as an Internet service provider, but over the years has adapted with the latest technology trends and in 2009 transitioned into cloud services. Over the next 10 years the company further developed its hosting platform and associated services and is now a major cloud services provider with more than 15,000 business clients in over 100 countries. “What started as an ISP in a university dorm has evolved into a leading Cloud Services Provider that our clients have come to rely on for powering their businesses, securing their data, and ensuring compliance and business continuity,” said Atlantic.Net Founder, President, and CEO, Marty Puranik. “By offering optimized Cloud and traditional hosting that protects and scales with our customer’s businesses, we have grown into an international brand with a computing presence in multiple countries. We thank our loyal staff and clients, without whom our success...

Read More
HIPAA Compliance and Cloud Computing Platforms
Jul28

HIPAA Compliance and Cloud Computing Platforms

Before cloud services can be used by healthcare organizations for storing or processing protected health information (PHI) or for creating web-based applications that collect, store, maintain, or transmit PHI, covered entities must ensure the services are secure. Even when a cloud computing platform provider has HIPAA certification, or claims their service is HIPAA-compliant or supports HIPAA compliance, the platform cannot be used in conjunction with ePHI until a risk analysis – See 45 CFR §§ 164.308(a)(1)(ii)(A) – has been performed. A risk analysis is an essential element of HIPAA compliance for cloud computing platforms. After performing a risk analysis, a covered entity must establish risk management policies in relation to the service – 45 CFR §§ 164.308(a)(1)(ii)(B). Any risks identified must be managed and reduced to a reasonable and appropriate level. It would not be possible to perform a comprehensive, HIPAA-compliant risk analysis unless the covered entity fully understands the cloud computing environment and the service being offered by the platform...

Read More
Is Amazon CloudFront HIPAA Compliant?
Jul28

Is Amazon CloudFront HIPAA Compliant?

Is Amazon CloudFront HIPAA compliant and can the web service be used by HIPAA covered entities without violating HIPAA Rules? In this article, we determine whether Amazon CloudFront supports HIPAA compliance or if it should be avoided by HIPAA-covered entities. What is Amazon CloudFront? Amazon CloudFront is a web service that allows users to speed up web content delivery over the Internet and for website hosting. Typically, when a website is accessed, the visitor experiences some latency accessing static and dynamic content. The reason for this is visitors will not make a direct connection to the content, instead they will be routed through a path to reach the server where the content can be accessed. The path can involve many routing points, will inevitably have an impact on the speed at which content can be accessed. By using a content delivery network such as Amazon CloudFront, it is possible to reduce latency and improve reliability and availability of web content. By delivering content via a network of data centers (edge locations), users are routed to the nearest location...

Read More
How to Choose the Right Healthcare Cloud Provider
Jul24

How to Choose the Right Healthcare Cloud Provider

Healthcare organizations often turn to a HIPAA compliant cloud vendor or Managed Service Provider to help them ensure electronic patient records are secured and they are in compliance with the Health Insurance Portability and Accountability Act (HIPAA). HIPAA contains an extensive set of rules for healthcare organizations which were introduced in 1996 to improve privacy and security of patient information, eliminate waste in healthcare, and combat fraud. This legislative act introduced new and legally binding requirements for healthcare providers to secure their systems, improve privacy and security protections, and keep health data private and confidential at all times. The Act and its subsequent updates have served to strengthen privacy protections, give patients new rights, and ensure that all healthcare organizations achieve a minimum standard of data security. It may seem that HIPAA is at odds with cloud computing, but there is nothing in HIPAA legislation that prohibits use of the cloud for sharing or storing patient data. HIPAA covered entities can use cloud platforms and...

Read More
Is IBM Cloud HIPAA Compliant?
Jul23

Is IBM Cloud HIPAA Compliant?

Is IBM Cloud HIPAA compliant? Is the cloud platform suitable for healthcare organizations in the United States to host infrastructure, develop health applications and store files? In this post we assess whether the IBM Cloud supports HIPAA compliance and the platform’s suitability for use by healthcare organizations. IBM offers a cloud platform to help organizations develop their mobile and web services, build native cloud apps, and host their infrastructure along with a wide range of cloud-based services for the capture, analysis, and processing of data. The platform has already been adopted by many healthcare providers, payers, and health plans, and applications and portals have been developed to provide patients with better access to their health information. IBM Cloud Security IBM is a leader in the field of network and data security, and its expertise has meant its cloud platform is highly secure. Security is built into the core of all of the firm’s software and services to ensure that sensitive data remains confidential and cannot be accessed by unauthorized individuals. Its...

Read More
Hospital Quality Institute Chooses Otava Virtual Private Cloud Environments for Sensitive Healthcare Data
Jul13

Hospital Quality Institute Chooses Otava Virtual Private Cloud Environments for Sensitive Healthcare Data

The Ann Arbor, MI-based cloud services company, Otava, has announced it has been chosen by the Hospital Quality Institute to host sensitive healthcare data in two new virtual private cloud environments. The Hospital Quality Institute was created by the California Hospital Association, Hospital Association of San Diego and Imperial Counties, and Hospital Council of Northern and Central California to help gauge the performance of hospitals in California and identify areas where improvements can be made to quality and patient safety. In order to assess hospital quality and patient safety, the Hospital Quality Institute collects data from hospitals and, through accurate metrics, provides valuable information to California Hospital Association members that allows them to demonstrate success, improve quality, and enhance patient safety. Rather than host its databases on-premises, the Hospital Quality Institute is using the cloud to host sensitive healthcare data and, by so doing, gain significant resource and cost benefits. Since the Hospital Quality Institute is required to comply with...

Read More
UMC Physicians Discovers Patient Information Was Uploaded to Unapproved and Unsecured Cloud Service
May15

UMC Physicians Discovers Patient Information Was Uploaded to Unapproved and Unsecured Cloud Service

The Lubbock, TX-based medical group UMC Physicians is alerting patients of UMC Southwest Gastroenterology that some of their protected health information has been exposed as a result of errors of judgement by two of its employed providers. Those providers had each set up a Google shared drive which was used to track follow up tasks related to the provision of care to patients. While the shared drives were set up with good intentions and were intended to help improve the care provided to patients, the providers used an unapproved cloud storage solution and patient data was inadvertently stored on an unsecured network. UMC Physicians discovered the policy violation on March 12, 2019 and launched an investigation to determine which patients’ protected health information had been exposed. During the course of that investigation, UMC Physicians determined that one of the providers had also been forwarding emails containing patient information to an unsecured Gmail account. The types of information that had been stored on the unsecured network and emailed to the Gmail account included...

Read More
Key Findings of the 2019 Verizon Data Breach Investigations Report
May08

Key Findings of the 2019 Verizon Data Breach Investigations Report

Today sees the release of the 2019 Verizon Data Breach Investigations Report. This is the 12th edition of report, which contains a comprehensive summary of data breaches reported by public and private entities around the globe. The extensive report provides in-depth insights and perspectives on the tactics and techniques used in cyberattacks and detailed information on the current threat landscape.  The 2019 Verizon Data Breach Investigations Report is the most comprehensive report released by Verizon to date and includes information from 41,686 reported security incidents and 2,013 data breaches from 86 countries. The report was compiled using data from 73 sources. The report highlights several data breach and cyberattack trends. Some of the key findings of the report are detailed below: C-Suite executives are 12 time more likely to be targeted in social engineering attacks than other employees Cyber-espionage related data breaches increased from 13% of breaches in 2017 to 25% in 2018 Nation-state attacks increased from 12% of attacks in 2017 to 23% in 2018 Financially motivated...

Read More
TrueVault Launches TrueVault Atlas Cloud
May05

TrueVault Launches TrueVault Atlas Cloud

TrueVault has announced it has launched a new cloud-based version of TrueVault Atlas, the self-managed solution that generates automatic alerts when personal data is moved to a location where it should not be saved. TrueVault Atlas also includes automation tools to allow companies to automatically rectify issues with personal data, including erasing or exporting that data to prevent any compliance issues. This is possible because TrueVault Atlas continuously indexes data in a range of different third-party systems such as SalesForce, Gmail, and databases such as MySQL and Postgres. All data is catalogued, allowing it to be quickly located when needed. Companies can therefore be certain that they know all locations where data is saved at all times. This is particularly important for any company that is required to comply with the EU General Data Protection Regulation. It ensures that if an EU citizen requests a copy of their personal data or exercises their right to be forgotten, all copies of that data can be quickly and easily found, and requests can be processed quickly. The...

Read More
TitanHQ Releases Webtitan Cloud 4.12
May01

TitanHQ Releases Webtitan Cloud 4.12

TitanHQ has announced the release of a new version of its DNS filtering solution, WebTitan Cloud. Along with a range of updates to ensure the continued smooth running of the platform, TitanHQ has introduced a new feature in WebTitan Cloud v4.12: Location based policies. Location-based policies give organizations the flexibility to apply filtering controls and enforce acceptable internet usage polices on a per location basis. The new feature allows internet filtering policies to be set by location for each user, whether they are on or off the network. Should an employee attempt to visit a website that is not permitted by their policy, a customizable block page will be presented. The solution also supports cloud keys, which allow a specific user to bypass Internet controls for a finite period of time. Search functionality has also been improved in WebTitan Cloud v4.12. A search option has been added to the history page, which allows searches to be performed by location with autocomplete. This gives administrators the ability to see traffic at a specific location, at a specific time,...

Read More
AWS Chief Technology Officer Allays Fears about Cloud Security and Talks about the Huge Potential of Alexa Voice Technology
Apr12

AWS Chief Technology Officer Allays Fears about Cloud Security and Talks about the Huge Potential of Alexa Voice Technology

Amazon Web Services’ chief technology officer, Werner Vogels, has been dispelling security myths about cloud computing at the Dublin Tech Summit in Ireland this week. Concerns have been raised about the security of data stored in the cloud, especially following the discovery that 540 million Facebook records had been exposed on AWS: One of several high-profile data breaches that have involved AWS-stored data in the past 12 months. Fears About Compliance and the Cloud Companies required to comply with General Data Protection Regulation (GDPR) must ensure that the personal data of EU citizens is secured and kept private and confidential. Since GDPR came into effect on May 25, 2018, the potential penalties for data exposures have increased significantly. It is therefore understandable that companies are concerned about storing data in the cloud rather than on-premise infrastructure that they feel better able to secure. Germany’s federal commissioner, Ulrich Kelber, spoke before Vogels at the Tech Summit and voiced his concerns about American cloud storage providers, stating that they...

Read More
Is Calendly HIPAA Compliant?
Mar14

Is Calendly HIPAA Compliant?

Calendly is a popular tool that is used by many businesses to schedule meetings and appointments, but can Calendly be used by healthcare organizations? Is Calendly HIPAA compliant? Businesses can waste a considerable amount of time scheduling appointments and meetings. Lengthy email exchanges and phone tag are commonplace. Calendly aims to eliminate the time wasted attempting to connect with others and the platform can reduce no-show rates through automated email and text reminders. The solution integrates with Google Calendar, iCloud calendar, Office 365, Salesforce, and GoToMeeting and other popular software platforms and can also be integrated directly into business websites to allow customers to schedule appointments directly. The platform is used by healthcare organizations for scheduling internal meetings, but in order to use Calendly with any electronic protected health information, healthcare organizations would first need to enter into a HIPAA-compliant business associate agreement with Calendly. Is Calendly HIPAA Compliant? Calendly explains on its website that the...

Read More
RackSpace Named Leader in Gartner’s 2019 Magic Quadrant for Public Cloud Infrastructure Professional and Managed Services
Mar13

RackSpace Named Leader in Gartner’s 2019 Magic Quadrant for Public Cloud Infrastructure Professional and Managed Services

Rackspace has been named a leader in Gartner’s 2019 Magic Quadrant for Public Cloud Infrastructure Professional and Managed Services, Worldwide, achieving the second highest score for ability to execute out of 19 companies in the Magic Quadrant assessment. This is the third consecutive year that the company has been positioned in the leader’s quadrant. The Magic Quadrants are graphical representations of companies based on the completeness of their vision and their ability to execute that vision. High scores in both areas see companies named as a Leader in the field. Low scores in both see firms categorized as Niche Players, a high score for completeness of vision and a low score for ability to execute sees firms classed as Visionaries, and a high score for ability to execute and a low score for completeness of vision sees them categorized as Challengers. The high score for completeness of vision is due to Rackspace constantly assessing the requirements of its customers and developing new services to meet those needs. The company develops comprehensive IT roadmaps, guidance on...

Read More
iland Secure Cloud Console Receives a Major Upgrade
Jan25

iland Secure Cloud Console Receives a Major Upgrade

The secure cloud service provider iland has announced its Secure Cloud Console has received a major upgrade and now includes full integration with Veeam data protection solutions. iland is a two-time winner of a Veeam Innovation Award (2018/2019), was Veeam Impact Cloud & Service Provider Partner of the Year for North America in 2015 and 2017, and is currently the only cloud service provider to offer integration with the full suite of Veeam solutions through a single management console. Following the release of Veeam Availability Suite 9.5 Update 4, iland customers can manage, monitor, and report on cloud backups, disaster recovery services, and long-term data archiving through a single pane of glass. The Veeam integration is only part of an extensive number of updates to the Secure Cloud Console. iland has also improved visibility of historical usage, performance, and billing, and together with full self-service management capabilities, customers can configure and automate disaster recovery, thoroughly self-test disaster recovery strategies and failover, and request additional...

Read More
30% of Healthcare Databases Misconfigured and Accessible Online
Dec12

30% of Healthcare Databases Misconfigured and Accessible Online

A recent study by the enterprise threat management platform provider Intsights has revealed an alarming amount of healthcare data is freely accessible online as a result of exposed and misconfigured databases. While a great deal of attention is being focused on the threat of cyberattacks on medical devices and ransomware attacks, one of the primary reasons why hackers target healthcare organizations is to steal patient data. Healthcare data is extremely valuable as it can be used for a multitude of nefarious purposes such as identity theft, tax fraud and medical identity theft. Healthcare data also has a long lifespan – far longer than credit card information. The failure to adequately protect healthcare data is making it far too easy for hackers to succeed. Healthcare Organizations Have Increased the Attack Surface The cloud offers healthcare organizations the opportunity to cut back on the costs of expensive in-house data centers. While cloud service providers have all the necessary safeguards in place to keep sensitive data secure, those safeguards need to be activated and...

Read More
Cybersecurity Best Practices for Healthcare Organizations
Nov01

Cybersecurity Best Practices for Healthcare Organizations

The Department of Health and Human Services’ Office for Civil Rights has drawn attention to basic cybersecurity safeguards that can be adopted by healthcare organizations to improve cyber resilience and reduce the impact of attempted cyberattacks. The advice comes at the end of cybersecurity awareness month – a four-week coordinated effort between government and industry organizations to raise awareness of the importance of cybersecurity. While all organizations need to implement policies, procedures, and technical solutions to make it harder for hackers to gain access to their systems and data, this is especially important in the healthcare industry. Hackers are actively targeting healthcare organizations as they store large quantities of highly sensitive and valuable data. Healthcare organization need to ensure that their systems are well protected against cyberattacks, which means investing in technologies to secure the network perimeter, detect intrusions, and block malware and phishing threats. Large healthcare organizations have the resources to invest heavily in...

Read More
Study Reveals 75% of Employees Lack Security Awareness
Oct25

Study Reveals 75% of Employees Lack Security Awareness

For the past three years, security awareness training company MediaPRO has conducted an annual study of employees’ security awareness and knowledge of cybersecurity best practices. The study measures the susceptibility of employees to a wide range of security threats and assesses their ability to identify phishing threats, possible malware infections, and cloud computing and social media risks. Their knowledge of best practices concerning physical security, working remotely, and reporting security incidents is also tested. This year, 1,024 employees from 7 industry sectors took part in the State of Privacy and Security Awareness study and were asked questions relating to all of the above aspects of privacy and security. MediaPRO assigned each participant a category based on the percentage of questions they got right: Hero – An individual with an excellent understanding of security and how to protect assets. Novice – Someone that has a reasonable understanding of the basics of security but needs to improve their knowledge in key areas. Risk – An individual whose lack of...

Read More
Atlantic.Net Awarded TMC 2018 Cloud Computing Security Excellence Award
Oct18

Atlantic.Net Awarded TMC 2018 Cloud Computing Security Excellence Award

Atlantic.Net, a leading provider of HIPAA-compliant hosting solutions and associated managed services, has been honored in this year’s TMC’s 2018 Cloud Computing Security Excellence Awards. TMC is an integrated media company that helps global buyers make the right purchasing decisions through the company’s content-driven marketplaces, education efforts, and live events. Each year, TMC recognizes the leading cloud computing companies and issues Excellence Awards to companies that have gone the extra mile and developed cutting edge cloud security services and solutions that offer exceptional protection from an ever-growing number of cybersecurity threats. “Today, the Internet is challenged by an ever-growing number of cyber security threats – including viruses, malware, DDoS, ransomware and more,” said Marty Puranik, CEO of Atlantic.Net.  “Here at Atlantic.Net we pride ourselves on keeping our clients’ data and infrastructure protected to help ensure privacy, security, and compliance.” In addition to its HIPAA-compliant hosting and HIPAA data storage services for the healthcare...

Read More
Atlantic.Net Included in November 2017 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations
Oct06

Atlantic.Net Included in November 2017 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations

HIPAA-compliant hosting company Atlantic.Net has been recognized by Gartner in its November 2017 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations. The Market Guide is produced by Gartner Research to help CIOs at Healthcare Delivery Organizations gain a better understanding of the rapidly evolving cloud market and helps them identify notable cloud vendors. The Market Guide explains how the cloud is now a well-established option for healthcare delivery organizations, what security solutions are required for HIPAA compliance, and the key cloud services that will help make the organization’s cloud journey a success. Atlantic.Net is an Orlando, FL-based provider of HIPAA-compliant hosting, cloud hosting, and managed cloud services to the healthcare industry. Established in 1994, the company has grown into a market leader with state-of-the-art data centers throughout the United States and beyond. Atlantic.Net has recently just opened its 7th U.S. data center in Ashburn, VA, through which the full range of cloud and hosting services are now being provided....

Read More
Atlantic.Net Launches VMware-Based Private Cloud Hosting Platform
Aug12

Atlantic.Net Launches VMware-Based Private Cloud Hosting Platform

Atlantic.Net has announced a new collaboration with the enterprise cloud computing and virtualization software giant VMware. VMware is the name behind the software that powers the digital infrastructure of millions of businesses around the world, from SMBs to large enterprises and many Fortune 500 firms. Atlantic.Net is a market-leading hosting provider that specializes in HIPAA-compliant hosting solutions for the healthcare industry and associated managed services. The collaboration has seen Atlantic.Net join the VMware Cloud Provider Program, which will allow the company to deliver a secure, high performance, ultra-flexible VMware-based private cloud hosting platform to its customers. The new platform will bring enterprise-class virtualization technology to the SMBs marketplace, which can be leveraged to improve efficiency and significantly reduce costs. “Now, at Atlantic.Net, we will be able to provide our clients with the ability to choose the best private cloud environment to meet their needs,” said Atlantic.Net Chief Executive Officer and President, Marty Puranik. “Whether...

Read More
Liquid Web Launches Protection & Remediation Services for its Managed Hosting Solutions
Aug12

Liquid Web Launches Protection & Remediation Services for its Managed Hosting Solutions

Lansing, MI-based managed hosting and managed application services provider Liquid Web has launched new Protection & Remediation Services for its Managed Hosting solutions to better protect customers from cyberattacks and help them achieve their compliance objectives. Cybersecurity is now a major concern for businesses given the increase in attacks and the high cost of remediating security incidents and data breaches. When cyberattacks succeed, identifying a breach typically takes 200 days or more. During the time that systems are compromised, sensitive data can be stolen and significant damaged can be caused. Liquid Web’s new Protection & Remediation Services have the dual purpose of hardening server and application-level defenses to make it more difficult for cyberattacks to succeed and also ensure that if defenses are breached, the attacks are identified and remediated rapidly. Liquid Web achieves this through the use of a range of preventative security tools such as web application firewalls, antivirus protection, and vulnerability scanning. These measures ensure...

Read More
Is the Google Cloud Platform HIPAA Compliant?
Jul31

Is the Google Cloud Platform HIPAA Compliant?

Is the Google Cloud Platform HIPAA compliant?  Is the Google Cloud Platform a suitable alternative to Azure and AWS for cloud hosting for healthcare organizations? In this post we determine whether the Google Cloud platform is HIPAA compliant and if it can be used by healthcare organizations to build applications, host infrastructure, and store files containing protected health information. Healthcare organizations are increasingly taking advantage of cloud platforms. The healthcare cloud computing market was valued at $4.65 billion in 2016 and is expected to increase to more than $14.76 billion by 2022. Amazon AWS is still the leading platform with a market share of 62% according to KeyBlanc, with Microsoft Azure second on 20%, but Google is gaining ground, with a market share of around 12%. Amazon and Microsoft both offering platforms that support HIPAA compliance, but what about Google? Is the Google Cloud Platform HIPAA compliant? Will Google Sign a Business Associate Agreement Covering its Cloud Platform? Since the Omnibus Rule came into effect in September 2013, Google has...

Read More
Qcentive Controls AWS Costs & Enables Cloud Computing in Healthcare with ParkMyCloud
Jul02

Qcentive Controls AWS Costs & Enables Cloud Computing in Healthcare with ParkMyCloud

The Massachusetts-based healthcare startup Qcentive, the developer of a cloud-based platform that helps healthcare companies with the creation and management of value-based contracts, was one of the first companies authorized to move healthcare data to the cloud. The first-in-class transaction platform has been certified as HIPAA compliant and incorporates appropriate safeguards to ensure the confidentiality, integrity, and availability of ePHI. The company uploads patient and healthcare contract information to AWS, where the data are accessed by the company’s application. The platform helps its health plan clients and their value-based contracting providers analyze claims data and patient information such as emergency room visits and use the information to quickly calculate potential savings. While developing the platform, Qcentive uploaded large quantities of patient and claim data to AWS and created AWS resources as necessary, although as many companies discover, AWS costs can quickly mount up. Qcentive tried to find a way to keep its AWS costs under control, starting with...

Read More
Is Rackspace HIPAA Compliant?
Jun21

Is Rackspace HIPAA Compliant?

The Windcrest, TX-based managed cloud computing company Rackspace offers public cloud and email hosting services, but can they be used by HIPAA-covered entities without violating HIPAA Rules? Is Rackspace HIPAA compliant? Will Rackspace Sign a Business Associate Agreement with HIPAA Covered Entities? Rackspace is aware that by allowing healthcare organizations to use its services, the company is classed as a HIPAA business associate and must agree to comply with the HIPAA Privacy and Security Rules. Rackspace has obtained HITRUST and HITRUST CSF certifications which demonstrate the company meets the data and privacy security standards demanded by HIPAA for managed public, private, and hybrid cloud environments. The company uses extended SSL encryption and meets PCR DSS data security requirements. The company provides assistance to healthcare companies to help them use its services and comply with HIPAA Rules and develop an approach that satisfies HIPAA Rules and meets their business needs. Rackspace will also sign a business associate agreement for its dedicated hosting services,...

Read More
Secure Block Storage (SBS) Now Available for Atlantic.Net Cloud Servers
Jun14

Secure Block Storage (SBS) Now Available for Atlantic.Net Cloud Servers

Atlantic.Net, a leading provider of hosting and hosting services to the healthcare industry, has announced the release of Secure Block Storage (SBS) for its cloud servers. The new feature allows Atlantic.Net customers to attach additional storage drives to their cloud servers and easily scale their workloads. SMS allows customers to increase storage on the fly and move data between cloud servers. For total security, data is automatically encrypted at rest and SMS has been designed to provide 99.999% availability. To protect against data loss due to component failure, volumes are automatically replicated multiple times to ensure data can always be recovered. SBS has been developed to be highly scalable, highly redundant, easily accessible, and easy to use. SBS can be used for file, application, database, or backup storage and is available to all customers on demand. Initially, Atlantic.Net is launching SBS with an initial deal of 50GB of SMB free for one year and a rate of 7.9 cents per additional GB per month. “Here at Atlantic.Net, we remain steadfast in our commitment to...

Read More
Cofense Launches Free Tool That Checks for SaaS Applications Using Corporate Domains
Jun08

Cofense Launches Free Tool That Checks for SaaS Applications Using Corporate Domains

The anti-phishing solution provider Cofense has launched a new tool that allows organizations to check what Software-as-a-Service (SaaS) applications have been registered by employees using corporate domains. The tool identifies configured cloud services, allowing security teams to check which SaaS applications are in use and take action over unauthorized use of cloud applications by employees. The solution will query a corporate domain against a list of commonly used SaaS applications and will return a list of all SaaS applications that are in use, highlighting applications that have been provisioned without prior approval from the IT department. A file can be downloaded detailing all SaaS applications in use which can be compared with future scans to identify new SaaS applications that have been provisioned since the last time the query was run. Shadow IT introduces risks, yet IT departments are often unaware of employees’ activities. Many companies are in the dark about the software used by their employees and the cloud services registered using company domains. This new service...

Read More
Tristar Medical Group Discovers Solution That Reduced its AWS Costs by 60%
May09

Tristar Medical Group Discovers Solution That Reduced its AWS Costs by 60%

Healthcare organizations are increasingly turning to the cloud to meet their IT needs, but while there are many advantages to be gained from migrating applications, infrastructure, and datacenter operations to the cloud, managing cloud costs remains a major challenge. Many healthcare organizations choose AWS EC2 instances for their servers. While the platform meets their needs, the high cost of running AWS EC2 instances – or equivalent instances from other providers – is forcing many healthcare organizations to scale back their cloud migration plans. The cost of running AWS EC2 instances can be considerable. Tristar Medical Group, the largest privately-owned healthcare provider in Australia, runs facilities across the country, spread across multiple time zones. Its clinics need access to servers around the clock and cloud instances were left running 24/7. Tristar soon discovered its strategy was proving prohibitively expensive. While the needs of its clinics were being met, the cost of its virtual desktop infrastructure (VDI) solution was unsustainable. The rising OpEx costs...

Read More
Rackspace Named Leader in Gartner Magic Quadrant for Public Cloud Managed Service Providers
Apr06

Rackspace Named Leader in Gartner Magic Quadrant for Public Cloud Managed Service Providers

Rackspace has been included in the Leader’s Quadrant in Gartner’s 2018 Magic Quadrant for Public Cloud Managed Service Providers, Worldwide. Rackspace was one of 20 public cloud managed service providers assessed for the report, which assesses companies based on their completeness of vision and ability to execute that vision. The report categorizes companies as niche players, contenders, visionaries, and leaders. Companies in the Leaders Quadrant scored highly for both completeness of vision and ability to execute. In this year’s magic Quadrant, only three providers were named as leaders. This is the second consecutive year that Rackspace has been included in the Leaders Quadrant in the Magic Quadrant for Public Cloud Managed Service Providers, Worldwide, which the company puts down to the depth of its portfolio and its expertise in delivering next-generation IT services. “Businesses within every industry are moving to consume IT in a more-agile and cost-efficient manner, as a service, across multiple public and private cloud platforms and technologies. We are constantly adding new...

Read More
Is Liquid Web HIPAA Compliant?
Mar20

Is Liquid Web HIPAA Compliant?

Healthcare organizations searching for a hosting solution may identify Liquid Web as a potential vendor, but is Liquid Web HIPAA compliant? Can its cloud services be used by HIPAA-covered entities for hosting applications and projects that include electronic protected health information? Any healthcare organization that wants to use the cloud to host applications that use the protected health information (PHI) of patients must select a vendor whose service includes safeguards to ensure the confidentiality, integrity, and availability of ePHI that meet the requirements of the HIPAA Security Rule. Cloud service providers, including hosting companies, are classed as business associates since they potentially have access to their clients’ data. While many cloud service providers claim they do not access customers’ data, they are still classed as business associates. HIPAA-covered entities and their business associates must therefore enter into a business associate agreement with the service provider before any ePHI is uploaded to the cloud. Liquid Web Business Associate Agreements...

Read More
Atlantic.Net Achieves SSAE-18  SOC 1 and SOC 2 Certification
Mar15

Atlantic.Net Achieves SSAE-18 SOC 1 and SOC 2 Certification

Atlantic.Net has recently been externally validated per Service Organization Control SSAE 18 SOC 1 and SOC 2 auditing standards and has attained SSAE-18 certification in compliance with AICPA standard principles. Atlantic.Net is one of the first service companies to achieve the certification. To attain certification, Atlantic.Net was audited by the national security and compliance solutions provider, A-Lign. The audit covered organization-wide system controls and how well Atlantic.Net’s controls were designed to achieve the control objectives. The audit also involved tests to determine the operational effectiveness of the controls. The auditor’s report confirmed that Atlantic.net is in full compliance with AICPA Standard Principles and achieved the standard required for certification. “This certification demonstrates the auditor’s confidence in our world class infrastructure, system controls, and our continued mission to deliver excellence to our clients,” said Marty Puranik, CEO of Atlantic.Net. “Authenticating these processes to ensure our clients are provided with consistent,...

Read More
Organizations Adopting the Cloud for Data, Application and Services are Sacrificing Security
Mar15

Organizations Adopting the Cloud for Data, Application and Services are Sacrificing Security

Palo Alto Networks has released the findings of a new survey conducted on organizations in Europe and the Middle East that are actively adopting the cloud. The survey examined efforts to maintain cybersecurity across the entire organization as businesses start to utilize cloud environments to meet their data, application, and services needs. The survey has revealed the rush to the cloud has meant sacrificing security, with cloud environments not nearly as well protected as networks and endpoints. These shortcuts on security are leaving many organizations exposed to risk. Cybersecurity professionals in businesses that are actively adopting the cloud were polled and asked about the state of cybersecurity in their cloud and hybrid cloud environments. More than half of polled cybersecurity professionals– 54% – report misalignment between the cybersecurity department and the rest of the business on cloud and cybersecurity issues. While cybersecurity professionals believe security is a top priority for the public cloud, fewer than half of respondents believe current cybersecurity...

Read More
Is Office 365 HIPAA Compliant?
Mar12

Is Office 365 HIPAA Compliant?

Is Microsoft Office 365 HIPAA compliant? Can healthcare organizations use Office 365 and remain in compliance with HIPAA and HITECH Act Rules? What is Office 365? Office 365 is a suite of subscription products developed by Microsoft that includes Word, Excel, PowerPoint, OneNote, Outlook, Publisher, and Access. Office 365 for Healthcare Microsoft is willing to enter into a business associate agreement (BAA) with HIPAA covered entities for Office 365 and Microsoft Dynamics CRM Online, provided the latter is purchased through Volume Licensing Programs or the Dynamics CRM Online Portal. The Microsoft BAA also covers the use of the Microsoft Azure cloud platform. Microsoft does not demand that a BAA be obtained prior to use of Office 365, as the BAA is automatically made available to customers with an online service contract. However, HIPAA covered entities should obtain a BAA prior to use of Office 365 in conjunction with any electronic protected health information (ePHI). They should also specify an administrative contact. In the event of a security breach, the administrative contact...

Read More
HIMSS Survey Reveals Top Healthcare Security Threats
Mar09

HIMSS Survey Reveals Top Healthcare Security Threats

HIMSS has published the results of its annual healthcare cybersecurity survey, which provides insights into the state of cybersecurity in healthcare and identifies the top healthcare security threats. The HIMSS 2018 cybersecurity survey was conducted on 239 respondents from the healthcare industry between December 2017 and January 2018. The results of the survey were announced at the HIMSS 2018 Conference & Exhibition in Las Vegas. 36.8% of respondents had positions in executive management and 37.2% were employed in non-executive management positions. The remaining 25.9% were in non-management positions such as cybersecurity specialists and analysts. 41.2% of respondents were primarily responsible for cybersecurity, 32.6% had some responsibility, and 11.8% sometimes had responsibility for cybersecurity. Most Healthcare Organizations Have Experienced a Significant Security Incident in the Past 12 Months The threat of healthcare cyberattacks is greater than ever and the past 12 months has been a torrid year. In the past 12 months, 75.7% of respondents said they had experienced a...

Read More
Is Google Calendar HIPAA Compliant?
Mar07

Is Google Calendar HIPAA Compliant?

Is Google Calendar HIPAA compliant? Can the time management and calendar scheduling service be used by healthcare organizations or would use of the service be considered a violation of HIPAA Rules? This post explores whether Google supports HIPAA compliance for the Google Calendar service.   Google Calendar was launched in 2006 and is part of Google’s G Suite of products and services. Google Calendar could potentially be used for scheduling appointments, which may require protected health information to be added. Uploading any protected health information to the cloud is not permitted by the HIPAA Privacy Rule unless certain HIPAA requirements have first been satisfied. A risk analysis must be conducted to assess potential risks to the confidentiality, integrity, and availability of ePHI. Risks must be subjected to a HIPAA-compliant risk management process and reduced to an acceptable level. Access controls must be implemented to ensure that ePHI can only be viewed by authorized individuals, appropriate security controls must be in place to prevent unauthorized disclosures, and an...

Read More
Connectria Gains AWS Healthcare Competency for Third Successive Year
Mar05

Connectria Gains AWS Healthcare Competency for Third Successive Year

Connectria has announced it has gained Amazon Web Services (AWS) Healthcare Competency for the third successive year, demonstrating the company is capable of delivering a HIPAA compliant service in AWS for its healthcare customers. AWS Healthcare Competency is one of several Competencies under the AWS Competency Program. The program was created by AWS to demonstrate which members of the AWS Partner Network (APN) were technically proficient in delivering specialized solutions for specific industry sectors and could demonstrate proven customer successes. Companies that achieve the AWS Healthcare Competency can differentiate themselves from others by demonstrating their level of expertise in helping healthcare providers, health plans, healthcare clearinghouses and business associates of HIPAA-covered entities migrate to the cloud. In order to achieve AWS Healthcare Competency, Connectria underwent a rigorous audit of its cloud-based solutions for the healthcare sector. The company demonstrated technical proficiency in building and delivering HIPAA-compliant cloud solutions on the AWS...

Read More
Is Google Forms HIPAA Compliant?
Feb27

Is Google Forms HIPAA Compliant?

Google Forms is a convenient tool for creating surveys and gaining feedback from customers, but is it suitable for use by healthcare organizations? Is Google Forms HIPAA compliant or is its use likely to be a violation of HIPAA Rules? Before any cloud-based service can be used by HIPAA covered entities or their business associates in connection with PHI, it is first necessary to enter into a business associate agreement with the service provider. Without a business associate agreement in place, use of the service would be considered a HIPAA violation. Google and Business Associate Agreements with HIPAA Covered Entities Google is prepared to enter into a business associate agreement with HIPAA covered entities and their business associates and offers its own BAA in which Google provides satisfactory assurances – as required by HIPAA – that the Privacy, Security, and Breach Notification Rule requirements will be followed. The BAA does not cover all Google services, but Google Drive – of which Google Forms is part – is covered by the BAA. Obtaining a BAA from a service provider is...

Read More
What Covered Entities Should Know About Cloud Computing and HIPAA Compliance
Feb19

What Covered Entities Should Know About Cloud Computing and HIPAA Compliance

Healthcare organizations can benefit greatly from transitioning to the cloud, but it is essential to understand the requirements for cloud computing to ensure HIPAA compliance. In this post we explain some important considerations for healthcare organizations looking to take advantage of the cloud, HIPAA compliance considerations when using cloud services for storing, processing, and sharing ePHI, and we will dispel some of the myths about cloud computing and HIPAA compliance. Myths About Cloud Computing and HIPAA Compliance There are many common misconceptions about the cloud and HIPAA compliance, which in some cases prevent healthcare organizations from taking full advantage of the cloud, and in others could result in violations of HIPAA Rules. Some of the common myths about cloud computing and HIPAA compliance are detailed below: Use of a ‘HIPAA compliant’ cloud service provider will ensure HIPAA Rules are not violated False: A cloud service provider can incorporate all the necessary safeguards to ensure the service or platform can be used in a HIPAA compliant manner, but it is...

Read More
Microsoft Gold Status of Cloud Platform Competency Achieved by Connectria
Feb08

Microsoft Gold Status of Cloud Platform Competency Achieved by Connectria

Connectria has announced it has achieved Microsoft’s Gold Status for Cloud Platform Competency for its expertise and use of Microsoft Azure. The Microsoft Cloud Platform Competency was designed for Microsoft Partners to help them capitalize on the increasing demand for infrastructure as-a-service and software as-a-service running in Microsoft Azure cloud environments. Achieving a Gold or Silver standard helps companies differentiate their services within the Microsoft Partner ecosystem and demonstrate to their customers they have considerable expertise in running IaaS and SaaS on Azure. The Microsoft Cloud Platform Competency is awarded to companies that have demonstrated expertise in Microsoft Azure environments, with the Gold status awarded to companies who have completed rigorous Microsoft Technical Assessments and are maintaining a certain level of core Microsoft Certified Professionals on staff. Companies must also show they have applied that expertise to help their customers and must submit customer references to demonstrate past successes on Microsoft Azure. In order to...

Read More
92% of U.S. Companies “Vulnerable” to Data Threats
Jan29

92% of U.S. Companies “Vulnerable” to Data Threats

A survey conducted on behalf of global data security company Thales by 451 Research has revealed that 92% of U.S. companies are “vulnerable” to data threats, yet only 86% of respondents plan to increase IT spending in 2018. The annual survey asked more than 1,200 senior security executives about their cybersecurity spending priorities over the coming year. The results of the survey formed the backbone of the Thales 2018 Data Threat Report, in which it was revealed that 46% of U.S. respondents had experienced a data breach in the previous twelve months (up from 24% in the 2017 report). Possibly due to their recent experiences, 92% of U.S. respondents said they were vulnerable to data threats. 53% of the U.S. companies surveyed said they were either “very vulnerable” or “extremely vulnerable” – an increase from 29% in the 2017 report – with more than half or respondents citing “privileged users” as the biggest threat to data security. However, whereas “securing data at rest” was considered to be the most effective defense against data breaches, only 44% of U.S. companies...

Read More
Is Google Docs HIPAA Compliant?
Jan23

Is Google Docs HIPAA Compliant?

Is Google Docs HIPAA compliant? Is it permitted to upload documents containing protected health information to Google Docs, or would that violate HIPAA Rules? In this post we will assess Google Docs and determine whether Google is a HIPAA compliant and whether it can be used safely and securely by HIPAA-covered entities and business associates for sharing PHI. Does Google Docs Encrypt Data? In order for Google Docs to be HIPAA compliant, stored data must be encrypted. Data must also be encrypted during uploading and downloading. We can confirm that Google uses 128-bit or stronger Advanced Encryption Standard (AES) to protect data in transit to the platform, and between and in its data centers. Is Google Considered a Conduit? The Department of Health and Human Services has made it clear in recent guidance that cloud service providers are not – in the vast majority of cases – considered conduits, so the HIPAA Conduit Exception Rule does not apply. Instead, cloud service providers are classed as business associates, even if the service provider does not access data stored in customer...

Read More
Allscripts Ransomware Attack Impacts Cloud EHR and EPCS Services
Jan22

Allscripts Ransomware Attack Impacts Cloud EHR and EPCS Services

An Allscripts ransomware attack occurred on Thursday January 18, resulting in several of the firm’s applications being taken offline, including its cloud EHR and electronic prescriptions platform. The attack came just a few days after two Indiana hospitals experienced SamSam ransomware attacks. The Allscripts ransomware attack is also believed to have involved a variant of SamSam ransmware – a ransomware family extensively used in attacks on healthcare providers. Allscripts is a popular electronic health record (EHR) system and Electronic Prescriptions for Controlled Substances (EPCS) provider, with its platform used by many U.S healthcare organizations, including 2,500 hospitals and 19,000 post-acute care organizations. More than 180,000 physicians, 100,000 electronic prescribing physicians, and 40,000 in-home clinicians use Allscripts. The Allscripts ransomware attack commenced in the early hours of Thursday morning. Rapid action was taken to remove the ransomware and restore data, with the incident response teams at Microsoft and Cisco called in to assist. An investigation...

Read More
The HIPAA Conduit Exception Rule and Transmission of PHI
Jan19

The HIPAA Conduit Exception Rule and Transmission of PHI

The HIPAA Conduit Exception Rule is a source of confusion for many HIPAA covered entities, but it is essential that this aspect of HIPAA is understood. Failure to correctly classify a service provider as a conduit or a business associate could see HIPAA Rules violated and a significant financial penalty issued for noncompliance. The HIPAA Omnibus Final Rule and Business Associates On January 25, 2013, the HIPAA Omnibus Final Rule was issued. The HIPAA Omnibus Final Rule introduced a swathe of updates to HIPAA Rules, including the incorporation of the Health Information Technology for Economic and Clinical Health (HITECH) Act. HIPAA Omnibus Final Rule included an update to the definition of a business associate. Prior to January 25, 2013, a business associate was a person or entity that creates, receives, or transmits protected health information (PHI) on behalf of a covered entity. The Omnibus rule added ‘maintains’ to that definition. That meant companies that store electronic information – or physical records – are considered business associates. The Omnibus Rule also...

Read More
Achieving HIPAA Compliant File Sharing In and Outside the Cloud
Jan12

Achieving HIPAA Compliant File Sharing In and Outside the Cloud

HIPAA compliant file sharing consists of more than selecting the right technology to ensure the security, integrity and confidentiality of PHI at rest or in transit. Indeed, you could implement the most HIPAA compliant file sharing technology available and still be a long way short of achieving HIPAA compliance. It is not the technology that is at fault. Many Covered Entities and Business Associates fail to configure the technology properly or train employees how to use the technology in compliance with HIPAA. According to a recent IBM X-Force Threat Intelligence Report, 46% of data breaches in the healthcare industry are attributable to “inadvertent actors”. Of the remaining 54% of data breaches in the healthcare industry, 29% are attributable to “outsiders”, while the remaining 25% are the work of “malicious insiders”. Therefore, if a Covered Entity implements HIPAA compliant file sharing technology, but fails to configure it properly, train employees how to use it compliantly, or introduce mechanisms to monitor access to PHI, it may only be 29% of the way towards achieving HIPAA...

Read More
Is Azure HIPAA Compliant?
Jan05

Is Azure HIPAA Compliant?

Is Azure HIPAA compliant? Can Microsoft’s cloud services be used by HIPAA covered entities without violating HIPAA Rules? Many healthcare organizations are considering moving some of their services to the cloud, and a large percentage already have. The cloud offers considerable benefits and can help healthcare organizations lower their IT costs, but what about HIPAA? HIPAA does not prohibit healthcare organizations from taking advantage of cloud services; however, it does place certain restrictions on the services that can be used, at least as far as protected health information is concerned. Most healthcare organizations will consider the three main providers of cloud services: Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. We have already covered AWS HIPAA compliance here, but what about Azure? Is Azure HIPAA compliant? Is Azure HIPAA Compliant? Before any cloud service can be used by healthcare organizations, they must first enter into a business associate agreement with the service provider. Under HIPAA Rules, cloud service providers are considered...

Read More
Email Archiving Service Added to the Cyren Cloud Security Platform
Jan03

Email Archiving Service Added to the Cyren Cloud Security Platform

Cyren, a provider of DNS, email, and web security solutions, has announced the inclusion of a new email archiving service in its Cloud Security Platform. The platform can be used to keep business email messages secure while ensuring compliance with state and federal email retention regulations. Cyren’s Security-as-a-Service platform combines web security, email security, DNS security, cloud sandboxing, and email archiving into a single cloud-based platform that can be accessed, monitored, and managed through a single web-based administration control panel. The new release comes in response to requests by customers to provide complimentary services to the platform related to email management. Being cloud-based, the solution allows additional services to be easily rolled out to customers, something that would not be possible with appliance-based solutions. The latest addition helps organizations meet their email management compliance obligations, safely and securely store vast quantities of emails without the need for on-premises storage, and ensures all messages can be quickly and...

Read More
Cybersecurity Best Practices for Travelling Healthcare Professionals
Dec27

Cybersecurity Best Practices for Travelling Healthcare Professionals

In its December cybersecurity newsletter, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) offered cybersecurity best practices for travelling healthcare professionals to help them prevent malware infections and the exposure of patients’ protected health information (PHI). Many healthcare professionals will be travelling to see their families over the holidays and will be taking work-issued devices with them on their travels, which increases the risk to the confidentiality, integrity, and availability of PHI. Using work-issued laptops, tablets, and mobile phones in the office or at home offers some protection from cyberattacks and malware infections. Using the devices to connect to the Internet at cafes, coffee shops, hotels, and other Wi-Fi access points increases the risk of a malware infection or man-in-the-middle attack. Even charging portable devices via public USB charging points at hotels and airports can see malware transferred. Not only will malware and cyberattacks potentially result in data on the device being exposed, login credentials can...

Read More
70% of Healthcare Organizations Have Adopted Off-Premises Computing
Dec15

70% of Healthcare Organizations Have Adopted Off-Premises Computing

A recent survey of 144 U.S-based healthcare organizations has shown the majority have already adopted off-premises computing for applications and IT infrastructure. The popularity of off-premises solutions is growing steadily. The KLAS Research study revealed 70% of healthcare organizations have moved at least some of their applications and IT infrastructure to the cloud. Out of the organizations that have, almost 60% are using a cloud or hosting environment for EHR applications. 69% of healthcare organizations said they would consider utilizing off-premises cloud solutions, or are actively expanding the use of those solutions. Cerner is the leader in off-premises computing for EHR applications, although Epic is attracting considerable interest, with many of its customers considering switching from its on-premises solutions to its data center. One of the fastest growing areas is Infrastructure-as-a-Service (IaaS) as it enables healthcare organizations to leverage off-premise infrastructure rather than having to build a data center. Amazon leads the way in this area and is the...

Read More
Electronic Records and HIPAA Compliance
Nov24

Electronic Records and HIPAA Compliance

Make sure you understand the relationship between electronic records and HIPAA compliance. It can be more complicated than many Covered Entities believe. Security Officers in the healthcare industry with a responsibility for electronic records and HIPAA compliance have plenty to keep themselves occupied. In the majority of healthcare-related organizations across the country, thousands of electronic health records (ePHI) are being created every day before being used, transmitted and stored. Maintaining the integrity of ePHI is a key element of compliance with HITECH and the HIPAA Security Rule; yet, when you look at the big picture, the scale of the requirement is staggering. Not only does ePHI created and used within an organization have to be safeguarded, but also ePHI transmitted outside of an organization´s network, and ePHI stored in the cloud. Start by Conducting a Risk Analysis One of the primary issues with electronic records and HIPAA compliance is that the technical, physical and administrative safeguards of the HIPAA Security Rule were published three years before...

Read More
MongoDB and AWS Incorporate New Security Controls to Prevent Data Breaches
Nov10

MongoDB and AWS Incorporate New Security Controls to Prevent Data Breaches

Amazon has announced that new safeguards have been incorporated into its cloud server that will make it much harder for users to misconfigure their S3 buckets and accidentally leave their data unsecured. While Amazon will sign a business associate agreement with HIPAA-covered entities, and has implemented appropriate controls to ensure data can be stored securely, but user errors can all too easily lead to data exposure and breaches. Those breaches show that even HIPAA-compliant cloud services have potential to leak data. This year has seen many organizations accidentally leave their S3 data exposed online, including several healthcare organizations. Two such breaches were reported by Accenture and Patient Home Monitoring. Accenture was using four unsecured cloud-based storage servers that stored more than 137 GB of data including 40,000 plain-text passwords. The Patient Home Monitoring AWS S3 misconfiguration resulted in the exposure of 150,000 patients’ PHI. In response to multiple breaches, Amazon has announced that new safeguards have been implemented to alert users to exposed...

Read More
Liquid Web Confirmed as Meeting HIPAA and HITECH Act Requirements
Nov10

Liquid Web Confirmed as Meeting HIPAA and HITECH Act Requirements

Liquid Web, a provider of managed hosting services to web professionals and SMBs, has undergone a third-party audit and has demonstrated its dedicated and cloud dedicated solutions are compliant with Health Insurance Portability and Accountability Act (HIPAA) Rules and Health Information Technology for Economic and Clinical Health (HITECH) Act requirements. The audit was performed by the independent accounting firm UHY LLP, which validated Liquid Web’s dedicated and cloud dedicated solutions and its policies, procedures, and practices as meeting the minimum standards outlined in the Privacy and Security Rules of HIPAA and the requirements of the HITECH Act. Liquid Web has implemented administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI) that is collected, stored, processed, or transmitted by its healthcare clients through its cloud solutions. As a cloud service provider, Liquid Web is classed as a business associate under HIPAA. Business associates of HIPAA-covered entities...

Read More
Is G Suite HIPAA Compliant?
Nov03

Is G Suite HIPAA Compliant?

Is G Suite HIPAA compliant? Can G Suite be used by HIPAA-covered entities without violating HIPAA Rules? Google has developed G Suite to include privacy and security protections to keep data secure, and those protections are of a sufficiently high standard to meet the requirements of the HIPAA Security Rule. Google will also sign a business associate agreement (BAA) with HIPAA covered entities. So, is G Suite HIPAA compliant? G Suite can be used without violating HIPAA Rules, but HIPAA compliance is more about the user than the cloud service provider. Making G Suite HIPAA Compliant (by default it isn’t) As with any secure cloud service or platform, it is possible to use it in a manner that violates HIPAA Rules. In the case of G Suite, all the safeguards are in place to allow HIPAA covered entities to use G Suite in a HIPAA compliant manner, but it is up to the covered entity to ensure that G Suite is configured correctly. It is possible to use G Suite and violate HIPAA Rules. Obtain a BAA from Google One important requirement of HIPAA is to obtain a signed, HIPAA-compliant...

Read More
47GB of Medical Records and Test Results Found in Unsecured Amazon S3 Bucket
Oct11

47GB of Medical Records and Test Results Found in Unsecured Amazon S3 Bucket

Researchers at Kromtech Security have identified another unsecured Amazon S3 bucket used by a HIPAA-covered entity. The unsecured Amazon S3 bucket contained 47.5GB of medical data relating to an estimated 150,000 patients. The medical data in the files included blood test results, physician’s names, case management notes, and the personal information of patients, including their names, addresses, and contact telephone numbers. The researchers said many of the stored documents were PDF files, containing information on multiple patients that were having weekly blood tests performed. In total, approximately 316,000 PDF files were freely accessible. The tests had been performed in patient’s homes, as requested by physicians, by Patient Home Monitoring Corporation. Kromtech researchers said the data could be accessed without a password. Anyone with an Internet connection, that knew where to look, could have accessed all 316,000 files. Whether any unauthorized individuals viewed or downloaded the files is not known. The researchers were also unable to tell how long the Amazon S3 bucket...

Read More
53% of Businesses Have Misconfigured Secure Cloud Storage Services
Oct09

53% of Businesses Have Misconfigured Secure Cloud Storage Services

The healthcare industry has embraced the cloud. Many healthcare organizations now use secure cloud storage services to host web applications or store files containing electronic protected health information (ePHI). However, just because secure cloud storage services are used, it does not mean data breaches will not occur, and neither does it guarantee compliance with HIPAA. Misconfigured secure cloud storage services are leaking sensitive data and many organizations are unaware sensitive information is exposed. A Business Associate Agreement Does Not Guarantee HIPAA Compliance Prior to using any cloud storage service, HIPAA-covered entities must obtain a signed business associate agreement from their service providers. Obtaining a signed, HIPAA-compliant business associate agreement prior to the uploading any ePHI to the cloud is an important element of HIPAA compliance, but a BAA alone will not guarantee compliance. ePHI can easily be exposed if cloud storage services are not configured correctly. As Microsoft explains, “By offering a BAA, Microsoft helps support your HIPAA...

Read More
Is OneDrive HIPAA Compliant?
Sep30

Is OneDrive HIPAA Compliant?

Many covered entities want to take advantage of cloud storage services, but can Microsoft OneDrive be used? Is OneDrive HIPAA compliant? Many healthcare organizations are already using Microsoft Office 365 Business Essentials, including exchange online for email. Office 365 Business Essentials includes OneDrive Online, which is a convenient platform for storing and sharing files. Microsoft Supports HIPAA-Compliance There is certainly no problem with HIPAA-covered entities using OneDrive. Microsoft supports HIPAA-compliance and many of its cloud services, including OneDrive, can be used without violating HIPAA Rules. That said, before OneDrive – or any cloud service – can be used to create, store, or send files containing the electronic protected health information of patients, HIPAA-covered entities must obtain and sign a HIPAA-compliant business associate agreement (BAA). Microsoft was one of the first cloud service providers to agree to sign a BAA with HIPAA-covered entities, and offers a BAA through the Online Services Terms. The BAA includes OneDrive for Business, as well...

Read More
Atlantic.Net Cloud Platform Automatically Encrypts Data At Rest
Aug30

Atlantic.Net Cloud Platform Automatically Encrypts Data At Rest

Healthcare organizations looking to use the cloud for storing ePHI or hosting applications that interact with ePHI require world-class hosting services with top grade security. To further meet the needs of healthcare clients, Atlantic.Net has implemented a cloud platform that automatically encrypts all customer data at rest for maximum protection against unauthorized data access. World-class encryption mechanisms are used to encrypt data at the storage layer. For ease of use, the encryption takes place in a transparent manner and requires no configuration to reduce the potential for user error. The default encryption setting is part of Atlantic.Net’s ongoing efforts to ensure the privacy of all customer data. Atlantic.Net believes customer privacy is paramount, and a security setting as important as encryption should not be an optional or add-on feature. Encryption is provided to all customers free of charge. Prior to being written to disk, all data is encrypted using the Advanced Encryption Standard 256-bit (AES-256) cipher. AES256 is the only cipher approved by the NSA for...

Read More
Surgical Dermatology Group Informs Patients of Cloud Services Provider Breach
Aug14

Surgical Dermatology Group Informs Patients of Cloud Services Provider Breach

Hackers have gained access to a server maintained by cloud hosting and server management provider TekLinks and have potentially accessed/copied the protected health information of patients of Surgical Dermatology Group in Birmingham, AL. The intrusion was discovered on or around May 1, 2017, although the breach investigation revealed access to the server was first gained on March 23, 2017. TekLinks said access to the server was blocked on May 1, and its monitoring systems showed no access took place between April 22 and May 1, although it is possible data were viewed or copied in the previous four weeks. Surgical Dermatology Group has been working with forensic investigators to determine the nature and scope of the breach and reports that a wide range of protected health information was potentially accessed. The types of data stored on the compromised server includes patients’ names, home and work telephone numbers, cell phone numbers, addresses, email addresses, medical record numbers, patient ID numbers, Social Security numbers, health plan numbers, details of charges and...

Read More
Is Google Drive HIPAA Compliant?
Jul21

Is Google Drive HIPAA Compliant?

Google Drive is a useful tool for sharing documents, but can those documents contain PHI? Is Google Drive HIPAA compliant? Is Google Drive HIPAA Compliant? The answer to the question, “Is Google Drive HIPAA compliant?” is yes and no. HIPAA compliance is less about technology and more about how technology is used. Even a software solution or cloud service that is billed as being HIPAA-compliant can easily be used in a manner that violates HIPAA Rules. G Suite – formerly Google Apps, of which Google Drive is a part – does support HIPAA compliance. The service does not violate HIPAA Rules provided HIPAA Rules are followed by users. G Suite incorporates all of the necessary controls to make it a HIPAA-compliant service and can therefore be used by HIPAA-covered entities to share PHI (in accordance with HIPAA Rules), provided the account is configured correctly and standard security practices are applied. The use of any software or cloud platform in conjunction with protected health information requires the vendor of the service to sign a HIPAA-compliant business...

Read More
OCR Draws Attention to Risks from File Sharing Tools and Cloud Computing
Jul03

OCR Draws Attention to Risks from File Sharing Tools and Cloud Computing

File sharing and collaboration tools offer many benefits to HIPAA-covered entities, although the tools can also introduce risks to the privacy and security of electronic health information.  Many companies use these tools, including healthcare organizations, yet they can easily lead to the exposure or disclosure of sensitive data. The Department of Health and Human Services’ Office for Civil Rights has recently issued a reminder to covered entities and business associates of the potential risks associated with file sharing and collaboration tools, explaining the risks these services can introduce and how covered entities can use these services and remain in compliance with HIPAA Rules. While file sharing tools and cloud computing services may incorporate all the necessary protections to ensure data is secured and cannot be accessed by unauthorized individuals, over the past few years there have been numerous cases where human error has resulted in misconfigurations. Those errors have led to data breaches. A Metalogix survey conducted by the Ponemon Institute revealed that one in...

Read More
Palo Alto Networks Launches New Cloud-Based Security Service for Mobile Users
Jun14

Palo Alto Networks Launches New Cloud-Based Security Service for Mobile Users

Palo Alto Networks has launched a new cloud-based security service that can be used to protect remote locations and users of mobile devices via the Palo Alto Networks Next-Generation Security Platform and apply security controls such as URL Filtering and Threat Prevention. Many businesses operate across multiple locations and have a highly distributed workforce. The new Palo Alto Networks GlobalProtect cloud service makes it easier for businesses to secure remote networks and protect mobile users without backhauling traffic to the corporate network or using multiple point products. The new Palo Alto Networks GlobalProtect cloud service protects all employees via the Palo Alto Networks Next-Generation Security Platform, regardless of where they are located. The GlobalProtect cloud service allows administrators to easily add new locations and mobile workers and implement and update security policies as required. The service is always on and kept up to date and helps organizations ensure consistent security for the entire organization, regardless of location or the devices used. With...

Read More
HIPAA Enforcement Update Provided by OCR’s Iliana Peters
May25

HIPAA Enforcement Update Provided by OCR’s Iliana Peters

Office for Civil Rights Senior Advisor for HIPAA Compliance and Enforcement, Iliana Peters, has given an update on OCR’s enforcement activities in a recent Health Care Compliance Association ‘Compliance Perspectives’ podcast. OCR investigates all data breaches involving the exposure of theft of more than 500 healthcare records. OCR also investigates complaints about potential HIPAA violations. Those investigations continue to reveal similar non-compliance issues. Peters said many issues come up time and time again. Peters confirmed that cases are chosen to move on to financial settlements when they involve particularly egregious HIPAA violations, but also when they relate to aspects of HIPAA Rules that are frequently violated. The settlements send a message to healthcare organizations about specific aspects of HIPAA Rules that must be addressed. Peters said one of the most commonly encountered problems is the failure to conduct a comprehensive, organization-wide risk assessment and ensure any vulnerabilities identified are addressed through a HIPAA-compliant risk management...

Read More
Greenway Health Ransomware Attack Stops 400 Clients from Accessing EHRs
May02

Greenway Health Ransomware Attack Stops 400 Clients from Accessing EHRs

Tampa, Florida-based practice management software and EHR vendor, Greenway Health, has experienced a ransomware attack that has affected around 5% of its client base – approximately 400 healthcare organizations. It is unclear whether the ransomware infection resulted in EHR data being encrypted, although clients were temporarily prevented from accessing the cloud-based Intergy EHR/medical management platform. Those clients were forced to resort to using pen and paper while Greenway Health worked to restore its system. Fortunately, all client data were backed up and could be recovered, although that process took time. On April 22, 2017, third-party rapid response security firms were brought in to remove the infection and restore data. A spokesperson for Greenway Health said the teams were “working around the clock to restore access to affected Intergy hosted customers.”  As of yesterday, around half of affected clients had access to the Intergy system restored. While the cloud-based platform was taken out of action, Greenway Health has not uncovered any evidence to...

Read More
Healthcare Providers Are Wasting Millions on Cloud Hosting
Apr12

Healthcare Providers Are Wasting Millions on Cloud Hosting

A study by Communications for Research showed that healthcare organizations are now spending $40 billion a year on IT programs, while MarketsandMarkets research indicates $3.73 billion of that budget is spent on cloud services. By 2020, cloud spending is expected to triple and reach $9.5 billion. MedGadget healthcare market research suggests there will be a 21.95 percent CAGR for spending on cloud computing by the healthcare industry by 2019. More and more healthcare organizations are seeing the benefits that can be gained from switching to cloud computing, especially as a way of reducing IT spending. The public cloud is elastic and capacity can be increased or decreased on demand, but the reality is most organizations use of the cloud involves considerable wastage. Organizations are paying for the public cloud and are ensuring their instances have sufficient capacity, yet for a lot of the time much of the capacity that is paid for is redundant. The 2017 Rightscale State of the Cloud Report suggests 46% of enterprises are carefully monitoring cloud use and are rightsizing their...

Read More
TitanHQ Partnership with ADTRAN Enables MSPs to Deliver Cloud-Based Security Solutions
Apr11

TitanHQ Partnership with ADTRAN Enables MSPs to Deliver Cloud-Based Security Solutions

TitanHQ has announced a new partnership with ADTRAN, the leading global provider of communications and networking equipment. The partnership will see ADTRAN expand its ProCloud Subscription Services Suite to four new solution categories to better meet the needs of managed service providers (MSPs). The ProCloud Subscription Services Suite brings together industry-leading cloud-based solutions to allow MSPs to better meet the needs of their customers. The four solution categories that now comprise the suite of services are ProCloud Unified Communications, ProCloud Analytics, ProCloud Network Management and ProCloud Security. TitanHQ’s cloud-based web filtering solution – WebTitan – and cloud-based spam filtering solution – SpamTitan – have been added to the ProCloud Security solution. WebTitan allows organizations to carefully control the web content that can be accessed by employees while protecting organisations from a wide range of web-borne threats such as phishing websites and downloads of ransomware and malware.  SpamTitan is a full-service email security solution that...

Read More
Quarter of Healthcare Organizations Do Not Encrypt Data Stored in the Cloud
Apr04

Quarter of Healthcare Organizations Do Not Encrypt Data Stored in the Cloud

A recent survey by HyTrust has revealed that a quarter of healthcare organizations do not use encryption to protect data at rest in the cloud, even though the lack of encryption potentially places sensitive data – including the protected health information of patients – at risk of being exposed. Amazon Web Service (AWS) one of the most popular choices with the healthcare industry, although many healthcare organizations are using multiple cloud service providers. 38% of respondents said they had a multi-cloud environment and 63% of respondents said they were planning to use multiple cloud service providers in the future. 63% of healthcare organizations said they were using the public cloud to store data. When asked about their main concerns, data security came top of the list – with 82% of surveyed healthcare organizations rating security as their number one concern. Despite the concerns about data security, encryption is not always employed. As Eric Chiu, co-founder and president of HyTrust explained, “For these care delivery organizations, choosing a flexible cloud security...

Read More
Securly Launches Anycast DNS powered Internet Filtering Service
Mar31

Securly Launches Anycast DNS powered Internet Filtering Service

Securly has announced that its K12 web filtering solution is now being served through Anycast DNS on AWS. Anycast DNS speeds up the load time of websites by routing the user to the nearest server to the user’s location. Websites can be located on servers all over the world, which will naturally involve some latency when the user is some distance away from the server. Anycast DNS essentially brings that content closer. Typically, a content distribution network (CDN) is used to achieve this. A CDN is a network of proxy servers and data centers through which web content can be served to reduce latency and ensure availability. Servers are chosen based on which is the closest and has the lowest latency. While CDNs are effective at speeding up the loading of static or cached web content, they do not work so well for dynamic content and do not work with Internet protocols such as DNS. Anycast DNS solves that problem. Anycast allows different web servers to share the same IP address, which means clients requests can be taken to the nearest web server serving that content – the server with...

Read More
Atlantic.Net Customers Enjoy 100x Speed Boost with New SSD Cloud VPS Hosting Platform
Mar18

Atlantic.Net Customers Enjoy 100x Speed Boost with New SSD Cloud VPS Hosting Platform

Atlantic.Net has announced its new SSD Cloud VPS Hosting Platform has now been made available to new and existing customers. Atlantic.Net’s world-class cloud VPS hosting solutions are a popular choice with SMBs and the company has been enjoying sustained growth, particularly in the healthcare and e-commerce sectors. Customers also now have increasing performance requirements and need greater speeds and faster data access. In order to continue to meet customers’ needs, Atlantic.Net invested significantly in new hardware and has now implemented the new solid state drives for its VPS hosting platform. The upgrade is likely to be noticed by existing customers. The new enterprise Solid State Drives are a significant advance on the previous storage hardware and are capable of 100x faster read and write speeds. Customers are most likely to notice the difference in their start up times, which will be considerably faster, and there will be noticeable improvements due to the enhancements to random access time, data transfer rate, and read performance. “Our customer’s ever increasing...

Read More
Multi-Factor Authentication Capability Added to TrueVault Management Console
Mar15

Multi-Factor Authentication Capability Added to TrueVault Management Console

TrueVault, a provider of a HIPAA-compliant cloud storage platform for personally identifiable information, has announced that multi-factor authentication has now been added to the TrueVault Management Console. The TrueVault platform was developed specifically to store personally identifiable information (PII) and protected health information (PHI) to ease the compliance burden on healthcare organizations that are developing cloud-based applications. Rather than having to build HIPAA Security Rule safeguards into their own applications to ensure PII/PHI is protected, TrueVault assumes that responsibility, allowing customers to concentrate on developing the core features of their applications. HIPAA-compliant cloud resources incorporate the necessary safeguards to ensure the confidentiality, integrity, and availability of electronic PII/PHI. Those resources require some form of authentication, such as a username and password, to prevent unauthorized access. Through phishing attacks, social engineering techniques, and human error, passwords may be inadvertently disclosed and could...

Read More
Cisco Launches First Cloud-Based Secure Internet Gateway
Feb09

Cisco Launches First Cloud-Based Secure Internet Gateway

The popularity of Software-as-a-Service (SaaS) applications has grown considerably in recent years. Working practices have changed, and SaaS is well suited to an increasingly mobile workforce. SaaS is certainly not a fad. The use of SaaS is likely to grow considerably over the coming years, with Gartner predicting an increase in SaaS use of 70% by 2018. While branch offices used to connect to the Internet via the corporate network, now many offices are connecting to the Internet directly, which means they bypass many network and Internet security controls. Not only does this increase risk, organizations potentially now lack visibility into threats targeting certain sections of the enterprise. One way organizations have got around this is with the use of virtual private networks (VPNs), although VPNs are not always used by employees. A recent survey conducted by IDG revealed 82% of mobile workers did not always use VPNs. An alternative strategy is to use on-premise web gateway solutions; however, multiple secure web gateways add complexity and latency and are therefore far from an...

Read More
Internet Security as a Service Platform Launched by Cyren
Feb02

Internet Security as a Service Platform Launched by Cyren

Cybersecurity firm Cyren has announced the launch of a new Cyren Cloud Security platform, which combines Internet, email, and DNS security with cloud sandboxing in a single cloud-based platform, with all services accessible through a single pane of glass. Email and web security solutions had previously been developed by Cyren, although both were offered as separate solutions. The combination of these cloud security services into the same platform makes it easier for businesses to implement, configure, and manage the solutions. Cyren Cloud Security 4.0 offers users a single dashboard through which summaries of the web and email threats that have been detected and blocked can be viewed. The dashboard allows administrators to see threat summaries at a glance and drill down for more detailed information. Cyren Cloud Security uses a common policy framework for email and web security services with integrated reporting, license management, and customer onboarding. At the heart of the platform is the Cyren GlobalView Threat Intelligence Cloud, which offers industry leading detection,...

Read More
IoT and Mobile Application Vulnerabilities Not Being Adequately Addressed
Jan31

IoT and Mobile Application Vulnerabilities Not Being Adequately Addressed

Organizations around the world are taking advantage of IoT and mobile applications to improve efficiency, yet too little is being done to ensure the applications are secure.  A key lesson from a recent Ponemon Institute survey is application usability and not just data security should always be factored into application development and cloud cost management or users will resist security measures and find workarounds. Organizations can benefit greatly from IoT and mobile technology, yet it is all too easy for major security risks to be introduced. Hackers are well aware of vulnerabilities in mobile and IoT applications and leverage those vulnerabilities to gain access to networks and sensitive data. IoT infrastructure is vulnerable to attack, although the greatest risks are introduced by embedded software in gateways and the cloud. Many IT security practitioners are well aware of the security risks that can potentially be introduced, yet according to a recent survey conducted by the Ponemon Institute, little is being done to mitigate risk. 593 IT and IT security professionals were...

Read More
69% of IT Security Pros Concerned About Unauthorized Cloud Data Access
Nov17

69% of IT Security Pros Concerned About Unauthorized Cloud Data Access

The adoption of cloud services continues to increase, with 68% of organizations now using at least one cloud service, up from 43% last year. However, the security of data stored in the cloud is still a major concern, according to the second annual Cloud Security Report from Netwrix. For the global Cloud Security Report, Netwrix surveyed 660 companies spread across more than 30 industries. The research shows that while cloud service providers are committing more resources to protecting their infrastructure and customers’ data, they are struggling to convince IT security professionals that adequate protections have been put in place. 7 out of 10 organizations expressed concern about the privacy and security of cloud technology and fewer than half of organizations (44%) that use cloud services believed adequate protections had been implemented by their cloud service providers. The biggest concern was unauthorized data access by employees and third parties. 69% of respondents expressed concern about unauthorized access. The other two main concerns were malware and Denial of Service...

Read More
Physical Therapy Provider Discovers Cloud Storage Account Breach
Oct26

Physical Therapy Provider Discovers Cloud Storage Account Breach

California-based Silver Creek Fitness and Physical Therapy has been alerted to a potential privacy breach by its billing and software vendors. A cloud storage account containing the protected health information of some of its patients had been left unprotected and could be freely accessed via the Internet. An unnamed security researcher discovered an Amazon S3 storage account used by the healthcare provider’s billing and software vendors had been improperly secured. The storage account was accessed by the researcher, who succeeded in downloading information from the account. An investigation into the security breach was launched that showed security protections were not present for a period of four months between May 2016, and September 11, 2016 when the breach was discovered. The storage account contained highly sensitive patient information including names, prescription details, dates of birth, Social Security numbers, driver’s license numbers, progress notes, Medicare numbers, treatment locations and treatment dates. Information was downloaded by the security researcher on...

Read More
Guidance on HIPAA and Cloud Computing Issued by HHS
Oct10

Guidance on HIPAA and Cloud Computing Issued by HHS

The Department of Health and Human Services has released updated guidance on HIPAA and cloud computing to help covered entities take advantage of the cloud without risking a HIPAA violation. The main focus of the guidance is the use of cloud service providers (CSPs). Cloud service providers that are legally separate entities from a HIPAA-covered entity are classed as business associates under HIPAA regulations if the CSP is required to create, receive, maintain, or transmit electronic protected health information (ePHI). A CSP is also classed as a business associate when a business associate of a covered entity subcontracts services to the CSP that involve creating, receiving, maintaining, or transmitting ePHI. It is important to note that even when a HIPAA covered entity, business associate, or subcontractor of a business associate provides ePHI to a CSP in encrypted form, the CSP is still classed as a business associate under HIPAA Rules, even if a key to decrypt the data is not provided. A CSP would not be classed as a business associate and would therefore not be required to...

Read More
Securly Simplifies the Deployment of Cloud-Based Web Filters
Aug10

Securly Simplifies the Deployment of Cloud-Based Web Filters

There are several issues associated with appliance-based web filters. The cost of the appliance, the lack of scalability, problems with deployment, and the bottlenecks they can create when bandwidth-heavy applications are used or streaming services are being accessed by multiple users. These problems have seen many organizations turn to cloud-based filtering solutions. Cloud-based web filters require no hardware, are highly scalable, easy to deploy, and have the same level of granular control as their appliance-based counterparts. Since no expensive hardware is required, they can also offer significant cost advantages over appliance-based web filters. One disadvantage of cloud-based filtering is that it is often necessary to speak to customer service teams to implement the solution. Many organizations struggle to configure the solution on their own. Since customer service teams are usually busy, this can delay the implementation of a cloud-based web filter. Securly is now offering a solution. An entirely self-servable cloud-based web filter that can be set up through a browser...

Read More
Forcepoint Introduces New Technology to Secure Connections for Roaming Workers
Aug01

Forcepoint Introduces New Technology to Secure Connections for Roaming Workers

IT teams may be able to secure their wired and wireless on-premises networks, although it is much harder to secure users’ connections to the Internet when they are outside the corporate network and connect to the Internet via wireless hotspots. Organizations with a high percentage of remote or mobile workers often struggle to secure employees’ devices and provide secure, reliable access to data via third-party networks and public Wi-Fi hotspots. A highly mobile workforce is now becoming the norm with more workers now accessing networks remotely, and that calls for technological solutions to ensure devices and data remain secure.  Unfortunately, while many cloud-based security solutions can be deployed to reduce risk, many do not give IT security teams visibility in the actions taken by remote workers. Many solutions also mask the users’ true locations, which means it is not possible to access localized content and neither enforce geofencing controls. Forcepoint has now developed a solution that helps organizations improve security for a mobile workforce and ensure visibility into...

Read More
Could New Database Methodology End Massive Healthcare Data Breaches?
Jul22

Could New Database Methodology End Massive Healthcare Data Breaches?

If a hacker succeeds in breaking through network security defenses and gains access to patient data, hundreds of thousands of healthcare records can be stolen in an instant. In the case of Anthem, tens of millions of records were obtained by data thieves. However, a new methodology for protecting relational databases has been devised by Washington D.C-based MD and computer scientist, William Yasnoff M.D. Yasnoff, a managing partner of the National Health Information Infrastructure (NHII) Advisors, believes that the new architecture could help healthcare organizations avoid large-scale data breaches. In a paper published in the Journal of Biomedical Informatics, Yasnoff explains that he has developed a new health record storage architecture that allows healthcare organizations to store and encrypt individual patient’s data separately. By using Yasnoff’s “personal grid” methodology, healthcare organizations can greatly reduce the risk to patients in the event of a data breach. The technique is not being sold by Yasnoff, but can be used free of charge by healthcare organizations and...

Read More
Cloud-Based EHR Company Settles with FTC over Alleged Privacy Violations
Jun10

Cloud-Based EHR Company Settles with FTC over Alleged Privacy Violations

Cloud-based EHR company Practice Fusion has agreed to settle a case with the Federal Trade Commission (FTC) after allegedly misleading consumers about the privacy of information collected by the company. In 2012, Practice Fusion sent emails to consumers asking them to write reviews of their healthcare providers in order to populate its healthcare provider directory with data ahead of a planned 2013 launch. Patients names and email addresses were taken from the company’s electronic health record service and emails were sent to patients asking them to review their physicians. Patients were told that the reviews would “help improve your service in the future.” The emails appeared to have been sent by the patients’ healthcare providers. By clicking the link in the email, patients were directed to an online form where they were asked questions relating to their most recent healthcare visit. Patients were provided with a text box on the form where they were able to enter information. Many patients used the text box to submit highly personal information – Information that under HIPAA...

Read More
TigerText´s Secure Messaging Apps Available for Salesforce Health Cloud
Feb29

TigerText´s Secure Messaging Apps Available for Salesforce Health Cloud

TigerText has announced that the integration of its secure messaging apps will be available to extend the capabilities of Salesforce Health Cloud. Salesforce Health Cloud is a patient relationship management solution that enables healthcare providers to gain a complete view of the patient using data from electronic medical records (EMRs) and wearable electronic health apps. The concept behind the management solution is that it enables greater patient engagement across their caregiver networks, enabling healthcare providers to make better informed care decisions. The platform also enables healthcare providers to safely and securely manage patient data. With the addition of TigerText´s secure messaging apps, Salesforce Health Cloud customers will now be able to embed the TigerText secure messaging service in their Health Cloud portals, enabling healthcare providers to conduct HIPAA-compliant conversations for streamlined care coordination and patient handoffs. Communication the Key to Effective Care Delivery According to Joshua Newman – Chief Medical Office at Salesforce...

Read More
TitanHQ Launches Web Filtering Solution for Hospital Wi-Fi Networks
Feb17

TitanHQ Launches Web Filtering Solution for Hospital Wi-Fi Networks

TitanHQ – a world leader in email and web security solutions – has launched a DNS-based Web filtering solution for hospital Wi-Fi networks. Wi-Fi in hospitals has been acknowledged as a feature that increases patient satisfaction and has been associated with faster patient recuperation. Certainly providing patients with a means of communicating with their families via email and social media makes their stay more bearable. However, providing unfiltered Wi-Fi access to patients can have negative consequences. Patients that spend all day live streaming sports events can eat up bandwidth – preventing other patients from being able to access the Internet at all. Patients can access inappropriate web content in eyeshot of other patients or minors, and – potentially a more serious consequence – is the installation of malware and viruses that may not only infect the user´s device, but also the entire Wi-Fi network. TitanHQ has developed a solution for these potential issues – WebTitan Cloud for Wi-Fi. With Wi-Fi filtering for hospitals, administrators...

Read More
NSF Grant Funds Development of Mobile Cloud Dietary Assessment Tool
Jan08

NSF Grant Funds Development of Mobile Cloud Dietary Assessment Tool

Many mHealth apps lack sufficient controls to keep patient data secure. In late 2014, a Trustworthy Health and Wellness (THaW) project funded by the National Science Foundation (NSF) determined that 63% of popular mHealth apps were not encrypting data (out of a test sample of 22), potentially placing data at risk of theft. Furthermore, 81% of mHealth apps were using third party storage or hosting services. The benefits of mHealth apps for patients and healthcare providers are considerable. Unfortunately, healthcare providers wishing to use mHealth apps are prevented from doing so by HIPAA. Unless developers of mHealth apps encrypt stored and transmitted data to a nationally accepted standard, or implement other controls to keep data secure, use of the apps by the healthcare industry will be limited. Secure Mobile Cloud Dietary Assessment Tool Under Development University of Massachusetts Medical School and UMass Lowell have recently embarked on a new National Science Foundation grant funded project to test a new mHealth infrastructure that will allow patient data to be collected...

Read More
Adoption of Cloud Applications by the Healthcare Industry Increases Dramatically
Dec17

Adoption of Cloud Applications by the Healthcare Industry Increases Dramatically

The healthcare industry may have been slow to start using cloud applications, but over the course of the past 12 months, healthcare cloud app adoption has increased significantly. Last year, only 8% of healthcare organizations had started using cloud apps. This year that figure has jumped to 36%. Bitglass Report Shows Major Increase in Healthcare Cloud App Usage While there has been a massive jump in the adoption of cloud apps by healthcare organizations, the industry is still well behind almost all other sectors. Heavy regulation and fears about the security of the cloud has held organizations back. It is a similar story for the financial sector. Uptake has been rapid over the course of the past 12 months, but with an adoption rate of just 37.5%, it is only barely above the healthcare industry. Bitglass figures show an increase of more than 71% in adoption rates across all industries, but there are big differences between regulated and unregulated industries. Last year, 15% of organizations in regulated industries were using cloud applications. This the figure has risen to 39%....

Read More
Managed Security and Compliance Assistance Service Launched by Rackspace
Oct01

Managed Security and Compliance Assistance Service Launched by Rackspace

Rackspace has launched a new Managed Security and Compliance Assistance service to help its customers protect business-critical processes, secure their data, mitigate cybersecurity threats and risks, and achieve their compliance objectives. The new offerings help Rackspace develop holistic security solutions for its customers and ensure compliance in multi-cloud environments. The new offerings allows customers to benefit from the considerable experience of its security experts and implement multi-cloud security best practices, security monitoring, and threat analysis to ensure their environments are properly secured and resilient to cybersecurity threats. The company provides onboarding consultation and deployment to deliver tailored solutions along with ongoing management of customers’ environments to ensure security threats are rapidly identified and remediated. The service helps customers prevent cyberattacks and reduce the potential impact of a cyberattack, while lowering the total cost of ownership of internal security operations centers and other managed service offerings....

Read More
Fortinet Launches Secure Cloud-Managed Enterprise WiFi Solution
Aug12

Fortinet Launches Secure Cloud-Managed Enterprise WiFi Solution

Fortinet has announced it has made several enhancements to its FortiCloud management system and has also introduced a new range of secure Wireless Access Points (APs) that can be managed entirely in the cloud. The updates and new line is part of the company’s drive to dominate the secure wireless networking market, which has been helped by the recent acquisition of Meru Networks: A leading supplier of wireless local area networks (WLANs) to the education, enterprise, hospitality, and healthcare industries. Wireless LAN solutions are convenient for organizations with facilities in multiple locations; however, deploying WLAN solutions is not without challenges. The architecture is often complex as networks need to be segregated, with separate networks used for guests and employees. Multiple WLAN controllers are often required, with separate security appliances also required, adding to both cost and complexity. The alternative is to use cloud-based WiFi solutions, and while there is now much more choice in this area, security remains a major concern. There are many security challenges...

Read More
Extent of Unauthorized Cloud Service Usage by Employees Uncovered
Jun29

Extent of Unauthorized Cloud Service Usage by Employees Uncovered

How many cloud services is your organization using? According to a new report, if the figure is under 928 – the average number of cloud services used by healthcare providers – you may be underestimating the extent to which employees are using the cloud. The data suggest employees are breaching security policies by using cloud services that lack the necessary security controls. If the data collected is representative of the healthcare industry as a whole, HIPAA violations are being committed on a daily, if not hourly basis by healthcare professionals. Benefits of HIPAA-Compliant Cloud Services   There are a number of advantages to be gained from using cloud services. Healthcare providers and other HIPAA-covered entities can cut IT equipment and maintenance costs by hosting data in the cloud. Leveraging cloud services can also improve productivity, and speed up accessing and logging of patient data. A number of healthcare providers have been able to improve patient health outcomes by making use of cloud services. Security Risks Being Taken by Employees   Skyhigh Networks...

Read More
Atlantic.Net Opens NYC Cloud Hosting Center
May04

Atlantic.Net Opens NYC Cloud Hosting Center

Atlantic.Net has continued its expansion by opening a fifth HIPAA cloud data center in New York City (NYC). The NYC data center is now fully operational and the full compliment of Atlantic.Net hosting and cloud hosting services are now being provided through the facility. The company’s infrastructure, owned by Telx, has been growing rapidly in response to increasing demand. The new data center was established to accommodate the growing demand for fast, secure hosting and data storage due to the number of New York startups and the thriving developer communities. Given the target market, it is no surprise that the NYC cloud center has been developed to cater to the needs to the developer community. Atlantic.Net has incorporated developer-friendly features to eliminate unnecessary complexity and ensure the fastest possible deployments. The new features include a host of one-click apps, such as WordPress, Django, LAMP, LEMP, Docker, and Node.js and customers will benefit from superior network speeds. The new data center is located in a seven-story, 179,000 square foot facility in close...

Read More
Cloud Security Adoption: Healthcare and Pharmaceutical Lead the Way
Mar31

Cloud Security Adoption: Healthcare and Pharmaceutical Lead the Way

When it comes to Cloud Security adoption, the healthcare and pharmaceutical industries lead the way according to a recent survey by CipherCloud, an industry leading provider of secure cloud services. Both industries are required to implement safeguards – under the Health Insurance Portability and Accountability Act (HIPAA) – to ensure that Protected Health Information is kept private and confidential, which according to the report is the reason why cloud security adoption is so important and uptake has been so high in these industries. Healthcare and pharmaceuticals have been grouped together in the report, and account for 38% of companies which have chosen to store data securely in the cloud. The banking and finance industry is second, accounting for 25% of companies, with telecommunications third (16%) and the Government in fourth spot (9%). HIPAA does not demand that PHI is encrypted while at rest, although data encryption is an addressable area. If covered-organizations decide not to encrypt data, they must document the reasons why, along with the alternative safeguards...

Read More
HIPAA Compliance and the Cloud
Mar13

HIPAA Compliance and the Cloud

The cloud offers many advantages to healthcare providers and other covered entities. It is possible to use cloud services and remain HIPAA compliant; however, it can be a long and arduous process to obtain all the necessary documentation to confirm that is the case, and if you can’t, you could end up violating HIPAA Regulations. The cloud is convenient and flexible. Covered entities (CEs) can use private and secure cloud services which allow a great deal of customization and there are now a wide range of companies offering cloud based services to the healthcare industry; an industry that has traditionally lagged behind others when it comes to adopting new IT technology. However, any CE using the cloud must exercise extreme caution, especially when it comes to moving data to and it. This is an area well covered by HIPAA regulations. Many healthcare providers have ventured into the cloud already and have implemented their own measures to ensure that PHI is secured. Today, a number of providers of cloud services are taking care of this aspect of the business and are offering “HIPAA...

Read More
AIS Network Announces Launch of HIPAA Compliant Secure Cloud Services
Feb16

AIS Network Announces Launch of HIPAA Compliant Secure Cloud Services

AIS Network has announced the launch of a range of managed High Security Private Cloud services which are fully HIPAA-compliant, and have been developed to offer the highest levels of security as required by the healthcare sector. The company’s new range of services is fully compliant with HIPAA, HITECH, PCI and FISMA, and has been developed specifically for highly regulated industries. Many healthcare providers are reluctant to outsource their IT services, in particular if they require contact with highly sensitive data. Outsourcing payment and patient portals and data storage can increase the risk of committing HIPAA-violations. In order for healthcare providers to make the switch to managed cloud services they must be confident that the service provider they choose understands healthcare regulations and can guarantee 100% HIPAA compliance. Few providers are prepared to give such a guarantee. AIS Network provides a solution with a suite of compliant High Security Cloud Services built on the Microsoft Cloud Platform. This ensures easy integration with existing healthcare...

Read More
Cloud Service Providers Must Comply with HIPAA Regulations
Aug20

Cloud Service Providers Must Comply with HIPAA Regulations

The growing data storage demands placed on healthcare organizations require frequent hardware updates and increasing amounts of space dedicated to servers and IT staff must be employed to manage hardware, update software and maintain networks. Many healthcare companies lack the space or resources to securely store data and outsource their data storage to cloud service providers. The recently introduced HIPAA Omnibus Rule – often referred to as the Megarule due to its extensive changes to existing legislation – updates the Health Insurance Portability and Accountability Act (1996) expanding its reach to include business associates of healthcare companies and their subcontractors. In order to do business in the healthcare sector, IT and data storage companies must now comply with HIPAA regulations and sign a business agreement with the healthcare provide for whom they are providing the service. In the case of cloud hosting companies it is clear that HIPAA regulations apply as the companies are required to store Protected Health Information, even if the data is not actually viewed....

Read More
Caspio HIPAA Enterprise: Compliant Cloud Application Development for the Healthcare Industry
Aug01

Caspio HIPAA Enterprise: Compliant Cloud Application Development for the Healthcare Industry

Caspio, Inc. is the leading provider of custom cloud solutions in the United States. The company’s cloud storage and App development platform lets IT professionals create their own cloud applications to match the exact needs of their businesses without the need for any coding experience. The company’s software has been widely adopted throughout U.S industry, although the strict data security controls demanded by the Health Insurance Portability and Accountability Act (1996) have prevented the healthcare industry from adopting its software. HIPAA places a number of restrictions on healthcare providers to ensure electronic Protected Health Information is secured and unauthorized access is prevented. In order to comply with HIPAA data privacy and security regulations, healthcare organizations must ensure that the appropriate technical, physical and administrative safeguards are put in place to protect ePHI. The same rules also apply to all business associates of HIPAA covered entities and any service provider requiring access to PHI. This extends to companies offering cloud based IT...

Read More
Beware of HIPAA Complaint Cloud Services
May26

Beware of HIPAA Complaint Cloud Services

Gartner, Inc., a Connecticut-based information technology research and advisory firm, has predicted that cloud spending will increase to $150 billion by the end of the year, and that with the increasing costs faced by the healthcare industry, 30% of healthcare organizations will look to the cloud as a way of reducing operating costs and improving efficiency. Under HIPAA regulations, healthcare providers and their Business Associates are permitted to use cloud services, even for activities that require contact with Protected Health Information. Data can be backed up in the cloud, housed in the cloud, and cloud-based software and applications can be developed. Provided of course, that Privacy and Security Rules are adhered to. Care should be taken when choosing “HIPAA Compliant” cloud services, as while products can be compliant with federal regulations, there is no guarantee that this will be the case with any product or service. Regulations do not just cover the service or platform offered, but include administrative requirements, rules on how data is uploaded, downloaded and...

Read More
EdgeWave Launches New Cloud-Based Web Security Solution
Jan30

EdgeWave Launches New Cloud-Based Web Security Solution

EdgeWave has announced the launch of its new enterprise-class web security solution – Cloud Endpoint Security. The web security solution has been developed for enterprise users to secure their endpoints by blocking advanced persistent threats, viruses, ransomware, malware and botnets. The solution can also be configured to block categories of web content that is unacceptable for use in the workplace. There are massive benefits to be gained from allowing end users to access the Internet, although Internet access is far from risk free. Organizations that allow Internet access need to manage risk effectively, which means the use of security solutions that can block access to malicious web content. The new cloud-based web security solution allows enterprises to carefully control the types of web content that employees can access, while blocking a wide-range of web based threats. The solution can be used to protect users and their devices while connected to on premise and off premise networks, creating a safe browsing environment with close to zero latency. The solution is idea...

Read More
Cloud Service Providers Must Become HIPAA Compliant
Jul09

Cloud Service Providers Must Become HIPAA Compliant

On 26th March, 2013 the Omnibus Final Rule of the Health Insurance Portability and Accountability Act came into effect, after a long period of amendments and adjustments. The main purpose of the new legislation is to adjust the HIPAA Privacy and Security Rules and breach notification rules, with this major amendment often referred to as “The HIPAA Mega Rule”. The new rules apply to all HIPAA covered entities and the Department of Health and Human Services will be enforcing the rules; its Office for Civil Rights is due to commence a serious of random audits to check for compliance later this year. The new rules apply not only to healthcare organizations but also their business associates. Under the final rule the definition of business associate has also been changed, and now includes any provider of a service that has contact with electronic protected health information (ePHI). Specifically this means any entity that “creates, receives, maintains, or transmits protected health information (PHI) on behalf of a covered entity”, and they must now agree to abide by the HIPAA Omnibus...

Read More