Amazon Lex is Now HIPAA Compliant
Dec12

Amazon Lex is Now HIPAA Compliant

Amazon has announced that the Amazon Lex chatbot service now supports HIPAA compliance and can be used by healthcare organizations without violating Health Insurance Portability and Accountability Act Rules. Amazon Lex is a service that allows customers to build conversational interfaces into applications using text and voice. It allows the creation of chatbots that use lifelike, natural language to engage with customers, ask questions, collect and give out information, and complete a range of different tasks such as scheduling appointments. The conversational engine that powers Amazon Lex is also used by Amazon Alexa. Until recently, there was limited potential for use of Amazon Lex in healthcare as the solution was not HIPAA-compliant and could therefore not be used in connection with electronic protected health information (ePHI). The service was also not covered by Amazon’s business associate agreement (BAA). On December 11, 2019, Amazon confirmed that Amazon Lex is now included in its AWS business associate agreement (BAA) addendum and that the service is eligible for use with...

Read More
New Alexa Healthcare Skill Helps Patients Manage Their Medications
Dec02

New Alexa Healthcare Skill Helps Patients Manage Their Medications

Amazon has announced that Alexa has a new healthcare skill that patients can use to manage their medications and order prescription refills. Earlier this year, Amazon announced that it has developed a HIPAA-eligible environment for skill developers that incorporates the necessary safeguards to comply with the requirements of the HIPAA Privacy and Security Rules. Amazon set up an invite-only program for a select group of skill developers to create new skills that could benefit patients. The new skill is the result of a collaboration between Amazon and the medication management firm Omnicell. Amazon contacted Omnicell and offered the company the chance to create the new skill after it was noticed that many Alexa users were using their devices to set medication reminders. Amazon had received feedback from several users who requested improvements be made to the reminders feature to allow them to set multiple reminders a day to take their medications. Initially, the new Alexa capabilities will be available to customers of the Giant Eagle pharmacy chain, which operates over 200...

Read More
Smartwatch Data Act Introduced to Improve Privacy Protections for Consumer Health Data
Nov21

Smartwatch Data Act Introduced to Improve Privacy Protections for Consumer Health Data

The Stop Marketing And Revealing The Wearables And Trackers Consumer Health (Smartwatch) Data Act, has been introduced by Sens. Bill Cassidy, M.D., (R-Louisiana) and Jacky Rosen, (D-Nevada). The new legislation will ensure that health data collected through fitness trackers, smartwatches, and health apps cannot be sold or shared without consumer consent. The Health Insurance Portability and Accountability Act (HIPAA) applies to health data collected, received, stored, maintained, or transmitted by HIPAA-covered entities and their business associates. Some of the same information is collected, stored, and transmitted by fitness trackers, wearable devices, and health apps. That information can be used, shared, or sold, without consent. Consumers have no control over who can access their health data. The new legislation aims to address that privacy gap. The bill prohibits the transfer, sale, sharing, or access to any non-anonymized consumer health information or other individually identifiable health information that is collected, recorded, or derived from personal consumer devices to...

Read More
House Committee Leaders Request Answers from Google and Ascension on Project Nightingale Partnership
Nov20

House Committee Leaders Request Answers from Google and Ascension on Project Nightingale Partnership

Leaders of the House Committee on Energy and Commerce are seeking answers from Google and Ascension on Project Nightingale. The Department of Health and Human Services’ Office for Civil Rights has also confirmed that an investigation has been launched to determine if HIPAA Rules have been followed. The collaboration between Google and Ascension was revealed to the public last week. The Wall Street Journal reported that Ascension was transferring millions of patient health records to Google as part of an initiative called Project Nightingale. A whistleblower at Google had contacted the WSJ to raise concerns about patient privacy. A variety of internal documents were shared with reporters on the extent of the partnership and the number of Google employees who had access to Ascension patients’ data. Under the partnership, the records of approximately 50 million patients will be provided to Google, 10 million of which have already been transferred. According to the WSJ report, 150 Google employees are involved with the project and have access to patient data. The whistleblower stated...

Read More
Otava Launches New Suite of Veeam-Powered Cloud Backup Solutions
Nov19

Otava Launches New Suite of Veeam-Powered Cloud Backup Solutions

Otava, a provider of secure, compliant hybrid cloud solution provider for enterprises and channel partners, has announced it has expanded its Veeam-powered offerings with a new suite of Veeam Availability Suite cloud-backup solutions which give its customers greater flexibility and control over their backup and disaster recovery environments. Three new solutions have been added to the Otava portfolio which will help its clients and partners manage all of their cloud backups through a single console. The three new additions are: Otava Cloud Connect, Otava-Managed Cloud Backup, and Self-Managed Cloud Backup. Otava Cloud Connect can be used as a primary or secondary data repository, irrespective of where data resides. This cloud backup solution protects against data loss in the event of a ransomware attack or other malicious cyberattack. The solution incorporates Veeam insider Protection and creates a 7-day backup window with an extra copy of the user’s data which can be used if data is remotely wiped. Otava-Managed Cloud Backup helps businesses protect mission-critical data and focus...

Read More
Connectria Acquires AWS Migration and Consultancy Firm WSM International
Nov19

Connectria Acquires AWS Migration and Consultancy Firm WSM International

The hosting company Connectria has announced it has acquired St Clair Shores, MI-based WSM International. For the past 15 years, WSM International has been helping small- and mid-sized companies and enterprises migrate to the cloud and reach their digital transformation goals. WSM International has provided cloud & hybrid cloud consultancy and advisory services to hundreds of firms, has completed thousands of successful migrations to Amazon Web Services (AWS) and Microsoft Azure, and now has more than 1,000 customers around the world, employs almost 250 people, and generates $60 million in annual revenues. Connectria provides cloud-managed services and management tools for customers that have already transitioned to the cloud and helps then reduce their cloud costs and comply with regulations such as HIPAA, GDPR, and PCI. What Connectria was missing was a professional services team that could help new customers migrate to the cloud, hence the decision to acquire WSM International and bring the company under the Connectria umbrella. “We’re pleased to be joining the Connectria...

Read More
TigerConnect Survey Finds 89% of Healthcare Providers Still Use Fax Machines and 39% are Still Using Pagers
Nov18

TigerConnect Survey Finds 89% of Healthcare Providers Still Use Fax Machines and 39% are Still Using Pagers

TigerConnect has released its 2019 State of Healthcare Communications Report, which shows that continuing reliance on decades-old, inefficient communications technology is negatively impacting patients and is contributing to the increasing cost of healthcare provision. For the report, TigerConnect surveyed more than 2,000 patients and 200 healthcare employees to assess the current state of communications in healthcare and gain insights into areas where communication inefficiencies are causing problems. The responses clearly show that communication in healthcare is broken. 52% of healthcare organizations are experiencing communication disconnects that impact patients on a daily basis or several times a week. Those communication inefficiencies are proving frustrating for healthcare employees and patients alike. The report reveals most hospitals are still heavily reliant on communications technology from the 1970s. 89% of hospitals still use faxes and 39% are still using pagers in some departments, roles, or even across the entire organization. The world may have moved on, but...

Read More
ProtoLytic, LLC Verified as HIPAA-Compliant by Compliancy Group
Nov16

ProtoLytic, LLC Verified as HIPAA-Compliant by Compliancy Group

ProtoLytic, LLC, the Tampa, FL-based developer of decision support tools for medical cost management, has been confirmed as HIPAA-compliant by Compliancy Group. ProtoLytic tools are used by healthcare providers to develop treatment plans for patients using evidence-based guidelines and demographic data to help claims adjusters process referrals and medical service requests and reduce time to quality of care. The company has also developed a predictive modelling information system to determine the treatment and medical services patients with specific health conditions are likely to need. These software solutions naturally come into contact with electronic protected health information (PHI). Consequently, ProtoLytic is classed as a business associate under Health Insurance Portability and Accountability Act (HIPAA) Rules. In addition to entering into a business associate agreement (BAA) with HIPAA-covered entities, ProtoLytic is must ensure safeguards are implemented to ensure the confidentiality, integrity, and availability of ePHI and the company and its employees must adhere to...

Read More
New Version of SpamTitan Released, Including New RESTapi
Nov16

New Version of SpamTitan Released, Including New RESTapi

TitanHQ has released a new version of its leading cloud-based anti-spam service and antispam software. The latest version of SpamTitan – v7.06 – includes a new RESTapi which can be used by partners and clients for seamless integrations. The latest version was debuted on November 12, 2019. Users of the cloud-based anti-spam service have automatically been upgraded to the latest version. SpamTitan software users had had the latest version downloaded to their appliances, although appliance administrators need to apply the update and accompanying security patches by logging into their user interface. The latest release includes security patches to address issues with the reporting engine and patches and ISO/OVA images are now available for all clients and partners. The patches cover several packages including OpenSSH, OpenSSL, PHP, ClamAV and sudo. TitanHQ has enjoyed 30% growth in 2019 fueled in a large part by managed services providers serving the SMB market. The TitanHQ platform is proving popular with MSPs for providing spam filtering, DNS filtering, and email archiving solutions...

Read More
EnTech Confirms HIPAA-Compliant Status with Compliancy Group
Nov15

EnTech Confirms HIPAA-Compliant Status with Compliancy Group

The Fort Myers, FL-based managed IT service provider, EnTech, has been confirmed as in compliance with Health Insurance Portability and Accountability Act (HIPAA) Rules by Compliancy Group. Entech has been serving businesses in Southwest Florida for more than 20 years. The company offers managed IT and integration services to help businesses get the most out of information technology, along with strategic technology consultancy services to help businesses choose the best IT architectures to meet their needs. In order to provide those services to healthcare organizations, EnTech is required to comply with HIPAA Rules. The company must implement appropriate safeguards to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI) and its employees made aware of their responsibilities with respect to HIPAA and ePHI. Assisted by Compliancy Group’s HIPAA coaches and using “The Guard” compliance tracking solution, EnTech has successfully completed Compliancy Group’s 6-Stage Risk Analysis and Remediation Process. Successful completion of that...

Read More
Vulnerability Identified in Philips IntelliBridge EC40/80 Hubs
Nov15

Vulnerability Identified in Philips IntelliBridge EC40/80 Hubs

A vulnerability has been identified in the Philips IntelliBridge EC40/80 hub which could allow an attacker to gain access to the hub and execute software, modify files, change the system configuration, and gain access to identifiable patient information. Philips IntelliBridge EC40/80 hubs are used to transfer medical device data from one format to another, based on set specifications. The hub does not alter the settings or parameters of any of the medical devices to which it connects. The vulnerability could be exploited by an attacker to capture and replay a session and gain access to the hub. The flaw is due to the SSH server running on the affected products being configured to allow weak ciphers. The vulnerability would only require a low level of skill to exploit, but in order to exploit the flaw an attacker would need to have network access. The flaw – CVE-2019-18241 – has a CVSS v3 base score of 6.3 out of 10 – Medium severity. The flaw was reported to Philips by New York-Presbyterian Hospital’s Medical Technology Solutions team, and under its responsible vulnerability...

Read More
Google Confirms it has Legitimate Access to Millions of Ascension Patients’ Health Records
Nov12

Google Confirms it has Legitimate Access to Millions of Ascension Patients’ Health Records

Following a report in the Wall Street Journal, Google has confirmed it is collaborating with one of the largest healthcare systems in the United States, which gives it access to a huge volume of patient data. Google has partnered Ascension, the world’s largest catholic health system and the second largest non-profit health system in the United States. Ascension operates more than 2,600 healthcare facilities in 21 states, including 150 hospitals and over 50 senior living facilities. The collaboration has given Google access to patient health information such as names, dates of birth, medical test results, diagnoses, treatment information, service dates, and other personal and clinical information. The project – code name Project Nightingale – had been kept under the radar prior to the WSJ Report, which claimed that at least 150 Google employees have allegedly been able to access patient data as part of the project and that access to patient data had been granted without patients or physicians being informed. Both Google and Ascension made announcements about the Project...

Read More
Vulnerabilities Identified in Medtronic Valleylab Energy Platform and Electrosurgery Products
Nov08

Vulnerabilities Identified in Medtronic Valleylab Energy Platform and Electrosurgery Products

6 vulnerabilities have been identified in the Medtronic Valleylab energy platform and electrosurgery products, including one critical flaw that could allow an attacker to gain access to the Valleylab Energy platform and view/overwrite files and remotely execute arbitrary code. The vulnerabilities were identified by Medtronic which reported the flaws to the Department of Homeland Security Cybersecurity and Infrastructure Security Agency under its responsible vulnerability disclosure policy. Four vulnerabilities have been identified in the following Medtronic Valleylab products Valleylab Exchange Client, Version 3.4 and below Valleylab FT10 Energy Platform (VLFT10GEN) software Version 4.0.0 and below Valleylab FX8 Energy Platform (VLFX8GEN) software Version 1.1.0 and below The critical vulnerability is an improper input validation flaw in the rssh utility, which facilitates file uploads. Exploitation of the vulnerability would allow an attacker to gain administrative access to files, allowing those files to be viewed, altered, or deleted. The flaw could also allow remote execution of...

Read More
Speakap Confirmed as HIPAA Compliant by Compliancy Group
Nov07

Speakap Confirmed as HIPAA Compliant by Compliancy Group

The communication platform provider Speakap has announced it has achieved compliance with Health Insurance Portability and Accountability Act (HIPAA) Rules with Compliancy Group. Speakap has developed a communications platform that helps healthcare organizations communicate quickly and efficiently with their frontline staff, even if they do not have easy access to computers. Through a mobile app, healthcare organizations can maintain contact with deskless workers and communicate with the entire workforce through a desktop version of the app. The app is used by businesses in a wide range of industry sectors; however, in order to offer the communications solution to the healthcare industry, Speakap needed to ensure that its platform, policies, and procedures were in full compliance with HIPAA Rules. Since the platform can be used to communicate ePHI, Speakap is classed as a business associate under HIPAA and must ensure administrative, physical, and technical safeguards are incorporated into its solution and the company fulfils its responsibilities with respect to HIPAA. To ensure...

Read More
Compliancy Group Helps Technology Response Team Achieve HIPAA Compliance
Nov05

Compliancy Group Helps Technology Response Team Achieve HIPAA Compliance

Compliancy Group has announced that Technology Response Team has successfully completed its 6-stage HIPAA risk analysis and remediation process and has demonstrated compliance with the standards of the HIPAA Privacy, Security, Breach Notification, and Omnibus Rules. Technology Response Team is a Managed Service Provider (MSP) based in Denver, CO that provides a wide range of IT support and cybersecurity services to healthcare organizations in the Denver Front Range and helps them succeed through the use of technology. The company translates complex computer terminology into language that can be easily understood by its clients and helps them implement IT solutions that improve efficiency and protect against malicious attacks. Naturally, the services provided to healthcare organizations mean the company will come into contact with systems used to create, receive, store, process, and transmit electronic protected health information. As such, Technology Response Team is classed as a business associate and is required to comply with HIPAA. Technology Response Team is committed to...

Read More
Rackspace Acquires Cloud-Native Consulting and Managed Services Company, Onica
Nov05

Rackspace Acquires Cloud-Native Consulting and Managed Services Company, Onica

Rackspace has announced that it will be acquiring the cloud-native consulting and managed services company, Onica for an undisclosed sum. An agreement has been reached to acquire the Santa Monica, CA-based firm, which will give Rackspace new professional services capabilities in areas such as strategic advisory, architecture and engineering, and application development. Onica is a fairly young company, having only been formed in 2014, yet during the past 5 years the company has amassed more than 350 skilled consultants across the United States and holds competencies in DevOps, IoT, Microsoft Workloads, data and analytics, migration and storage, education, healthcare, and industrial software. The company is regularly included in Inc. Magazine’s best places to Work list and has also achieved fifth spot in CRN® Fast Growth 150 list. Onica helps companies build new revenue streams and improve efficiency through adoption of the cloud. The company has helped companies acquire the innovative capabilities of the cloud and has implement some of the most complex technology projects the world...

Read More
Compliancy Group Confirms Integrated Technology Group is HIPAA Compliant
Oct25

Compliancy Group Confirms Integrated Technology Group is HIPAA Compliant

Integrated Technology Group, a leading healthcare-industry focused managed service provider (MSP) in the Central Virginia region, has achieved HIPAA compliance with Compliancy Group and has demonstrated its policies and procedures are fully compliant with the HIPAA Privacy, Security, Omnibus, and Breach Notification Rules and the requirements of the HITECH Act. Integrated Technology Group is primarily focused on providing managed information technology services to private medical practices to help them focus on what they do best – providing care to patients. Initially the company’s main focus was providing break-fix services. Today the company offers a wide range of managed IT services, including helping medical practices with cloud integrations, continuity planning, implementing VOIP solutions, and securing their networks. Since the provision of those services requires access to systems containing patients’ electronic protected health information, Integrated Technology Group is classed as a business associate under Health Insurance Portability and Accountability Act Rules....

Read More
TitanHQ Announces Record Growth in MSP Market and New ‘Margin Maker for MSPs’ Initiative
Oct22

TitanHQ Announces Record Growth in MSP Market and New ‘Margin Maker for MSPs’ Initiative

Cloud security vendor and HIPAA Journal sponsor, TitanHQ, has enjoyed impressive growth in Q3, 2019, registering the busiest quarter for MSP business in the company’s 20+ year history. From humble beginnings, the company has grown into the leading provider of cloud-based email and web security solutions for managed service providers that service the SMB market. Initially, the firm sold anti-spam appliances to local businesses in Galway, Ireland. Today, the company is a global provider of cloud-based network security solutions for SMBs and MSPs. The company’s cloud-based network security solutions – SpamTitan email security, WebTitan DNS filtering, and ArcTitan email archiving – are used by more than 8,200 businesses around the world and the firm has over 2,200 MSP partners. TitanHQ’s success in the MSP, OEM, and service provider markets can be attributed to several factors. Many other companies have only considered MSPs after products have been developed, with additional functionality added to appeal to the MSP market. With TitanHQ, MSPs have always been at the core of the...

Read More
Gartner Releases 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations
Oct16

Gartner Releases 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations

Gartner has published its 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations (HDOs). The report contains an analysis of the healthcare cloud market and explains how the cloud can be a viable option for healthcare organizations seeking greater efficiency and flexibility than is achievable with traditional on-premises infrastructure. Many healthcare organizations are now realizing the value of cloud-based solutions and how intelligent use of the cloud can help improve efficiency, eliminate waste, and drive down the cost of healthcare delivery. The industry may lag behind other sectors in terms of cloud adoption, but the landscape is changing fast as the healthcare cloud market matures. Healthcare CIOs are now viewing the cloud as an extension of their internal infrastructure. While initially there was a great deal of skepticism about the cloud due to the security risks and potential for costs to spiral out of control, there is now widespread acceptance that the cloud can serve as an IT service delivery model and the healthcare industry is now much more...

Read More
Forcepoint Expands Global Partner Program with Two New initiatives
Oct08

Forcepoint Expands Global Partner Program with Two New initiatives

Cybersecurity firm Forcepoint has announced the expansion of its global partner program with two new initiatives to empower partners to deliver world-class services and security solutions to Forcepoint customers around the globe. To help businesses better protect their networks and secure sensitive data from an increasing range of cyber threats, the company has created two new partner programs that will bring together a host of strategic partners that can help its customers enhance their security programs and ensure they are capable of dealing with emerging threats and today’s highly sophisticated threat landscape. The first new partner program is Forcepoint GSI Platinum, which offers higher levels of accreditation for global systems integrator firms. The new program includes a bespoke training package, prioritized opportunities, and an integrated suite of market-leading products, ensuring fast time-to-value for customers. Additional benefits include dedicated sales and marketing support around the globe, single-program guidelines for global execution, Technical Center of...

Read More
SpamTitan Named Cloud Email Security Leader by G2 Crowd for 3rd Consecutive Quarter
Sep22

SpamTitan Named Cloud Email Security Leader by G2 Crowd for 3rd Consecutive Quarter

SpamTitan has been named the leader in the G2 Crowd Grid Summer 2019 Report for Cloud Email Security. This is the third consecutive quarter that TitanHQ’s 100% cloud-based anti-spam and anti-phishing solution has been named leader in G2 Crowd’s Grid reports. G2 Crowd is an independent review website that provides SMBs and MSPs with insights into the best software companies and products on the market. The Grid reports cover the top-reviewed security products and software solutions. Each company’s position in the Grid is calculated from user reviews and aggregated data from online sources and social networks. G2 Crowd applies an algorithm to calculate scores for customer satisfaction and market presence, the latter being based on market share, vendor size, and social impact. Low customer satisfaction and a small market footprint see products/companies classed as niche players. Low customer satisfaction and strong market presence see a company/product classed as a contender. High customer satisfaction and a small market footprint place companies and products in the high performers...

Read More
GFI Software Announces New Distribution Agreement with Infinigate
Sep20

GFI Software Announces New Distribution Agreement with Infinigate

The network security and communications software provider GFI Software has signed a new distribution agreement with Infinigate Group. GFI Software already has a distribution agreement with Infinigate covering the United Kingdom, Germany, Netherlands, and Scandinavia. The new agreement is intended to help the company increase its market presence in France. “We have established successful business partnerships with Infinigate group across many European markets,” said Thomas Witting, VP Global Distribution Sales at GFI Software. “The addition of Infinigate France to the European GFI distribution landscape will enable an easy and competent access to the GFI product catalog through an experienced distributor with both international expertise and local market knowledge.” The new agreement will allow Infinigate to provide resellers and customers in France with greater value, by creating new and unique offerings to help resellers serving the French market create new profit opportunities and boost sales. Infinigate will be helping resellers with sales programs and...

Read More
Vulnerabilities Identified in WLAN Firmware Used by Philips IntelliVue Portable Patient Monitors
Sep17

Vulnerabilities Identified in WLAN Firmware Used by Philips IntelliVue Portable Patient Monitors

Two vulnerabilities have been identified in Philips IntelliVue WLAN firmware which affect certain IntelliVue MP monitors. The flaws could be exploited by hackers to install malicious firmware which could impact data flow and lead to an inoperable condition alert at the device and Central Station. Philips was alerted to the flaws by security researcher Shawn Loveric of Finite State, Inc. and proactively issued a security advisory to allow users of the affected products to take steps to mitigate risk. The flaws require a high level of skill to exploit in addition to access to a vulnerable device’s local area network. Current mitigating controls will also limit the potential for an attack. As such, Philips does not believe either vulnerability would impact clinical. Philips does not believe the flaws are being actively exploited. The first flaw, tracked as CVE-2019-13530, concerns the use of a hard-coded password which could allow an attacker to remotely login via FTP and upload malicious firmware. The second flaw, tracked as CVE-2019-13534, allows the download of code or an...

Read More
TitanHQ Announces Fall 2019 Schedule of Roadshow Events
Sep16

TitanHQ Announces Fall 2019 Schedule of Roadshow Events

TitanHQ, the leading provider of email security, web security, and email archiving solutions to SMBs and managed service providers (MSPs), has announced its fall 2019 schedule of roadshows, trade shows, and conferences. These industry events bring together managed service providers (MSPs) Managed Security Service Providers (MSSPs) and IT professionals from around the globe to discuss the latest IT trends and technologies, obtain invaluable advice, and learn best practices to improve efficiency, security, and boost profitability. The TitanHQ team will be attending key MSP events this fall to discuss email security and web security with MSPs. The team will explain to attendees how SpamTitan and WebTitan can lower costs by reducing the time support staff spend resolving malware infections and phishing attacks, along with the key features of the solutions that make them such a popular choice with MSPs. This week will see the team attend the DattoCon Dublin event on September 17 followed by the Managed Services & Hosting (MSH) Summit in London on September 18, followed by a packed...

Read More
iland Enhances Catalyst Cloud Migration Tool
Sep16

iland Enhances Catalyst Cloud Migration Tool

The Houston, TX-based cloud service provider, iland, has announced that it has enhanced its complimentary Catalyst cloud migration tool. The tool can be used by companies to help plan migrations to the cloud from traditional data centers and ensure they right-size their cloud environments and avoid under- and over-provisioning. When migrating from traditional data centers to cloud-based infrastructure, businesses have to predict what resources they will need. Decisions are made based on the size of applications, the frequency of use, and it is also necessary to determine whether certain workloads are actually compatible with cloud services. Businesses must also assess the costs involved to determine whether cloud migration is viable and cost-effective. The Catalyst cloud migration tool takes the guesswork out of the equation and allows businesses to accurately estimate the service costs per month as well as ad hoc costs. The tool also helps determine whether DRaaS, BaaS, and cloud migration is feasible and allows businesses to get things right first time around. The latest update...

Read More
SE Labs Names Symantec Best Enterprise and Best Email Security Service
Sep14

SE Labs Names Symantec Best Enterprise and Best Email Security Service

UK-based information technology security testing firm SE Labs has named Symantec the Best Enterprise Endpoint and Best Email Security Service Provider. SE Labs’ mission is to help businesses purchase the best information technology solutions on the market to help them protect against cyberattacks and detect intrusions quickly when attacks occur. The company has developed ‘next generation’ testing techniques to test ‘next generation’ security solutions, network appliances, and cloud-based services to ensure they are capable of detecting and blocking a wide range of security threats. The company conducts continuous public tests, private assessments, and obtains feedback from its testing teams and corporate clients to produce reports that help enterprises select the best cybersecurity solutions on the market. The latest tests have seen Symantec solutions perform better than other solutions on the market, resulting in awards being issued for two of Symantec’s most popular enterprise security solutions. Symantec Endpoint Security gives enterprises visibility into their endpoints and...

Read More
Vulnerability Identified in Becton Dickinson Pyxis Drug Dispensing Cabinets
Sep09

Vulnerability Identified in Becton Dickinson Pyxis Drug Dispensing Cabinets

Becton Dickinson (BD) has discovered a vulnerability in its Pyxis drug dispensing cabinets which could allow an unauthorized individual to use expired credentials to access patient data and medications. The vulnerability was discovered by BD, which self-reported the flaw to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). ICS-CERT has recently issued an advisory about the flaw. The vulnerability affects Pyxis ES versions 1.3.4 to 1.6.1 and Pyxis Enterprise Server with Windows Server versions 4.4 through 4.12. The vulnerability – tracked as CVE-2019-13517 – is a session fixation flaw in which existing access privileges are not properly coordinated with the expiration of access when a vulnerable device is joined to an Active Directory (AD) domain. This means the credentials of a previously authenticated user could be used to gain access to a vulnerable device under certain configurations. This would allow an attacker to obtain the same level of privileges as the user whose credentials are being used, which could give access to patient...

Read More
Liquid Web and Nexcess Join Forces
Sep06

Liquid Web and Nexcess Join Forces

Liquid Web, a provider of managed hosting and managed application services to small to medium sized businesses, has joined forces with the managed web hosting provider for eCommerce platforms, Nexcess. Liquid Web believes the new partnership will help with its goal of dominating the web hosting market for SMBs by providing a more comprehensive range of services for SMB customers. The partnership will open up the Nexcess cloud to Liquid Web customers and will allow them to benefit from Nexcess technology and scalability. Nexcess will be provided with greater scale and capital to ensure long term growth and its customers will have easy access to Liquid Web’s plans and hosting services. The partnership will combine the expertise of both companies – Liquid Web on WordPress and WooCommerce and Nexcess on Magneto – and will the clolud experts and both firms keep developing new products and open source platform capabilities to better serve the SMB market. Together, the companies have 650 employees, operate 11 data centers, and offer a full-service application web hosting and managed...

Read More
iland Expands and Enhances its Global Channel Sales Program
Sep05

iland Expands and Enhances its Global Channel Sales Program

iland, a provider of VMware-based secure, cloud backup and disaster recovery solutions, is expanding and enhancing its global channel sales program due to increased customer demand and significant partner growth. Initially, iland was focused on helping small- and mid-sized companies by implementing and testing cloud-based infrastructure, backup and disaster recovery solutions when they lacked the resources to do it alone; however, the company is now serving a much broader customer base including enterprise customers through a network of managed service providers and resellers. The expansion of its channel sales program includes a new partner portal for training, certification, and sales management to help partners meet the needs of their customers and generate more sales. Partners are also given a free cloud assessment tool to help them manage data and cloud workloads effectively and efficiently and simplify the journey to the cloud. The Catalyst cloud assessment tool helps customers determine the required bandwidth and capacity and right-size their cloud environment to minimize...

Read More
Cyren Names Bruce Johnson VP of Sales for the Americas
Sep05

Cyren Names Bruce Johnson VP of Sales for the Americas

McLean, VA-based cybersecurity firm Cyren has appointed Bruce Johnson as Vice President of Sales for the Americas. Johnson brings a wealth of sales leadership experience and extensive expertise in building successful enterprise sales teams for cybersecurity firms. Prior to joining Cyren, Johnson has held sales leadership positions in several high-growth companies, including Arcot Systems, Entercept Security Technologies, 4iQ, Fortscale, Vaultive, and Thales-Vormetric and obtained a degree in economics and marketing at California State University in Chico. Johnson was chosen ahead of several highly skilled applicants due to his high level of experience in building sales organizations that produce results. One of Johnson’s key roles at Cyren will be to focus on driving more revenue growth and is considered to be an important addition to Cyren’s leadership team to help accelerate growth and ensure the company enjoys continued success. Cyren’s 100% cloud-based security solutions are relied upon by more than 1.3 billion global users to protect them against an ever-increasing range of...

Read More
82% of Healthcare Organizations Have Experienced a Cyberattack on Their IoT Devices
Sep03

82% of Healthcare Organizations Have Experienced a Cyberattack on Their IoT Devices

82% of healthcare providers that have implemented Internet-of-Things (IoT) devices have experienced a cyberattack on at least one of those devices over the course of the past 12 months, according to the Global Connected Industries Cybersecurity Survey from Swedish software company Irdeto. For the report, Irdeto surveyed 700 security leaders from healthcare organizations and firms in the transportation, manufacturing, and IT industries in the United States, United Kingdom, Germany, China, and Japan. Attacks on IoT devices were common across all those industry sectors, but healthcare organizations experienced the most cyberattacks out of all industries under study. The biggest threat from these IoT cyberattacks is theft of patient data. The attacks also have potential to compromise end user safety, result in the loss of intellectual property, operational downtime and damage to the organization’s reputation. The failure to effectively secure the devices could also potentially result in a regulatory fine. When asked about the consequences of a cyberattack on IoT devices, the biggest...

Read More
Vulnerability Discovered in Philips HDI 4000 Ultrasound Systems
Sep03

Vulnerability Discovered in Philips HDI 4000 Ultrasound Systems

A vulnerability has been discovered in Philips HDI 4000 Ultrasound systems which could be exploited to gain access to ultrasound images. In addition to stealing data, an attacker could doctor ultrasound images to prevent diagnosis of a potentially life-threatening health condition. Philips HDI 4000 Ultrasound systems are based on legacy operating systems such as Windows 2000 which are no longer supported. Any vulnerability in the operating system could be exploited to gain access to the system and patient data. One such vulnerability – CVE-2019-10988 – was detected by security researchers at Check Point, who reported the problem to Philips. US-CERT has recently issued an advisory about the vulnerability. Philips HDI 4000 Ultrasound systems reached end of life in December 2013 and are no longer sold, updated, or supported by Philips, yet many healthcare organizations continue to use the systems even through they are vulnerable to attack. US-CERT warns that multiple exploits are already in the public domain and could be used to gain access to the systems. Since the devices are...

Read More
Code Execution Vulnerability Identified in Change Healthcare Cardiology Devices
Sep02

Code Execution Vulnerability Identified in Change Healthcare Cardiology Devices

A vulnerability has been identified in Change Healthcare Cardiology, McKesson Cardiology, and Horizon Cardiology devices. The vulnerability could be exploited by a locally authenticated user to insert files that could allow the attacker to execute arbitrary code on a vulnerable device. The vulnerability – CVE-2019-18630 – was identified by Alfonso Powers and Bradley Shubin of Asante Information Security who reported the vulnerability to Change Healthcare. Change Healthcare notified the National Cybersecurity & Communications Integration Center (NCCIC) and a security advisory has now been issued by US-CERT. The vulnerability has been assigned a CVSS v3 base score of 7.8 out of 10 and is the result of incorrect default permissions in the default installation. While the vulnerability only requires a low level of skill to exploit, an attacker would first need local system access which will limit the potential for the flaw to be exploited. Change Healthcare has issued an advisory for users of the following cardiology devices: Horizon Cardiology 11.x and earlier Horizon Cardiology...

Read More
Rackspace Announces Major Enhancements to its Hybrid Cloud Portfolio
Sep01

Rackspace Announces Major Enhancements to its Hybrid Cloud Portfolio

Rackspace has enhanced its hybrid cloud portfolio and is now providing customers with access to advanced services that are intended to help them modernize their IT environments as easily and quickly as possible to benefit from the flexibility and scalability of the cloud. Five major updates have been made to its services that will improve support for customers with that have adopted a hybrid architecture. Rackspace is now offering advanced cloud-native support, API management, external storage for VMware on AWS, managed guest OS, advanced Kubernetes and container enablement services, application and data integration, and managed security services. “Our new set of advanced hybrid cloud services, backed by our industry leading service blocks framework, provide customers the expertise necessary to help navigate through their hybrid cloud journeys,” said Vikas Gurungunti, EVP and GM of Solutions and Services at Rackspace. The key new enhancements are: Managed VMware Cloud on AWS – Rackspace customers can now use VMware HCX and Managed Guest OS Services for their VMware CloudTM on AWS...

Read More
CTI Technology Confirmed as HIPAA Compliant
Aug28

CTI Technology Confirmed as HIPAA Compliant

CTI Technology, an Elgin, IL-based managed IT service provider, has demonstrated compliance with the Health Insurance Portability and Accountability Act (HIPAA) Rules using Compliancy Group’s proprietary HIPAA methodology and compliance tracking solution, The Guard. Any company that provides a product or service to healthcare organizations that requires access to systems containing protected health information (PHI) is classed as a HIPAA business associate. Following the introduction of the HIPAA Omnibus Final Rule, all business associates of HIPAA-covered entities must comply with HIPAA Rules or face stiff financial penalties for noncompliance. CTI Technology believes compliance with HIPAA Rules is essential for protecting patient privacy, improving data security, and reducing fraudulent activity. The company educates its clients on the measures required to ensure compliance with the HIPAA Security Rule and how, through compliance, cyberattacks can be thwarted and regulatory fines avoided. CTI Technology has recently completed Compliancy Group’s 6-stage risk analysis and...

Read More
iland is Now VMware Cloud Certified
Aug27

iland is Now VMware Cloud Certified

The global cloud service provider iland has announced it has achieved VMware Cloud Verified status. VMware Cloud Verified status confirms the secure iland cloud platform integrates with VMWare-based services and that iland’s services can be run on top of the complete VMware Cloud infrastructure. iland has a long history of working with VMware and has helped several thousand VMware customers protect their data and applications in the cloud. iland’s cloud platform fully integrates with VMware services, providing customers with a familiar experience across iland’s infrastructure-as-a-service (IaaS), backup-as-a-service (BaaS), and disaster recovery-as-a-service (DRaaS) offerings. The VMware Cloud Certified badge confirms that VMware cloud infrastructure users are able to retain the full capabilities of VMware Cloud infrastructure such as interoperability, flexibility, and cost optimization, while taking advantage of iland’s IaaS, Baas, and DRaaS services. Under the VMware Partner Program, companies that have been VMware Cloud Verified have been confirmed as being able to offer the...

Read More
IT Service Provider Choose Networks Achieves HIPAA Compliance with Compliancy Group
Aug26

IT Service Provider Choose Networks Achieves HIPAA Compliance with Compliancy Group

The Wichita, KS-based IT service provider, Choose Networks, has achieved HIPAA compliance with Compliancy Group. Choose Networks was established in 2001 to provide small to medium sized businesses with enterprise-grade IT support. The company now employs over 35 people and provides IT support services to a wide range of companies, including many in the healthcare industry. As an IT service provider, Choose Networks requires access to systems containing protected health information. As such, the company is considered a HIPAA business associate and is required to comply with HIPAA Rules. In order to ensure that all requirements of HIPAA have been met and to demonstrate the company follows the same policies, procedures, and administrative practices as its healthcare clients, Choose Networks partnered with Compliancy Group and completed its 6-Stage HIPAA risk analysis and remediation process. “Choose Networks delivers an excellent customer experience, and this doesn’t stop with technical guidance and support. It is paramount to do everything it takes to protect our customers,”...

Read More
FINAL CALL to Take Part in Emergency Preparedness and Security Trends in Healthcare Survey
Aug19

FINAL CALL to Take Part in Emergency Preparedness and Security Trends in Healthcare Survey

Each year, Rave Mobile Safety conducts a survey to identify healthcare security trends and determine the state of emergency preparedness in the healthcare industry. For the 2020 Emergency Preparedness and Security Trends in Healthcare report, insight is being sought from leaders in the healthcare community. Many HIPAA Journal readers have already participated in last year’s survey and have provided information on the measures that have been deployed to improve safety in emergency situations. Their answers will be used to gain an overview of emergency preparedness throughout the United States. If you have not already participated, you are invited to share your feedback in this anonymous survey (click here). This is an opportunity for you to find out how your healthcare industry colleagues nationwide communicate in emergency preparedness and security matters and where they expect to take these practices next. You can participate completely anonymously. After you complete the survey, you will have the opportunity to enter into a raffle for a $200 gift card from the survey sponsor. If...

Read More
Direct Connect Computer Systems Inc. Recognized as HIPAA Compliant
Aug16

Direct Connect Computer Systems Inc. Recognized as HIPAA Compliant

The Cleveland, OH-based technology solution provider, Direct Connect Computer Systems, Inc., has demonstrated the company is fully compliant with Health Insurance Portability and Accountability Act (HIPAA) Rules. Companies that provide technology solutions and services to healthcare clients that require contact with electronic protected health information (ePHI) are classed as ‘business associates’ under HIPAA. Business associates of HIPAA covered entities must ensure they are fully compliant with the HIPAA Privacy, Security, Omnibus, and Breach Notification Rules, and must ensure the confidentiality, integrity, and availability of ePHI at all times. Business associates face substantial fines if they are discovered not to be compliant with HIPAA Rules. In order to start providing products and services to healthcare organizations, companies must be able to provide reasonable assurances that they are fully compliant with HIPAA Rules. To help provide those assurances and demonstrate the company’s commitment to privacy and security, Direct Connect Computer Systems, Inc., partnered with...

Read More
Liquid Web Named in Inc. 5000 List of Fastest Growing U.S. Companies for 12th Time
Aug16

Liquid Web Named in Inc. 5000 List of Fastest Growing U.S. Companies for 12th Time

Liquid Web has announced it has been named in the Inc. 5000 list of the fastest growing companies in the United States for the 12th time. The Inc. 5000 list is released each year to honor the most successful privately-held companies in the United States – Those that have recorded consistent high growth over the previous three years. To be considered for inclusion in the list, for-profit companies must be privately held and not a subsidiary or division of another company up until December 2018. Each company is assessed and ranked on percentage revenue growth from 2015 to 2018. Each company must have generated a minimum revenue of $100,000 in 2015 and a minimum revenue of $2 million in 2018. Other factors taken into consideration are the number of employees, location, and industry sector. Many companies apply for inclusion in the list but fail to rank in the top 5000. A large percentage of the tens of thousands of applicants fail to achieve consistent high growth and are only included once, if they make the grade at all. Many are included in the list just once as they are...

Read More
New Cyber Alliance Program Launched by Mimecast
Aug04

New Cyber Alliance Program Launched by Mimecast

The UK-based email security firm Mimecast has announced the launch of a new Cyber Alliance Program, expanding its API and data sharing collaboration with security vendors to better protection joint customers. In order to protect against the growing range of cybersecurity threats, businesses need to implement a range of cybersecurity solutions; however, managing those solutions can be difficult. IT admins are having to work on disparate security solutions which is inefficient and time consuming. Those inefficiencies place an administration burden on IT departments that are often already struggling with insufficient budgets and resources. Through the new Cyber Alliance Program, cybersecurity solution vendors can share threat data, malicious code and attack vectors more efficiently, thus strengthening their products to better protect their customers. Customers will benefit as they will be able to maximize their current and planned cybersecurity investments, gain deeper insights into current and emerging threats, and reduce the time they spend on administration. Cybersecurity vendors...

Read More
First Half of 2019 Sees 31.6 Million Healthcare Records Breached
Aug02

First Half of 2019 Sees 31.6 Million Healthcare Records Breached

It has been a particularly bad six months for the healthcare industry. Data breaches have been reported in record numbers and the number of healthcare records exposed on a daily basis is extremely concerning. The trend of more than one healthcare data breach a day has continued throughout 2019, even reaching a rate of 2 per day in May. According to the 2019 Mid-Year Data Breach Barometer Report from Protenus and Databreaches.net, 31,611,235 healthcare records were breached between January 2019 and June 2019. To put that figure into perspective, it is double the number of records exposed in healthcare data breaches in the entirety of 2018 (14,217,811 records). One breach stands out from the 285 incidents reported in the first half of the year: The data breach at American Medical Collection Agency (AMCA). A batch of stolen credentials on a dark net marketplace was traced back to AMCA, which discovered its payment web page had been compromised for months. It is not yet known exactly how many healthcare records were exposed in the incident, but 18 clients are known to have been...

Read More
Email Security Firm Edgewave Acquired by GoSecure
Aug02

Email Security Firm Edgewave Acquired by GoSecure

The San Diego,CA-based email threat detection and response platform provider, Edgewave, has been acquired by the Waltham, MA-based cybersecurity company GoSecure for an undisclosed sum. Edgeware is best known for its ThreatTest service, which is used by companies to identify and respond to phishing attacks on the workforce. The platform provides pre- and post-delivery detection of email threats and automated response to mitigate phishing attacks and other email-based cybersecurity threats. The company was one of the first to offer a managed inbox detection and response service to businesses. The company employs 65 staff, has around 100 channel partners, and more than 2,000 business customers. GoSecure is primarily a provider of managed detection and response (MDR) services. CounterTack acquired Gosecure in June 2018, with the company rebranding as GoSecure powered by CounterTack in February this year. In addition to MDR services, the company offers a range of managed security services such as penetration testing, security audits, and threat assessments. The acquisition will allow...

Read More
Atlantic.Net Celebrates 25 Years as Internet and Cloud Services Provider
Aug01

Atlantic.Net Celebrates 25 Years as Internet and Cloud Services Provider

Atlantic.Net, a cloud service provider that specializes in HIPAA-compliant hosting for the healthcare industry, is celebrating its 25th anniversary this year. The company was formed in 1994 as an Internet service provider, but over the years has adapted with the latest technology trends and in 2009 transitioned into cloud services. Over the next 10 years the company further developed its hosting platform and associated services and is now a major cloud services provider with more than 15,000 business clients in over 100 countries. “What started as an ISP in a university dorm has evolved into a leading Cloud Services Provider that our clients have come to rely on for powering their businesses, securing their data, and ensuring compliance and business continuity,” said Atlantic.Net Founder, President, and CEO, Marty Puranik. “By offering optimized Cloud and traditional hosting that protects and scales with our customer’s businesses, we have grown into an international brand with a computing presence in multiple countries. We thank our loyal staff and clients, without whom our success...

Read More
Sonicwall 2019 Mid-Year Cyber Threat Report Shows Rise in Ransomware, Cryptojacking and IoT Attacks
Aug01

Sonicwall 2019 Mid-Year Cyber Threat Report Shows Rise in Ransomware, Cryptojacking and IoT Attacks

The Sonicwall 2019 Mid-Year Cyber Threat Report provides insights into the main threats faced by businesses and is based on data from over 200 countries and more than 1 million security sensors around the globe. The report shows there has been a 20% drop in malware attacks in the first half of 2019. While malware attacks have dropped overall, Sonicwall’s report shows an escalation in the use of open source malware kits. The first half of 2019 saw 74,360 never-before-seen malware variants. Ransomware attacks are now being reported at a higher rate and this is reflected in the report. Sonicwall’s figures show there has been a 15% increase in ransomware attacks and an escalation in the use of ransomware-as-a-service. Malware and ransomware can be installed using a variety of methods, although email continues to be the attack vector of choice for many threat actors. Email-based malware attacks most commonly use Office files and PDF files that contain code that downloads a malicious payload. Between February and March 2019, 51% of never-before-seen attacks came from PDF attachments and...

Read More
Critical VxWorks Vulnerabilities Impact 2 Billion Devices
Jul31

Critical VxWorks Vulnerabilities Impact 2 Billion Devices

Security researchers at Armin have identified 11 vulnerabilities in the VxWorks real-time operating system that is used in around 2 billion IoT devices, medical devices, and control systems. Six of the vulnerabilities have been rated critical and can be exploited remotely with no user interaction required. A successful exploit would allow a hacker to take full control of an affected device. The vulnerabilities are collectively known as “Urgent/11” VxWorks was first created more than 30 years ago and was developed to serve as an ultra-reliable operating system capable of processing data quickly. Today, VxWorks is the most popular real-time operating system in use and can be found in patient monitors, MRI machines, elevator control systems, industrial controllers, data acquisition systems, modems, routers, firewalls, VOIP phones, and printers. Armin researchers alerted Wind River about the flaws and patches have now been issued to address the vulnerabilities. Wind River said all currently supported versions of VxWorks are affected by at least one of the vulnerabilities. The...

Read More
Qmetis Inc. Demonstrates HIPAA Compliant Status by Completing Compliancy Group HIPAA Risk Analysis Program
Jul31

Qmetis Inc. Demonstrates HIPAA Compliant Status by Completing Compliancy Group HIPAA Risk Analysis Program

The NY-based healthcare technology company Qmetis has successfully completed Compliancy Group’s 6-Stage HIPAA Risk Analysis and remediation process and has been confirmed as being in compliance with Health Insurance Portability and Accountability Act (HIPAA) Rules for HIPAA business associates. Qmetis develops web-based interactive quality assessment and quality assurance decision-support tools for healthcare professionals. The tools help hospitals and medical centers, and physician’s offices consistently deliver evidence-based care to patients. The tools are used in real-time at a patient’s bedside and support treatment decisions. Healthcare organizations that have adopted the tools have been able to improve outcomes and reduce costs. The tools developed by Qmetis interact with patient health information, so the company is considered a business associate under HIPAA and is required to comply with HIPAA Rules. The company had already developed a HIPAA compliance program, but as part of its continuing commitment to compliance, the company partnered with the Compliancy Group and used...

Read More
New Report Highlights Impact Email Attacks are Having on Businesses
Jul29

New Report Highlights Impact Email Attacks are Having on Businesses

A new report from email security vendor Barracuda has revealed the extent to which email attacks are negatively impacting businesses and how many are struggling to deal with email-based threats. For its 2019 Email Security Trends report, Barracuda commissioned a survey of 660 IT stakeholders in the Americas, APAC, and EMEA regions to find out more about the threats they were facing, the cost of email-based attacks on their organization, how they rated their email security defenses, and their experiences and attitudes to insider threats and Office 365. The survey confirmed that email attacks are having a direct business impact. 74% of respondents said email attacks have had a major impact on their business and 78% said the cost of mitigating email attacks are increasing. The attacks often result in employee downtime, business disruption, loss of business, and damage to the reputation of the IT department. The attacks increase the stress level for IT professionals, as they find themselves having to work longer hours, including evenings and weekends to deal with the attacks. IT...

Read More
Computer Doc Achieves HIPAA Compliance with Compliancy Group
Jul24

Computer Doc Achieves HIPAA Compliance with Compliancy Group

Compliancy Group has announced that the Indian Trail, NC-based IT firm Computer Doc is compliant with the HIPAA Privacy, Security, Breach Notification, Omnibus Rules and the requirements of the HITECH Act. Since 1997, Computer Doc has been providing IT support and consultancy services to businesses in and around Charlotte, NC. The firm focuses on providing IT support to small to medium sized businesses to help them increase productivity, improve efficiency, and boost profitability through the intelligent use of IT. In order to reassure healthcare companies that the firm is aware of the requirements of HIPAA and is committed to providing a HIPAA-compliant IT support service, Computer Doc signed up with the Compliancy Group and was guided through the compliance process. “With HIPAA violation fine enforcement up 400% in recent years and series of high-profile breaches and multi-million dollar settlements that drew national attention, the importance of HIPAA compliance for both IT service providers (BAs) and their healthcare IT clients (CEs) has never been more urgent,” explained...

Read More
Selarom Demonstrates Compliance with HIPAA Regulations
Jul16

Selarom Demonstrates Compliance with HIPAA Regulations

El Monte, CA-based Selarom is a specialist cybersecurity firm that provides services to healthcare organizations to help them secure their sensitive data and comply with HIPAA Rules. The company now offers a ‘HIPAA Compliance Complete Solution’ and provides a comprehensive security package for both the managerial and technical sides of organizations. Ensuring sensitive information stays private and confidential is the company’s No1 priority. HIPAA compliance is more important today than ever before. The number of cyberattacks on healthcare organizations has reached unprecedented levels. 500+ record healthcare data breaches now being reported at a rate of more than one a day. If a breach occurs, the HHS’ Office for Civil Rights will investigate and ask for evidence of HIPAA compliance. Many small healthcare providers struggle to comply with all provisions of the HIPAA Privacy and Security Rules. In the event of a breach or audit, those providers will be at risk of regulatory fines. Selarom helps companies secure their data and prevent data breaches. The company ensures that in the...

Read More
Rackspace Forms Strategic Partnership with Tech Mahindra
Jul15

Rackspace Forms Strategic Partnership with Tech Mahindra

Rackspace has formed a new strategic partnership with the digital transformation, consulting, and business reengineering service provider, Tech Mahindra. Tech Mahindra is a USD 4.9 billion company with more than 121,000 associates in 90 countries. The firm helps companies by providing innovative customer-centric IT experiences and delivers convergent, digital, design experiences, along with innovation platforms that connect across a wide range of technologies to provide customers with tangible business value. Rackspace is a leading cloud service provider offering a range of hosting services, and managed application, data, and security to help its clients during every stage of their digital transformation and accelerates the value of the cloud. The new strategic partnership will allow cross-selling to Tech Mahindra’s customer base and will include joint service offerings. It will also allow Rackspace to improve its business applications and processes and execute a new go-to-market commercial model. “Our partnership with Tech Mahindra is a powerful combination,” said Subroto Mukerji,...

Read More
Hospital Quality Institute Chooses Otava Virtual Private Cloud Environments for Sensitive Healthcare Data
Jul13

Hospital Quality Institute Chooses Otava Virtual Private Cloud Environments for Sensitive Healthcare Data

The Ann Arbor, MI-based cloud services company, Otava, has announced it has been chosen by the Hospital Quality Institute to host sensitive healthcare data in two new virtual private cloud environments. The Hospital Quality Institute was created by the California Hospital Association, Hospital Association of San Diego and Imperial Counties, and Hospital Council of Northern and Central California to help gauge the performance of hospitals in California and identify areas where improvements can be made to quality and patient safety. In order to assess hospital quality and patient safety, the Hospital Quality Institute collects data from hospitals and, through accurate metrics, provides valuable information to California Hospital Association members that allows them to demonstrate success, improve quality, and enhance patient safety. Rather than host its databases on-premises, the Hospital Quality Institute is using the cloud to host sensitive healthcare data and, by so doing, gain significant resource and cost benefits. Since the Hospital Quality Institute is required to comply with...

Read More
Vulnerability Identified in GE Aestiva and Aespire Anesthesia Machines
Jul10

Vulnerability Identified in GE Aestiva and Aespire Anesthesia Machines

An improper authentication vulnerability has been identified in GE Aestiva and Aespire Anesthesia devices which are used in hospitals throughout the United States. The vulnerability – CVE-2019-10966 – could allow a remote attacker to modify the parameters of a vulnerable device and silence alarms. Possible alterations include making changes to gas composition parameters to correct flow sensor readings for gas density and altering the time on the device. The flaw is due to the exposure of certain terminal server implementations which extend GE Healthcare anesthesia device serial ports to TCP/IP networks. The vulnerability could be exploited if serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration. The vulnerability has been assigned a CVSS v3 base score of 5.3 out of 10 and affects GE Aestiva and Aespire versions 7100 and 7900. GE Healthcare has confirmed this is not a vulnerability in GE Healthcare device themselves. While the flaw could be exploited, GE Healthcare has determined via a formal risk investigation that “there is no...

Read More
Consumers Concerned About Medical Device Security
Jul09

Consumers Concerned About Medical Device Security

The importance consumers place on the privacy and security of their health information has been explored in a recent nCipher Security survey. The survey was conducted on 1,300 U.S. consumers and explored attitudes toward online privacy, the sharing of sensitive information, and data breaches. The survey revealed consumers are more concerned about their financial information being hacked than their health information. 42% of respondents said their biggest cybersecurity concern was their financial information being stolen, compared to 14% whose main concern was the theft of their health data. Concern about financial losses is understandable. Theft of financial information can have immediate and potentially very serious consequences. Theft of health data may not be viewed to be as important by comparison, but consumers are still concerned about the consequences of a breach of their personal information. Over one third of consumers said they were worried that hackers would tamper with their data and 44% were concerned about identity theft after a data breach. 22% of consumers said they...

Read More
Medtronic Recalls Insulin Pumps Due to Cybersecurity Risk
Jun28

Medtronic Recalls Insulin Pumps Due to Cybersecurity Risk

The United States Computer Emergency Readiness Team (US-CERT) and the Food and Drug Administration (FDA) have issued alerts about cybersecurity flaws in certain Medtronic insulin pumps. The affected insulin pumps connect with other devices such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices using wireless RF. Vulnerabilities have been identified in certain MiniMed 508 and MiniMed Paradigm insulin pumps which could allow an attacker with adjacent access to an affected product to intercept, modify, or interfere with the RF communications to or from the product. Consequently, it would be possible to read data sent to and from the device, alter the settings of the insulin pump, and take control of insulin delivery. An attack could therefore result in hypoglycemia, diabetic ketoacidosis, or death. The flaw – CVE-2019-10964 – is due to the communications protocol not properly implementing authentication or authorization and has been assigned a CVSS v3 base score of 7.1 out of 10. The flaw was uncovered by security researchers Nathanael Paul,...

Read More
Connectria Named One of Top 100 Places to Work in 2019
Jun25

Connectria Named One of Top 100 Places to Work in 2019

The managed cloud and managed service provider, Connectria, has been named one of the top 100 places to work in IT in 2019 by IDG’s Computerworld. The company ranked #13 in its small organization ranking (fewer than 100 U.S. employees). This is the sixth consecutive year that Connectria has been included in Computerworld Best Places to Work in IT list: A ranking of the companies with the best work environments, where employees are challenged, allowed to grow, develop and advance, and are rewarded for their efforts with excellent compensation and great benefits. “Our 2019 survey shows again that the Best Places to Work in IT are dynamic organizations that provide top pay and a broad array of programs and benefits designed to make them attractive places to work,” said Computerworld executive editor, Ken Mingis. To compile the list, Computerworld uses a comprehensive questionnaire that quizzes companies on remuneration, benefits, career development paths, training, support, and employee retention. In addition, IT workers at each firm provide their feedback on the company which heavily...

Read More
iland Named Leader in Gartner Magic Quadrant for Disaster Recovery as a Service
Jun20

iland Named Leader in Gartner Magic Quadrant for Disaster Recovery as a Service

For the fourth year in a row, iland has been named a leader in the Gartner Magic Quadrant for Disaster Recovery as a Service. The Gartner Magic Quadrants are graphical representations of the key providers of technology solutions to enterprises. Gartner assesses companies based on their completeness of vision and their ability to execute that vision. The assessments see companies assigned to one of four categories: Niche players, visionaries, challengers, and leaders. In the latest Magic Quadrant for Disaster Recovery as a Service, iland achieved the fourth highest score for ability to execute out of the 22 companies included in the report and retained its position as a leader for the fourth consecutive year. With so many companies now providing disaster recovery as a service, competition is fierce. Recently over 7 companies that have developed DRaaS offerings have been acquired by other companies or have experienced serious financial difficulties. iland on the other hand is going from strength to strength. The company has been providing DRaaS offerings for 12 years and is still one...

Read More
Webinar –  Email Archiving for your Business: Improve Compliance, Save Money & Enhance Efficiency
Jun20

Webinar – Email Archiving for your Business: Improve Compliance, Save Money & Enhance Efficiency

TitanHQ is hosting a webinar in which the fundamentals of email archiving are discussed, along with key considerations when choosing and deploying an email archiving solution. TitanHQ will talk about the benefits of cloud-based email archiving, the features archiving solutions should include, and why email archiving is now a necessity for all organizations, especially those in heavily regulated industries such as healthcare. Topics include:  Why is email archiving necessary? Why you need a robust search capability, using a dedicated archiving tool The difference between archiving and backups How email archiving can deliver rapid archive search and security while reducing email management cost. The do’s and don’ts of email archiving Types of email archival architectures Email archiving for Office 365, Google Apps, Exchange ArcTitan email archiving Date : Wednesday, June 26th, 2019 Time: 11:00-11:30 AM CDT     Duration: 30 minutes Sign up to the Webinar here.

Read More
TitanHQ Launches New ‘TitanShield’ Partner Program
Jun14

TitanHQ Launches New ‘TitanShield’ Partner Program

This year marks TitanHQ’s 20th anniversary and coinciding with this landmark year the Galway, IE-based cybersecurity firm has launched a new partner program called TitanShield. The TitanShield partner program extends the company’s previous program and includes tailored and enhanced support to better meet the needs of all TitanHQ partners:  MSPs, Resellers, Cloud Distributors, Wi-Fi Providers, OEM partners and Technology Alliance Partners. The past few years have seen TitanHQ enjoy tremendous growth, in particular within the MSP, OEM and service provider communities. In the past 9 months alone, TitanHQ has expanded its partner base by 40%. Through the new TitanShield program, TitanHQ will provide additional sales and technical resources, marketing support, sales enablement, and flexible pricing models to meet the needs of MSPs and strategic partners. Partners will be assigned a dedicated account manager and will have access to engineers and the full support team. Through the program, partners have access to TitanHQ’s core solutions: SpamTitan email security; WebTitan web security;...

Read More
Siemens Healthineers Products Vulnerable to Microsoft BlueKeep Wormable Flaw
May29

Siemens Healthineers Products Vulnerable to Microsoft BlueKeep Wormable Flaw

Six security advisories have been issued covering Siemens Healthineers products. The flaws have been assigned a CVSS v3 score of 9.8 and concern the recently announced Microsoft BlueKeep RDS flaw – CVE-2019-0708. CVE-2019-0708 is a remotely exploitable flaw that requires no user interaction to exploit. An attacker could exploit the flaw and gain full control of a vulnerable device by sending specially crafted requests to Remote Desktop Services on a vulnerable device via RDP. The flaw is wormable and can be exploited to spread malware to all vulnerable devices on a network in a similar fashion to the WannaCry attacks of 2017. The severity of the vulnerability prompted Microsoft to issue patches for all vulnerable operating systems, including unsupported Windows versions which are still used in many healthcare and industrial facilities. The flaw affects Windows 2003, Windows XP, Windows 7, Windows Server 2008 and Windows Server 2008 R2. If the patch cannot be applied, RDP should be disabled, port 3389 should be blocked at the firewall, and Network Level Authentication (NLA) should...

Read More
Multi-State Action Results in $900,000 Financial Penalty for Medical Informatics Engineering
May28

Multi-State Action Results in $900,000 Financial Penalty for Medical Informatics Engineering

Medical Informatics Engineering (MIE) is required to pay a financial penalty of $900,000 to resolve a multi-state action over HIPAA violations related to a breach of 3.9 million records in 2015. The announcement comes just a few days after the HHS’ Office for Civil Rights settled its HIPAA violation case with MIE for $100,000. MIE licenses a web-based electronic health record application called WebChart and its subsidiary, NoMoreClipboard (NMC), provides patient portal and personal health record services to healthcare providers that allow patients to access and manage their health information. By providing those services, MIE and NMC are business associates and are required to comply with HIPAA Rules. Between May 7 and May 26 2015, hackers gained access to a server containing data related to its NMC service.  Names, addresses, usernames, passwords, and sensitive health information were potentially accessed and stolen. A lawsuit was filed in December 2018 alleging MIE and NMC had violated state laws and several HIPAA provisions. 16 state attorneys general were named as plaintiffs in...

Read More
Symantec Named Leader in Enterprise Email Security in Q2 2019 Forrester Wave Report
May28

Symantec Named Leader in Enterprise Email Security in Q2 2019 Forrester Wave Report

Symantec has been positioned as a Leader in Enterprise Email Security in the Q2 2019 Forrester Wave Report. Forrester is an independent research firm that assesses companies and their products based on strategy, market presence, and performance across 32 evaluation criteria. The results of the assessments are represented graphically, based on the strength of the current offering and each company’s strategy. Each is assigned to one of four categories: Challenger, Contender, Strong Performer, or Leader. For the latest Forrester Wave Report on Enterprise Email Security, the products of 12 security vendors were assessed: Barracuda, Cisco, Clearswift, Forcepoint, Microsoft, Mimecast, Proofpoint, Retarus, Sophos, Symantec, Trend Micro, and Zix. Each solution was researched and analyzed and given a score to determine the effectiveness of the solutions at reducing and manage security risk. Symantec scored highest out of all 12 products tested as part of the latest Enterprise Email Security report. Customers rated Symantec highly for customer support and ease of use, with Forrester praising...

Read More
HHS Confirms When HIPAA Fines Can be Issued to Business Associates
May27

HHS Confirms When HIPAA Fines Can be Issued to Business Associates

Since the Department of Health and Human Services implemented the requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 in the 2013 Omnibus Final Rule, business associates of HIPAA covered entities can be directly fined for violations of HIPAA Rules. On May 24, 2019, to clear up confusion about business associate liability for HIPAA violations, the HHS’ Office for Civil Rights clarified exactly what HIPAA violations could result in a financial penalty for a business associate. Business associates of HIPAA Covered entities can only be held directly liable for the requirements and prohibitions of the HIPAA Rules detailed below. OCR does not have the authority to issue financial penalties to business associates for any aspect of HIPAA noncompliance not detailed on the list.   You can download the HHS Fact Sheet on direct liability of business associates on this link. Penalties for HIPAA Violations by Business Associates The HITECH Act called for an increase in financial penalties for noncompliance with HIPAA Rules. In 2009, the...

Read More
Vulnerabilities Identified in Siemens Sinamics Perfect Harmony Drives and Scalance Access Points
May17

Vulnerabilities Identified in Siemens Sinamics Perfect Harmony Drives and Scalance Access Points

Siemens has discovered several high-severity vulnerabilities and one critical vulnerability in the Scalance W1750D direct access point. The vulnerabilities can be exploited remotely and require a low level of skill to exploit. If exploited, an attacker could gain access to the W1750D device and execute arbitrary code within its underlying operating system, gain access to sensitive information, perform administrative actions on the device, and expose session cookies for an administrative session. The vulnerabilities are present in all versions prior to 8.4.0.1 CVE-2018-7084 is a critical command injection vulnerability in the web interface that could allow arbitrary system commands to be performed within the underlying operating system. If exploited, files could be copied, the configuration could be read, the device could be rebooted, and files could be written or deleted.  The vulnerability has been assigned a CVSSv3 base score of 9.8 out of 10. CVE-2019-7083 is a high-severity information exposure vulnerability that could allow an attacker to access core dumps of previously...

Read More
Sarah Shillington Appointed as TigerConnect SVP of Client Success
May16

Sarah Shillington Appointed as TigerConnect SVP of Client Success

TigerConnect, the leading clinical communications and collaboration (CC&C) solution provider, has appointed Sarah Shillington as Senior Vice President of Client Success. Shillington has more than 25 years of experience in Healthcare IT and has worked at several large-scale, global enterprises overseeing client organizations and leading client services, most recently at Leidos Health. At Leidos Health, Shillington led consulting advisory services and strategic partnerships and spent 19 years at McKeeson running the company’s education program, clinical consulting, and account management and teams. She also has extensive experience as a health educator from her time at the University of Wisconsin and Humboldt State University and holds a bachelor’s degree from North Central College and a masters in Education Administration and Health from Northwest Missouri State University. “We are entering an era in healthcare technology where the problems that need to be solved are highly complex,” stated Brad Brooks, CEO and co-founder of TigerConnect. “Sarah brings a deep reservoir of...

Read More
Cisco Umbrella Pricing
May15

Cisco Umbrella Pricing

A DNS filter is an important part of an organization’s malware and anti-phishing defenses. In this post we cover Cisco Umbrella, a popular DNS filter, and look at Cisco Umbrella pricing to help you decide whether this is the right solution for your organization. What is Cisco Umbrella? Cisco Umbrella, the new name for OpenDNS, is a DNS filter that allows healthcare organizations to block web-based threats and carefully control the types of web content that can be accessed by employees and guest users. A DNS filter is also an important element of layered cybersecurity defenses, as it prevents network users from accessing dangerous web content and downloading potentially malicious files. Importantly for healthcare organizations, a DNS filter provides an additional layer of protection against phishing attacks by blocking attempts to access phishing webpages via hyperlinks in emails. The solution includes 80+ categories of website which can be allowed or blocked based on the organization’s acceptable internet usage policies. Blacklists and whitelists are supported, which block or allow...

Read More
DHS Issues Security Best Practices to Mitigate Risks Associated with Office 365 Migrations
May14

DHS Issues Security Best Practices to Mitigate Risks Associated with Office 365 Migrations

Body: The DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has issued a new analysis report highlighting some of the common risks and vulnerabilities associated with transitioning from on-premise mail services to cloud-based services such as Microsoft Office 365. The report details best practices to adopt to manage risks and prevent user and mailbox compromises. Many healthcare organizations have realized the benefits of transitioning to cloud-based email services yet lack the in-house expertise to manage their migrations. Many have used third-party service providers to migrate their email services to Office 365. CISA notes that use of third parties to manage Office 365 migrations has led to an increase in security incidents. Over the past 6 months, CISA has had several engagements with customers who have used third-party service providers to manage their migrations and discovered a range of different Office 365 configurations that lowered organization’s security posture and left them vulnerable to phishing and other cyberattacks. CISA notes that the majority of those...

Read More
TrueVault Launches TrueVault Atlas Cloud
May05

TrueVault Launches TrueVault Atlas Cloud

TrueVault has announced it has launched a new cloud-based version of TrueVault Atlas, the self-managed solution that generates automatic alerts when personal data is moved to a location where it should not be saved. TrueVault Atlas also includes automation tools to allow companies to automatically rectify issues with personal data, including erasing or exporting that data to prevent any compliance issues. This is possible because TrueVault Atlas continuously indexes data in a range of different third-party systems such as SalesForce, Gmail, and databases such as MySQL and Postgres. All data is catalogued, allowing it to be quickly located when needed. Companies can therefore be certain that they know all locations where data is saved at all times. This is particularly important for any company that is required to comply with the EU General Data Protection Regulation. It ensures that if an EU citizen requests a copy of their personal data or exercises their right to be forgotten, all copies of that data can be quickly and easily found, and requests can be processed quickly. The...

Read More
TitanHQ Releases Webtitan Cloud 4.12
May01

TitanHQ Releases Webtitan Cloud 4.12

TitanHQ has announced the release of a new version of its DNS filtering solution, WebTitan Cloud. Along with a range of updates to ensure the continued smooth running of the platform, TitanHQ has introduced a new feature in WebTitan Cloud v4.12: Location based policies. Location-based policies give organizations the flexibility to apply filtering controls and enforce acceptable internet usage polices on a per location basis. The new feature allows internet filtering policies to be set by location for each user, whether they are on or off the network. Should an employee attempt to visit a website that is not permitted by their policy, a customizable block page will be presented. The solution also supports cloud keys, which allow a specific user to bypass Internet controls for a finite period of time. Search functionality has also been improved in WebTitan Cloud v4.12. A search option has been added to the history page, which allows searches to be performed by location with autocomplete. This gives administrators the ability to see traffic at a specific location, at a specific time,...

Read More
Vulnerability Identified in Philips Tasy EMR
May01

Vulnerability Identified in Philips Tasy EMR

A vulnerability has been identified in the Philips Tasy EMR information system. If exploited, an attacker could send unexpected information to the system, execute arbitrary code, alter information flow, and gain access to patient information. The flaw was identified by security researcher Rafael Honorato who reported the vulnerability to Philips, which reported the flaw to the National Cybersecurity and Communications Integration Center. An advisory about the vulnerability was issued by ICS-CERT on April 30, 2019. The vulnerability – CVE-2019-6562 – is present in Tasy EMR versions 3.02.174 and earlier, and mostly affects healthcare providers in Brazil and Mexico. The vulnerability has not been exploited in wild and no public exploits have been identified. The cross-site scripting vulnerability is caused by improper neutralization of user-controllable input during web page generation. The vulnerability requires a low level of skill to exploit by an individual on the customer site or connecting via a VPN. Despite the potential for information exposure, the vulnerability...

Read More
Critical Vulnerability Identified in Fujifilm Computed Radiography Cassette Readers
Apr24

Critical Vulnerability Identified in Fujifilm Computed Radiography Cassette Readers

Two vulnerabilities have been identified in Fujifilm computed radiography cassette readers. If exploited, an attacker could gain access to the operating system, execute arbitrary code, render the devices inoperable, alter functionality, and cause image loss. The vulnerabilities are present in the following Fujifilm computed radiography cassette readers: CR-IR 357 FCR Capsula X CR-IR 357 FCR Carbon X CR-IR 357 FCR XC-2 The most serious vulnerability – CVE-2019-10950 – is due to improper access controls on telnet services. A remote attacker with a relatively low level of skill could exploit the vulnerability to gain access to the operating system and remotely execute code and affect the functionality of the device. The vulnerability has been assigned a CVSS v3 base score of 9.8 out of 10. The second vulnerability – CVE-2019-10948 – is due to uncontrolled resource consumption. An overflow of TCP packets could be caused in a denial of service (DoS) attack. If exploited, a DoS attack could render the device in operable and would require a reboot to restore functionality. The...

Read More
Online Tech Rebrands as Otava
Apr22

Online Tech Rebrands as Otava

The web hosting company Online Tech has announced it has rebranded as Otava. The company claims the new name better reflects its staff, partnerships, vision, and commitment to providing exceptional hosting services. Online Tech started life in 1994 and initially provided regional dial up internet services. The company then moved into data hosting and colocation services and was one of the first web hosting providers to offer a HIPAA-compliant hosting service for healthcare organizations in the United States. While the name Online Tech has served the company well for 25 years, the company has recently been enjoying a period of sustained growth and has expanded its operations globally and developed a range of new services, helped by investment from Schurz Communications in February 2018 and the acquisition of the cloud infrastructure assets of Neverfail in December 2018. The name change was required to better reflect the company’s vision and position as both a channel-ready partner and a provider of enterprise-ready cloud solutions. The new company name has two meanings. It means to...

Read More
CRN Names Atlantic.Net 2019 Tech Elite Solution Provider
Apr18

CRN Names Atlantic.Net 2019 Tech Elite Solution Provider

CRN, a brand of The Channel Company, has included HIPAA-compliant hosting solution provider Atlantic.Net in its 2019 Tech Elite 250 list. CRN produces the list each year to honor a very select group of companies in North America who have achieved the highest level and greatest number of certifications from the world’s leading technology suppliers, scaled to the size of the company. In today’s rapidly evolving technology landscape, cloud service companies need to constantly develop new solutions to meet the needs of their clients. To do that, they need to be aware of changing trends and have expert technical knowledge of a broad range of platforms. Companies that possess a broad and extensive knowledge are recognized each year by CRN in its Tech Elite 250 list. CRN assesses the technical knowledge of companies by the level of their technical certifications and the number of advanced technical certifications the companies have earned from the industry’s leading technology providers such as Amazon, VMware, Dell, HPE, Oracle, and Cisco. Inclusion in the Tech Elite 250 list demonstrates...

Read More
SpamTitan Rated Top Email Security Gateway in G2 Crowd Report
Apr14

SpamTitan Rated Top Email Security Gateway in G2 Crowd Report

Every quarter, G2 Crowd, an independent business software review platform, publishes the G2 Crowd Grids and accompanying reports which contain a definitive ranking of best software companies and products across a wide range of different categories. G2 Crowd is used by business leaders to make better purchasing decisions. The platform contains more than half a million user reviews and the site receives more than 1.5 million visitors a month. More than 60,000 software products have been reviewed on the platform. In contrast to many business software review sites, G2 Crowd reviews are submitted by verified users of the software. Those reviews are amalgamated by G2 Crowd and each software company is ranked. The leaders in each field are then assigned a place on the G2 Crowd Grids. In the Spring 2019 G2 Crowd Grid Spring report, TitanHQ’s SpamTitan was named the leading product in the email security gateway category ahead of Mimecast, Proofpoint, Cisco, Barracuda, and SolarWinds. The solution was consistently rated above average by users in all areas; Ease of use; quality of support,...

Read More
AWS Chief Technology Officer Allays Fears about Cloud Security and Talks about the Huge Potential of Alexa Voice Technology
Apr12

AWS Chief Technology Officer Allays Fears about Cloud Security and Talks about the Huge Potential of Alexa Voice Technology

Amazon Web Services’ chief technology officer, Werner Vogels, has been dispelling security myths about cloud computing at the Dublin Tech Summit in Ireland this week. Concerns have been raised about the security of data stored in the cloud, especially following the discovery that 540 million Facebook records had been exposed on AWS: One of several high-profile data breaches that have involved AWS-stored data in the past 12 months. Fears About Compliance and the Cloud Companies required to comply with General Data Protection Regulation (GDPR) must ensure that the personal data of EU citizens is secured and kept private and confidential. Since GDPR came into effect on May 25, 2018, the potential penalties for data exposures have increased significantly. It is therefore understandable that companies are concerned about storing data in the cloud rather than on-premise infrastructure that they feel better able to secure. Germany’s federal commissioner, Ulrich Kelber, spoke before Vogels at the Tech Summit and voiced his concerns about American cloud storage providers, stating that they...

Read More
Study Reveals How Well Consumers Feel Health Data is Protected
Apr11

Study Reveals How Well Consumers Feel Health Data is Protected

The results of a study on healthcare cybersecurity from the perspective of consumers has recently been published by cybersecurity firm Morphisec. More than 1,000 consumers were surveyed to obtain their opinions on healthcare cybersecurity, the healthcare threat landscape, how their personal health information is being targeted, and how well they feel their health information is protected. The transition from paper records to electronic health records has improved efficiency and allows health information to be shared more easily, but vulnerabilities have been introduced that can be exploited by hackers. Morphisec notes that cyberattacks on the healthcare industry occur at more than double the rate of attacks on other industry sectors. The volume of attacks and frequency that they are reported in the media undoubtedly affects how secure consumers believe their health records are. Since 2009, more than 190 million healthcare records have been exposed or stolen, which is equivalent to 59% of the population of the United States, yet when consumers were asked if their providers have...

Read More
Amazon Announces 6 New HIPAA Compliant Alexa Skills
Apr05

Amazon Announces 6 New HIPAA Compliant Alexa Skills

Six new HIPAA compliant Alexa skills have been launched by Amazon that allow protected health information to be transmitted without violating HIPAA Rules. The new HIPAA compliant Alexa skills were developed by six different companies that have participated in the Amazon Alexa healthcare program. The new skills allow patients to schedule appointments, find urgent care centers, receive updates from their care providers, access their latest blood sugar reading, and check the status of their prescriptions. This is not the first time that Alexa skills have been developed, but a stumbling block has been the requirements of the HIPAA Privacy Rule, which limit the use of voice technology with protected health information. Now, thanks to HIPAA compliant data transfers, the voice assistant can now be used by a select group of healthcare organizations to communicate PHI without violating the HIPAA Privacy Rule.  You can read more about the issues related to virtual assistants and HIPAA compliance here. Amazon has stated that it plans to work with many other developers through an invite-only...

Read More
Webinar: April 4, 2019: Email Security, DMARC, and Sandboxing
Apr04

Webinar: April 4, 2019: Email Security, DMARC, and Sandboxing

The healthcare industry is particularly vulnerable to phishing attacks and successful attacks commonly result in significant data breaches. It is now something of a rarity for a week to pass without a healthcare phishing attack being reported. While healthcare organizations are providing security awareness training to staff and are using email security solutions, those defenses are not always effective. To improve understanding of why advanced attacks are managing to evade detection by traditional email security solutions, email security solution provider TitanHQ is hosting a webinar. During the webinar TitanHQ will explain about the threat from phishing and how organizations can protect themselves and their customers/patients. The webinar will also explain how two new features of TitanHQ’s SpamTitan email security solution – DMARC authentication and sandboxing – can protect against advanced email threats, zero-day attacks, malware, phishing, and spoofing. Webinar Details: Date : Thursday, April 4th, 2019 Time: 12pm EST Duration: 30 minutes Sign up to the Webinar here....

Read More
Amazon Launches New System for De-identifying Medical Images
Apr02

Amazon Launches New System for De-identifying Medical Images

Amazon has announced that it has developed a new system that allows identifying protected health information contained in medical images to be automatically removed to prevent patients from being identified from the images. Medical images often have patients’ protected health information stored as text within the image, including the patient’s name, date of birth, age, and other metrics. Prior to the images being used for research, authorization must be obtained from the patient or all identifying data must be permanently removed.  Removing PHI from images requires a manual check and alteration of the image to redact the PHI and that can be an expensive and time-consuming process, especially when large number of images must be de-identified. The new system uses Amazon’s Rekognition machine-learning service, which can detect and extract text from images. The text is then fed through Amazon Comprehend Medical to identify any PHI. In combination with Python code it is possible to quickly redact any PHI in the images. The system works on PNG, JPEG, and DICOM images. A confidence score...

Read More
Concerns Raised About the Sharing of Health Data with Non-HIPAA Covered Entities via Apps and Consumer Devices
Mar27

Concerns Raised About the Sharing of Health Data with Non-HIPAA Covered Entities via Apps and Consumer Devices

Earlier this month, the eHealth Initiative Foundation and Manatt Health issued a brief that calls for the introduction of a values framework to better protect health information collected, stored, and used by organizations that are not required by law to comply with Health Insurance Portability and Accountability Act (HIPAA) Rules. Health information is increasingly being collected by a wide range of apps and consumer devices. In many cases, the types of data collected by these apps and devices are the same as those collected and used by healthcare organizations. While healthcare organizations are required to implement safeguards to ensure the confidentiality, integrity, and availability of health information and uses and disclosures of that information are restricted, the same rules do not cover the data if the information is collected by other entities. It doesn’t matter what type of organization stores or uses the data. If that information is exposed it can cause considerable harm, yet this is currently something of a gray area that current regulations do not cover properly. At...

Read More
Critical Vulnerability Affects Medtronic CareLink Monitors, Programmers, and ICDs
Mar22

Critical Vulnerability Affects Medtronic CareLink Monitors, Programmers, and ICDs

Two vulnerabilities have been identified in the Conexus telemetry protocol used by Medtronic MyCarelink monitors, CareLink monitors, CareLink 2090 programmers, and 17 implanted cardiac devices. Both vulnerabilities require a low level of skill to exploit, although adjacent access to a vulnerable device would be required to exploit either vulnerability. The most serious vulnerability, rated critical, is a lack of authentication and authorization controls in the Conexus telemetry protocol which would allow an attacker with adjacent short-range access to a vulnerable device to inject, replay, modify, and/or intercept data within the telemetry communication when the product’s radio is turned on. An attacker could potentially change memory in a vulnerable implanted cardiac device which could affect the functionality of the device. The vulnerability is being tracked as CVE-2019-6538 and has been assigned a CVSS v3 base score of 9.3. A second, medium severity vulnerability concerns the transmission of sensitive information in cleartext. Since the Conexus telemetry protocol does not use...

Read More
Is DocuSign HIPAA Compliant?
Mar19

Is DocuSign HIPAA Compliant?

Can DocuSign be used by healthcare organizations in connection with electronic protected health information (ePHI) without violating HIPAA Rules? Is DocuSign HIPAA compliant? DocuSign is a San Francisco-based provider of electronic signature technology and transaction management services. Via DocuSign, companies can send documents such as contracts to customers and business associates and obtain their electronic signatures to confirm that they have read the document and agree to any terms and conditions contained therein. In healthcare, eSignature services can streamline administrative tasks and save many hours of chasing up paperwork. The DocuSign solution can be used by healthcare providers for a range of different purposes, including obtaining eSignatures on SLAs, business associate agreements, credentialing forms, and patient consent forms. However, if the service is used in connection with any electronic protected health information, DocuSign would be classed as a business associate. HIPAA requires all business associates to enter into a HIPAA-compliant business associate...

Read More
Is Calendly HIPAA Compliant?
Mar14

Is Calendly HIPAA Compliant?

Calendly is a popular tool that is used by many businesses to schedule meetings and appointments, but can Calendly be used by healthcare organizations? Is Calendly HIPAA compliant? Businesses can waste a considerable amount of time scheduling appointments and meetings. Lengthy email exchanges and phone tag are commonplace. Calendly aims to eliminate the time wasted attempting to connect with others and the platform can reduce no-show rates through automated email and text reminders. The solution integrates with Google Calendar, iCloud calendar, Office 365, Salesforce, and GoToMeeting and other popular software platforms and can also be integrated directly into business websites to allow customers to schedule appointments directly. The platform is used by healthcare organizations for scheduling internal meetings, but in order to use Calendly with any electronic protected health information, healthcare organizations would first need to enter into a HIPAA-compliant business associate agreement with Calendly. Is Calendly HIPAA Compliant? Calendly explains on its website that the...

Read More
Is Evernote HIPAA Compliant?
Mar14

Is Evernote HIPAA Compliant?

Evernote is a useful cloud-based service that allows users to take notes, create to do lists, plan projects, and collaborate with teams, but is Evernote HIPAA compliant? Can Evernote be used in healthcare by physicians and other healthcare professionals without violating HIPAA Rules? Evernote serves as an easily accessible repository for a wide range of information, including documents, audio files, images, and video files. One of the key features of Evernote which makes it so useful is the ability to automatically synch files and notes across multiple devices. Evernote is available as a free app or a paid service for businesses and does incorporate access controls and security features such as single sign-on (SSO) and two-factor authentication to prevent unauthorized use of the applications.  Evernote stores data on the Google Cloud platform, which can be HIPAA compliant. Encryption is also supported by Evernote for Mac and Evernote for Windows Desktop. In-note encryption uses an AES 128-bit key. Evernote is designed to make data sharing as easy as possible, which should raise a...

Read More
Is Google Keep HIPAA Compliant?
Mar13

Is Google Keep HIPAA Compliant?

Google Keep is a cloud-based note taking application that allows notes to be shared across multiple devices, but is Google Keep HIPAA compliant? Can Google Keep be used in healthcare without violating HIPAA Rules? Many healthcare professionals would like to use an electronic note taking app but are concerned about potential HIPAA violations. These services are certainly useful and can help to improve efficiency. If you are looking for a HIPAA compliant note application, Google Keep is a natural choice. Google offers many products that can be used in healthcare and Google does offer a business associate agreement to healthcare organizations. Google Keep allows notes to be taken which can be accessed on multiple devices, and these can include voice notes, photos, and other files. Information that is added to Google Keep can be accessed across multiple devices via Google Drive. Google Drive is part of G Suite (formerly Google Apps) and Google Drive is covered by Google’s BAA. Is Google Keep HIPAA Compliant? If you use the paid version of G Suite and you have a BAA with Google, Google...

Read More
Sandboxing and DMARC Authentication Added to SpamTitan to Improve Email Threat Detection
Mar13

Sandboxing and DMARC Authentication Added to SpamTitan to Improve Email Threat Detection

Despite increased investment in cybersecurity, healthcare organizations still struggle to protect against advanced phishing threats and email impersonation attacks. Detection of new malware threats can also be a major challenge for small to medium sized healthcare organizations and managed service providers. To better serve the healthcare market and improve protection against sophisticated phishing attacks and zero-day malware, TitanHQ has announced it has added two new features to its SpamTitan spam filtering solution: DMARC email authentication and sandboxing. Due to the increase in email impersonation attacks, the Department of Homeland Security issued a binding operational directive in 2017 that required all executive branch agencies to fully adopt Domain-based Message Authentication, Reporting and Conformance (DMARC) to protect against email impersonation attacks and domain spoofing. DMARC authentication has now been incorporated into SpamTitan to improve detection of domain spoofing phishing attacks and prevent these phishing emails from reaching end users’ inboxes. New...

Read More
RackSpace Named Leader in Gartner’s 2019 Magic Quadrant for Public Cloud Infrastructure Professional and Managed Services
Mar13

RackSpace Named Leader in Gartner’s 2019 Magic Quadrant for Public Cloud Infrastructure Professional and Managed Services

Rackspace has been named a leader in Gartner’s 2019 Magic Quadrant for Public Cloud Infrastructure Professional and Managed Services, Worldwide, achieving the second highest score for ability to execute out of 19 companies in the Magic Quadrant assessment. This is the third consecutive year that the company has been positioned in the leader’s quadrant. The Magic Quadrants are graphical representations of companies based on the completeness of their vision and their ability to execute that vision. High scores in both areas see companies named as a Leader in the field. Low scores in both see firms categorized as Niche Players, a high score for completeness of vision and a low score for ability to execute sees firms classed as Visionaries, and a high score for ability to execute and a low score for completeness of vision sees them categorized as Challengers. The high score for completeness of vision is due to Rackspace constantly assessing the requirements of its customers and developing new services to meet those needs. The company develops comprehensive IT roadmaps, guidance on...

Read More
HIPAA Compliant Online Forms
Mar12

HIPAA Compliant Online Forms

Web forms offer healthcare organizations an easy way to digitally collect information from patients, but care must be taken not to violate HIPAA Rules. To collect any health data, HIPAA compliant online forms must be used. HIPAA Compliant Online Forms Must be Used for Collecting Health Information The HIPAA Privacy and Security Rules requires all HIPAA-covered entities and business associates to implement a range of safeguards to ensure the confidentiality, integrity, and availability of protected health information. Online forms are not specifically mentioned in the HIPAA text, but the Privacy and Security Rules do apply to online forms. Large healthcare organizations are more likely to have in-house staff with the skills to create forms that comply with HIPAA Rules, but many covered entities take advantage of the convenience of third-party webform solutions. There are many companies that offer HIPAA compliant online forms software that allows forms to be quickly spun up and used for a wide range of purposes such as onboarding new patients, obtaining consent, collecting payments,...

Read More
Is Return Path HIPAA Compliant?
Mar11

Is Return Path HIPAA Compliant?

Return Path is an email marketing and optimization platform that allows businesses to automate and analyze their email marketing campaigns but is Return Path HIPAA compliant? Can the email marketing platform be used by healthcare organizations without violating HIPAA Rules? Sending Marketing Emails to Patients and Health Plan Members Before any healthcare organization can use an email service for sending marketing emails that contain electronic protected health information (ePHI) they must first: Obtain consent from patients/plan members to receive marketing communications Ensure that the service provider has appropriate security controls to protect the confidentiality of ePHI stored by or used by the platform Ensure that ePHI can be uploaded to the platform securely without placing the information at risk of compromise Enter into a HIPAA-compliant business associate agreement (BAA) with the service provider Marketing messages are not included in the HIPAA Privacy Rule’s TPO definition. Consent must be obtained in writing from patients/members before ePHI can be used for marketing...

Read More
Is Mandrill HIPAA Compliant?
Mar08

Is Mandrill HIPAA Compliant?

Is Mandrill HIPAA compliant? Can MailChimp’s transactional email service be used by healthcare organizations without violating HIPAA Rules? Use of Mandrill by Healthcare Organizations Mandrill is a transactional email offering from MailChimp, the leading automated email marketing platform. Mandrill allows businesses to automatically send emails to customers and individuals that interact with their web apps and connects to MailChimp via an API. Transactional emails differ from marketing emails in that they are programmed to be triggered by events such as password resets, confirmation of placement of orders, welcome messages, and sending receipts. In contrast to marketing emails, which require an opt-in from patients/plan members under HIPAA Rules, in most cases, transactional emails do not. That does not mean that there are no HIPAA issues for healthcare organizations that are considering using Mandrill. Any email service used by a healthcare organization that requires electronic protected health information (ePHI) to be uploaded would have to have privacy and security safeguards...

Read More
Is Marketo HIPAA Compliant?
Mar07

Is Marketo HIPAA Compliant?

Marketo is a marketing automation solution for lead management and email marketing that was recently acquired by Adobe. Can Marketo be used by healthcare organizations in connection with ePHI? Is Marketo HIPAA compliant? Healthcare Marketing Healthcare organizations looking for a marketing automation platform need to ensure the platform provider complies with HIPAA regulations if the platform is to be used in connection with electronic protected health information. Healthcare organizations can use marketing automation platforms for a range of purposes without having to enter into a business associate agreement (BAA) with the solution provider, but if the solution is to be used with ePHI, a BAA is essential. HIPAA places restrictions on uses and disclosures of ePHI by HIPAA covered entities. ePHI can be used and disclosed for the purposes of providing treatment, in relation to payment for healthcare, or for healthcare operations (TPO) without having to obtain authorization from patients. Other uses and disclosures, which include marketing, require authorizations from patients. HIPAA...

Read More
TigerConnect and Call Scheduler Integration Simplifies Care Coordination
Mar06

TigerConnect and Call Scheduler Integration Simplifies Care Coordination

Call Scheduler has announced that its healthcare physician scheduling software has been fulling integrated with the secure messaging platform TigerConnect. TigerConnect is the largest provider of clinical communications solutions in the United States. The company’s HIPAA-compliant secure messaging platform has been adopted by 5,000 healthcare organizations and the platform now processes more than 10 million messages a day. Call Scheduler is a collection of scheduling tools that help medical practices manage on-call and daily work schedules and serves as a single source of truth for on-call information for hospitals and advanced practice providers. Call Scheduler is accessed by physicians through a web browser. The new integration with TigerConnect allows physicians to communicate with each other quickly, easily, and securely via text message, voice call, or video call from their web browser or smartphone. There is no need to switch to a pager or make a call. The TigerConnect platform is accessible through Call Scheduler. All contact information can be found through the platform and...

Read More
Is SparkPost HIPAA Compliant?
Mar06

Is SparkPost HIPAA Compliant?

SparkPost is a popular email delivery and analytics platform that is used by many enterprises to communicate with customers, but can SparkPost be used by healthcare organizations in connection with electronic protected health information (ePHI)? Is SparkPost HIPAA compliant? HIPAA Compliant Email Solutions for Healthcare Organizations As part of our series of posts assessing software solutions and cloud services for their suitability for use by healthcare organizations required to comply with HIPAA Rules, we have assessed SparkPost to determine whether the company supports HIPAA compliance and whether its platform can be used in a HIPAA compliant manner. SparkPost is the leading worldwide email delivery and analytics platform and is used to send 37% of all business-to consumer emails. The email solution caters to organizations of all sizes and delivers powerful analytics. The platform incorporates a range of security measures, including anti-phishing controls to reduce the risk of email impersonation attacks and the company has achieved SOC 2 Type 2 certification. For healthcare...

Read More
Is JotForm HIPAA Compliant?
Mar05

Is JotForm HIPAA Compliant?

JotForm is a software solution for creating online forms. Can JotForm be used by healthcare organizations to collect patient information? Is JotForm HIPAA compliant? HIPAA Compliant Forms on Websites HIPAA covered entities can use online forms to collect a wide range of information from patients. Online forms are useful for registering new patients, obtaining consent, conducting customer surveys, and taking payments. Web forms streamline data collection, allow patient information to be sent to EHRs or other internal systems quickly and efficiently, and they can improve the patient experience. HIPAA covered entities that have the resources can create online forms manually; however, those that lack staff with the necessary skills or have to create large numbers of forms will benefit from using online form software to speed up the process of creating online forms. While form software can be used for all the above purposes, if the forms are used to collect protected health information, the software provider will be considered a business associate under HIPAA Rules. Consequently, prior...

Read More
Cofense Vision Launched: Accelerated Phishing Threat Detection and Remediation
Mar04

Cofense Vision Launched: Accelerated Phishing Threat Detection and Remediation

Cofense has announced the general availability of Cofense Vision: An alert system that provides real-time visibility into current, unreported phishing threats and accelerates detection and remediation. Phishing defenses should naturally include email gateway controls to block threats before they are delivered to inboxes, but no solution will provide total protection. It is inevitable that some phishing emails will be delivered to end users, even with multiple anti-phishing solutions in place. Training is essential to ensure those threats are recognized by employees, but given the sophistication of today’s phishing threats, some employees are sure to respond. Cofense Vision is a new solution that helps security operation center (SOC) and incident response (IR) teams to identify all instances of phishing messages in their email system and deal with those threats with greater speed and efficiency. The solution works in tandem with Cofense Triage, a solution that allows first responders to prioritize and understand reported phishing threats. An analysis of more than 2 million...

Read More
TrueVault Releases New Solution to Automate GDPR Management
Mar04

TrueVault Releases New Solution to Automate GDPR Management

TrueVault Atlas is a new solution that has been developed to help organizations manage and automate daily GDPR tasks to ease the GDPR compliance burden. The EU’s General Data Protection Regulation (GDPR) introduced a wide range of requirements to improve privacy and security of the ‘personal data’ of citizens of the European Union and European Economic Area. GDPR applies to all entities that collect or process the personal data of EU citizens, not only those based in the EU. GDPR afforded certain rights to EU citizens to give them greater control over their personal data, such as the right to see what data has been collected on them and the right to stop the processing of all of their personal data and have that information erased. Compliance with GDPR comes with a significant administrative burden, which TrueVault’s new solution, TrueVault Atlas, was developed to ease by automating the management of personal data and data access/erasure requests. TrueVault Atlas creates an inventory of all GDPR-covered personal data across an organization’s internal and third-party systems –...

Read More
Is Postmark HIPAA Compliant?
Mar02

Is Postmark HIPAA Compliant?

Postmark is a transactional email service used by many companies to send activation emails, e-receipts, password reset messages, but can the service be used by healthcare organizations? Is Postmark HIPAA compliant? When new users sign up for a service, register to receive reports, or reset the passwords on their accounts, they want to receive emails instantly. Delayed emails often result in support calls or emails that staff have to deal with, which can take them away from other important tasks. It is therefore advantageous to use a reliable, automated service to send transactional emails instantly. Healthcare organizations can benefit from using such a service, but there are potential issues. HIPAA covered entities need to ensure that any email platform used is compliant with HIPAA Rules. If transactional emails include any electronic protected health information (ePHI), the email service provider would be considered a business associate. Safeguards would need to be incorporated into the platform to protect any ePHI from unauthorized access to the standards stipulated in the HIPAA...

Read More
Is Constant Contact HIPAA Compliant?
Mar01

Is Constant Contact HIPAA Compliant?

Massachusetts-based Constant Contact has developed an online and email marketing solution that makes it easy to keep in touch with customers and send out newsletters and marketing messages, but can Constant Contact be used by HIPAA-covered entities? Is Constant Contact HIPAA compliant? Sending Marketing Emails Containing ePHI The HIPAA Privacy Rule does not prohibit HIPAA-covered entities from sending marketing emails, but before marketing messages can be sent, patients/plan members must give their authorization to receive those communications. Provided authorizations have been received in advance, marketing emails can be sent without violating the HIPAA Privacy Rule. In order to improve efficiency, an email marketing solution may be considered, but HIPAA -covered entities need to exercise caution. Not all email marketing platforms have the necessary safeguards to meet the requirements of the HIPAA Security Rule, and some that do still cannot be used as the service provider is not prepared to enter into a business associate agreement with healthcare organizations. Uploading any...

Read More
Cyren Recognized with Gold Cybersecurity Excellence Award for Email Security
Mar01

Cyren Recognized with Gold Cybersecurity Excellence Award for Email Security

Cyren Email Security has been recognized in the 2019 Cybersecurity Excellence Awards, collecting a gold award in the email security category. The Cybersecurity Excellence Awards were set up to recognize and reward the leading vendors in the cybersecurity space. To be considered for an award, a company or individual must demonstrate excellence in leadership in information security and a high level of innovation. Cyren’s secure email gateway solution is offered as a cloud-based service that protects businesses from the full range of email-based threats. This is the second consecutive year that the company’s email security SaaS offering achieved top spot, and the third year in a row that the company has scooped a Cybersecurity Excellence Award, having placed in the top three in the 2017 awards in the anti-malware category. This year Cyren faced stiff competition but finished ahead of 6 other finalists in the email security category. Cyren Email Security offers an additional layer of security for Office 365 environments and other corporate email systems. The solution includes...

Read More
Cofense Phishing Simulation Solution Enhanced with Responsive Delivery Option
Feb28

Cofense Phishing Simulation Solution Enhanced with Responsive Delivery Option

Each month, many healthcare organizations discover their employees’ inboxes have been compromised and the attackers have potentially gained access to patient health information. Phishing is the number one cyberthreat faced by healthcare organizations and phishing attacks are increasing in both frequency and complexity. Training employees how to recognize phishing and other email threats is essential, not only to prevent costly data breaches but also for HIPAA compliance. Providing training is only one element of improving human phishing defenses. It is also important to ensure that training has been taken on board by employees. The easiest way to do that and assess susceptibility and resilience to phishing attacks is through phishing simulations. Simulated phishing emails mirror real-world phishing emails and allow IT teams to find out which individuals are most susceptible to phishing attacks. Failed phishing simulations can be turned into a training opportunity. One problem faced by IT teams is making sure that phishing simulation emails are sent at the right time when they are...

Read More
TigerConnect Announces New Partnership and integration with OpenTempo
Feb20

TigerConnect Announces New Partnership and integration with OpenTempo

TigerConnect, the leading provider of clinical communications solutions in the United States, has announced a new partnership and system integration with OpenTempo. OpenTempo is a leading physician scheduling and clinical labor analytics platform. The platform provides powerful analytics and productivity tracking tools that help healthcare providers optimize physician scheduling, improve efficiency, and increase clinician satisfaction by providing greater transparency into their work assignments. The partnership with TigerConect has seen the company’s HIPAA-compliant text, voice, and video communications solution integrated into the OpenTempo platform. Customers that sign up to both OpenTempo and TigerConnect can use TigerConnect to send role-based and individual text messages and initiate video and voice calls without leaving the OpenTempo platform. The integration sees designated roles in TigerConnect paired with OpenTempo, which makes it much easier to track down on-call physicians and also eliminates the need for whiteboards and printed schedules. The TigerConnect platform can...

Read More
KLAS Rates Lua Leading Post-Acute Secure Messaging Solution
Feb14

KLAS Rates Lua Leading Post-Acute Secure Messaging Solution

KLAS Research has given Lua Technologies’ HIPAA-compliant secure communications platform a score of 94 out of 100 in its 2018 Secure Communication Decision Insights Report. Lua was the highest scoring post-acute secure messaging solution and was recognized for the overall quality of the product, the value provided, and the performance of its secure communications platform. Lua developed its communications platform to meet the needs of a diverse range of healthcare professionals and help them communicate more effectively. The platform helps healthcare providers improve patient outcomes by ensuring healthcare employees can communicate quickly, easily, and efficiently with patients and all members of the care team. The platform incorporates privacy and security features to meet HIPAA requirements and allows protected health information to be shared quickly, easily, and securely with authorized individuals and ensures seamless communications across multiple devices and platforms to enhance mobile workflows in healthcare. “We are thrilled by the KLAS Research assessment of our...

Read More
TigerConnect Announces TigerTouch Patient Communication Solution
Feb10

TigerConnect Announces TigerTouch Patient Communication Solution

TigerConnect has announced a series of enhancements to its clinical communications and collaboration (CC&C) platform ahead of the 2019 Healthcare Information and Management Systems Society (HIMSS) Symposium event in Orlando, Florida, This is far from a routine update of the CC&C platform. Several major updates are soon to be rolled out, including the addition of TigerTouch: A communications solution that allows healthcare professionals to communicate directly with patients by text, voice, or video calls in a secure, HIPAA-compliant manner. The new Tigerconnect feature was developed in response to requests from healthcare providers already using the Tigerconnect platform. Large healthcare systems had expressed interest in brining patients into the care conversation and requested a solution from Tigerconnect to help engage patients on their mobile devices. According to Tigerconnect, healthcare providers that adopt the platform and give their physicians, nurses, case managers, and home health caregivers a quick, easy, and secure method of communicating with patients will...

Read More
Liquid Web’s Managed Dedicated Servers Upgraded with Intel Xeon Scalable Processors
Feb08

Liquid Web’s Managed Dedicated Servers Upgraded with Intel Xeon Scalable Processors

The Lansing, MI-based managed hosting company Liquid Web has announced it has completed an upgrade of its Dedicated Servers, which now feature the latest Intel Xeon Scalable processors. The technology upgrades have seen the latest Intel Xeon E3-1230 v6, Intel Xeon Silver 4108, and Intel Xeon Gold 6130 processors implemented, which will help to ensure customers that have signed up to its Managed Dedicated Server offerings benefit from enhanced speed, greater reliability, and improved security. “This new Intel Xeon Scalable technology provides workload-optimized performance, improved hardware security, and serious processing power that our customers require for their mission-critical sites, applications, and databases,” explained Melanie Purkis, Liquid Web’s Director of Managed Hosting Products. The Dedicated Servers include DDoS protection, advanced security, and a built-in backup disk as standard. The servers are housed in Liquid Web’s wholly-owned data centers, which are staffed round the clock by highly skilled engineers who provide 24/7/365 support by phone or online chat....

Read More
EHR Vendor False Claims Act Violation Case Settled for $57.25 Million
Feb07

EHR Vendor False Claims Act Violation Case Settled for $57.25 Million

The Tampa, FL-based electronic health record (EHR) software developer Greenway Health LLC has agreed to settle violations of the False Claims Act with the Department of Justice for $57.25 million. The case concerns Greenway Health’s EHR product Prime Suite. The DOJ alleged that by misrepresenting the capabilities of the product, users submitted false claims to the U.S. government. Further, Greenway Health was alleged to have provided unlawful remuneration to users to induce them to recommend the EHR product to other healthcare providers. The U.S. government provided incentives to healthcare organizations to encourage them to transition to EHRs from paper records through the Meaningful Use program. Most healthcare providers have now made the change and now rely on EHR systems to support the healthcare decision process. It is therefore essential that EHR products allow patient health information to be recorded and transmitted accurately. In order for healthcare providers to qualify for Meaningful Use payments, they must only use EHR products that have been certified as meeting...

Read More
Online Tech Acquired by Schurz Communications Inc.
Feb06

Online Tech Acquired by Schurz Communications Inc.

The Ann Arbor, MI-based HIPAA-compliant hybrid cloud provider, Online Tech, has been acquired by Mishawaka, IN-based Schurz Communications Inc. Schurz Communications is primarily an information company which owns three broadband companies, and has newspaper and digital media operations that produce 11 daily newspapers and 7 weeklies along with a range of niche publications. Online Tech is a leading cloud provider that also offers colocation, data protection, and data recovery services. Online Tech has been in business for around 25 years and currently serves almost 500 clients, predominantly in the Midwest. The company has seven data centers and offers a range of managed services, including disaster recovery-as-a-service, data protection-as-a-service, and managed Microsoft Azure deployments. The firm provides enterprise-class infrastructure to mid-market companies and has a strong focus on security and compliance and was one of the first companies to offer a HIPAA-compliant cloud platform to healthcare organizations. The independent merchant banking and advisory firm, Moorgate...

Read More
Vulnerabilities Identified in IDenticard PremiSys Access Control System
Feb04

Vulnerabilities Identified in IDenticard PremiSys Access Control System

ICS-CERT has issued an alert about three high severity vulnerabilities in the IDenticard PremiSys access control system. All versions of PremiSys software prior to version 4.1 are affected by the vulnerabilities. Successful exploitation of the vulnerabilities could result in full access being gained to the system with administrative privileges, theft of sensitive information contained in backups, and access being gained to credentials. The vulnerabilities could be exploited remotely and require a low level of skill to exploit. Details of the vulnerabilities have been publicly disclosed. The highest severity vulnerability CVE-2019-3906 concerns hard-coded credentials which allow full admin access to the PremiSys WCF Service endpoint. If successfully exploited, and attacker could obtain full access to the system with administrative privileges. The vulnerability has been assigned a CVSS v3 base score of 8.8. User credentials and other sensitive information stored in the system are encrypted; however, a weak method of encryption has been used which could potentially be cracked...

Read More
Connectria Announces New Partnership with Spinnaker Support
Feb01

Connectria Announces New Partnership with Spinnaker Support

partnership with Spinnaker Support, a leading provider of SAP and Oracle third-party support. Connectria provides cloud hosting and production-ready solutions for the cloud including Windows, Linux, IBM i, IBM AIX, Office 365, clouds running VMware or Hyper-V, HIPAA-compliant cloud solutions, and managed public AWS and Azure clouds. Spinnaker Support is a leading provider of support and maintenance for SAP/Oracle alongside application managed services, technology managed services, and consulting services. The company is one of the leading global providers of support for SAP/Oracle and helps customers save money on their annual maintenance fees. The two companies formed a new strategic partnership to cater to the growing number of organizations that are migrating their on-premise applications to the cloud. “Our services enable cloud migration by providing savings that can fund cloud initiatives, more time to choose the best migration strategy, and software support skillsets required today while organizations re-tool their staffs for tomorrow,” said Kurt Moydell, Senior Vice...

Read More
Patches Released to Mitigate KRACK Vulnerabilities Affecting Stryker Medical Beds
Jan30

Patches Released to Mitigate KRACK Vulnerabilities Affecting Stryker Medical Beds

Stryker has identified nine vulnerabilities that affect some of its Medical Beds. The vulnerabilities could potentially be exploited in a man-in-the-middle attack by an attacker within radio range of vulnerable product to replay, decrypt, or spoof frames. The vulnerabilities are present in the four-way handshake used by WPA and WPA2 wireless security protocols which allow nonce reuse in Key Reinstallation (KRACK) attacks. Similar vulnerabilities have been identified in a wide range of wireless devices. The nine vulnerabilities are summarized below: CVE-2017-13077: Reinstallation of pairwise key in the four-way handshake. CVE-2017-13078: Reinstallation of group key in the four-way handshake. CVE-2017-13079: Reinstallation of Integrity Group Temporal Key in the four-way handshake. CVE-2017-13080: Reinstallation of group key in the group key handshake. CVE-2017-13081: Reinstallation of Integrity Group Temporal Key in the group key handshake. CVE-2017-13082: Reinstallation of Pairwise Transient Key Temporal Key in the fast BSS transmission handshake. CVE-2017-13086: Reinstallation of...

Read More
Vulnerability Identified in BD FACSLyric Flow Cytometry Solution
Jan30

Vulnerability Identified in BD FACSLyric Flow Cytometry Solution

Becton, Dickinson and Company (BD) has identified an improper access control vulnerability in its BD FACSLyric flow cytometry solution. If the flaw is exploited, an attacker could gain access to administrative level privileges on a vulnerable workstation and execute commands. The vulnerability requires a low level of skill to exploit. BD extensively tests its software for potential vulnerabilities and promptly corrects flaws. BD is currently taking steps to mitigate the vulnerability for all users of vulnerable FACSLyric flow cytometry solutions. The flaw (CVE-2019-6517) is due to improper enforcement of user access control for privileged accounts. It has been given a CVSS v3 base score of 6.8 – Medium severity. BD self-reported the vulnerability to the National Cybersecurity & Communications Integration Center (NCCIC). The vulnerability is present in the following cytometry solutions: BD FACSLyric Research Use Only, Windows 10 Professional Operating System, U.S. and Malaysian Releases (Nov 2017 and Nov 2018) The U.S. release of BD FACSLyric IVD Windows 10 Professional...

Read More
Liquid Web Announces New Partnership with VMware
Jan30

Liquid Web Announces New Partnership with VMware

Liquid Web, the Lansing, MI-based managed hosting and managed application service provider, has formed a new partnership with VMware and has launched a new VMware and NetApp powered managed private cloud to its customers. Many SMBs want the flexibility, scalability, and fast provisioning offered by public clouds, but the security, performance, and high availability that comes with a private cloud, which is necessary in highly regulated industries such as healthcare for mission-critical applications, disaster recovery, and compliance. Liquid Web’s VMware Private Cloud gives them the advantages of both. The new managed private cloud offering allows customers to provision multiple virtual machines through a single cluster of physical servers which support both Windows and Linux VMs that can be run concurrently on the same hardware. “Today’s customers are not only looking for security and flexibility with a private cloud but also the management that frees them up to focus on their business,” said Melanie Purkis, Liquid Web’s Director of Managed Hosting Products. “Managed hosting and...

Read More
iland Secure Cloud Console Receives a Major Upgrade
Jan25

iland Secure Cloud Console Receives a Major Upgrade

The secure cloud service provider iland has announced its Secure Cloud Console has received a major upgrade and now includes full integration with Veeam data protection solutions. iland is a two-time winner of a Veeam Innovation Award (2018/2019), was Veeam Impact Cloud & Service Provider Partner of the Year for North America in 2015 and 2017, and is currently the only cloud service provider to offer integration with the full suite of Veeam solutions through a single management console. Following the release of Veeam Availability Suite 9.5 Update 4, iland customers can manage, monitor, and report on cloud backups, disaster recovery services, and long-term data archiving through a single pane of glass. The Veeam integration is only part of an extensive number of updates to the Secure Cloud Console. iland has also improved visibility of historical usage, performance, and billing, and together with full self-service management capabilities, customers can configure and automate disaster recovery, thoroughly self-test disaster recovery strategies and failover, and request additional...

Read More
New Report Reveals Spiraling Cost of Cyberattacks
Jan23

New Report Reveals Spiraling Cost of Cyberattacks

A new report from Radware has provided insights into the threat landscape in 2018 and the spiraling cost of cyberattacks. The report shows there has been a 52% increase in the cost of cyberattacks on businesses in since 2017. For the report, Radware surveyed 790 managers, network engineers, security engineers, CIOs, CISOs, and other professionals in organizations around the globe. Respondents to the survey were asked about the issues they have faced preparing for and mitigating cyberattacks and the estimated cost of those attacks. The 2018 Threat Landscape 93% of surveyed firms said they had experienced a cyberattack in the past 12 months. The biggest threat globally was ransomware and other extortion-based attacks, which accounted for 51% of all attacks. In 2017, 60% of cyberattacks involved ransoms. The reduction has been attributed to cybercriminals switching from ransomware to cryptocurrency mining malware. Political attacks and hacktivism accounted for 31% of attacks, down from 34% in 2017. The motive behind 31% of attacks was unknown, which demonstrates that attackers are now...

Read More
Vulnerabilities Identified in Dräger Infinity Delta Patient Monitors
Jan23

Vulnerabilities Identified in Dräger Infinity Delta Patient Monitors

The U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Team (US-CERT) has issued an advisory about three vulnerabilities affecting Dräger Infinity Delta patient monitoring devices. The flaws affect all versions of Infinity Delta, Delta XL, Kappa, and infinity Explorer C700 patient monitoring devices. The flaws could lead to the disclosure of sensitive information stored in device logs, be leveraged to conduct Denial of Service (DoS) attacks, or could potentially allow an attacker to gain full control of the operating system of a vulnerable device. The flaws were discovered by Marc Ruef and Rocco Gagliardi of scip AG. The vulnerabilities are detailed below, in order of severity: CVE-2018-19014 (CWE-532) – Exposure of Information in Log Files Log files are not appropriately secured and are accessible over an unauthenticated network. An attacker could gain access to device log files and view sensitive information relating to the internals of the monitor, location of the device, and its wired network configuration. The flaw has been assigned a CVSS v3 base...

Read More
Connectria Launches New Services Bringing IBM I and AIX to AWS and Azure
Jan22

Connectria Launches New Services Bringing IBM I and AIX to AWS and Azure

The St. Louis-MO-based cloud services provider Connectria has launched four new services to help businesses running IBM i and AIX workloads to quickly and safely move to the cloud and run workloads on Amazon Web Services (AWS) and Microsoft Azure. Connectria already provides businesses running IBM Power Systems with industry-leading IBM i Cloud and IBM AIX Cloud services, but the new services will allow them to safely move all their data center workloads to the cloud, including their legacy applications. The new services have been created to make it as easy as possible for businesses to safely and securely migrate to the cloud. The new services – IBM i For AWS, IBM AIX For AWS, IBM i For Azure, & IBM AIX For Azure – include full data migration and planning services, risk mitigation, and comprehensive managed services and security to ensure reliability and security for customers’ cloud environments. “Our customers want the flexibility to run the right workloads in the right clouds, but without sacrificing security, compliance, performance, or costs.  Our new solutions make...

Read More
Life Lua Wins Fierce Biotech Innovation Award
Dec16

Life Lua Wins Fierce Biotech Innovation Award

Life Lua, the developer of a HIPAA-compliant web and mobile access technology platform, has been named winner of a 2018 Fierce Innovation Award, Life Sciences Edition, in the Digital Health Solutions Category. Each year, Fierce Biotech recognizes companies that have gone the extra mile and are conducting leading-edge work in the field of health and biotechnology. On December 13, 2018, Rebecca Willumson, publisher of Fierce Biotech, confirmed Life Lua Technologies had been named category winner. Life Lua Technologies, a subsidiary of Life Biosciences Inc, has developed a mobile-first communications platform for the healthcare industry that allows healthcare professionals to communicate efficiently and effectively, no matter where they are located. The platform supports voice and video calls, file sharing, and promotes collaboration with all members of the care team to ensure the best possible care can be provided to patients. The platform also incorporates leading security protections to ensure all protected health information collected, maintained, stored, or transmitted through...

Read More
Online Tech Acquires Neverfail Cloud Assets, Infrastructure, and Cloud Nodes
Dec08

Online Tech Acquires Neverfail Cloud Assets, Infrastructure, and Cloud Nodes

Online Tech, a provider of HIPAA-compliant hybrid and multi-cloud solutions, has officially acquired the IaaS, data protection assets, and cloud nodes of the Austin, TX-based IT services provider Neverfail for an undisclosed sum. The deal has seen Online Tech significantly expand its global footprint and now offer additional cloud nodes in Texas, Nevada, Virginia, the United Kingdom, and Australia. The additional assets will help Online Tech better serve direct customers while its channel program has been developed further and is expected to bring in tens of thousands of new end users. The enhanced channel program includes a partner-centric private cloud, dedicated sales and marketing resources, products that have been custom-built to meet the needs of partners, and a zero-conflict channel promise. Online Tech was already offering multi-cloud solutions, colocation services, data protection, and a range of compliance, security, and managed services to its customers. The acquisition has allowed Online Tech to expand its services further to include several additional products such as...

Read More
Atlantic.Net Partnership with Veeam Enhances Data Availability
Dec06

Atlantic.Net Partnership with Veeam Enhances Data Availability

Atlantic.Net, the leading provider of HIPAA-compliant hosting to the healthcare industry, has announced it has entered into a new partnership with Veeam Software. Veeam specializes in providing Intelligent Data Management for the Hyper-Available Enterprise. Businesses are now heavily reliant on data. Without access to critical data, businesses grind to a halt. Even in the event of a natural disaster or cyberattack, systems must be rapidly brought back online, applications restarted, and all data recovered in the shortest possible time frame. Through the new partnership, Atlantic.Net customers will have access to Veeam-powered data protection and data recovery and availability solutions, which can be easily integrated into their business and disaster recovery strategies. The Veeam Availability Suite ensures hyper-availability for all workloads, whether virtual or physical, and all are managed through a single management console. In the event of disaster. Veeam combines replication and backup in a single solution and ensures applications and data can always be recovered. “In addition...

Read More
Vulnerabilities Identified in Roche Point of Care Handheld Medical Devices
Nov08

Vulnerabilities Identified in Roche Point of Care Handheld Medical Devices

ICS-CERT has issued an advisory concerning five vulnerabilities that have been identified in Roche Point of Care handheld medical devices. Four vulnerabilities are high risk and one has been rated medium risk. Successful exploitation of the vulnerabilities could allow an unauthorized individual to gain access to the vulnerable devices, modify system settings to alter device functionality, and execute arbitrary code. The vulnerabilities affect the following Roche Point of Care handheld medical devices. Accu-Chek Inform II (except Accu-Chek Inform II Base Unit Light and Accu-Chek Inform II Base Unit NEW with Software 04.00.00 or later) CoaguChek Pro II CoaguChek XS Plus & XS Pro Cobas h 232 POC Including the related base units (BU), base unit hubs and handheld base units (HBU). CVE-2018-18564 is an improper access control vulnerability. An attacker in the adjacent network could execute arbitrary code on the system using a specially crafted message. The vulnerability is rated high severity and has been assigned a CVSS v3 base score of 8.3. The vulnerability is present in:...

Read More
Z Services Expands Partnership with TitanHQ to Provide New Cybersecurity Service
Nov08

Z Services Expands Partnership with TitanHQ to Provide New Cybersecurity Service

The United Arab Emirates-based managed security services provider, Z Services, has expanded its relationship with TitanHQ and will be offering further TitanHQ cybersecurity solutions to its customers to protect them from web-based threats and meet compliance requirements. Earlier in 2018, Z Services partnered with TitanHQ and started offering its clients a new spam filtering solution – Z Services Anti-Spam SaaS – which was powered by TitanHQ’s spam filtering technology. The new service has proven to be a tremendous success and is helping Z Services’ clients block email-based threats such as spam, phishing emails, malware, and ransomware to keep their networks secure. The success of the new service prompted Z Services to start offering two new TitanHQ-powered solutions to its clients: A web filtering SaaS offering powered by WebTitan and a new email archiving service powered by ArcTitan. Both solutions have been combined into the Z Services MERALE solution which is focused on SMEs. MERALE offers SMEs enhanced protection against Internet threats and helps SMEs improve productivity by...

Read More
TitanHQ Chosen to Provide Wi-Fi Filtering Service to Leading Satellite Provider
Nov01

TitanHQ Chosen to Provide Wi-Fi Filtering Service to Leading Satellite Provider

The leading satellite operator, Eutelsat, has chosen TitanHQ’s WebTitan Cloud for Wi-Fi to secure its Wi-Fi networks and create at safe and secure environment for employees and guests to access the Internet. Eutelsat is one of the world’s largest satellite operators. Through its fleet of satellites Eutelsat offers organizations, businesses, and governments video, data, and broadband services. Eutelsat has global coverage and serves more than 150 countries throughout Europe, the Middle East, and Africa. Eutelsat has offices in 44 countries and employs more than 1,000 operational, commercial, and technical professionals. To meet the needs of its workforce and provide Internet access to guests, Eutelsat has deployed Wi-Fi access points throughout its offices. To ensure the Internet can be accessed safely and securely by all users, Eutelsat needed to deploy a Wi-Fi security solution that was capable of preventing its Wi-Fi users from visiting malicious websites such as phishing web pages and sites hosting exploit kits. Eutelsat also needed to enforce its acceptable Internet usage...

Read More
Atlantic.Net Awarded TMC 2018 Cloud Computing Security Excellence Award
Oct18

Atlantic.Net Awarded TMC 2018 Cloud Computing Security Excellence Award

Atlantic.Net, a leading provider of HIPAA-compliant hosting solutions and associated managed services, has been honored in this year’s TMC’s 2018 Cloud Computing Security Excellence Awards. TMC is an integrated media company that helps global buyers make the right purchasing decisions through the company’s content-driven marketplaces, education efforts, and live events. Each year, TMC recognizes the leading cloud computing companies and issues Excellence Awards to companies that have gone the extra mile and developed cutting edge cloud security services and solutions that offer exceptional protection from an ever-growing number of cybersecurity threats. “Today, the Internet is challenged by an ever-growing number of cyber security threats – including viruses, malware, DDoS, ransomware and more,” said Marty Puranik, CEO of Atlantic.Net.  “Here at Atlantic.Net we pride ourselves on keeping our clients’ data and infrastructure protected to help ensure privacy, security, and compliance.” In addition to its HIPAA-compliant hosting and HIPAA data storage services for the healthcare...

Read More
Webinar: TitanHQ and Datto Networking Discuss Enhanced Web Content Filtering
Oct17

Webinar: TitanHQ and Datto Networking Discuss Enhanced Web Content Filtering

Earlier this year, spam and web filtering solution provider TitanHQ partnered with Datto Networking, the leading provider of MSP-delivered IT solutions to SMBs. The new partnership has allowed Datto to enhance security on the Datto Networking Appliance with enterprise-grade web filtering technology supplied by TitanHQ. The new web filtering functionality allows users of the appliance to carefully control the web content that can be accessed by employees and guests and provides superior protection against the full range of web-based threats. TitanHQ and Datto Networking will be holding a webinar that will include an overview of the solution along with a deep dive into the new web filtering functionality. Webinar Details: Datto Networking & Titan HQ Deliver Enhanced Web Content Filtering Date: Thursday, October 18th Time: 11AM ET | 8AM PT | 4PM GMT/BST Speakers: John Tippett, VP, Datto Networking Andy Katz, Network Solutions Engineer Rocco Donnino, EVP of Strategic Alliances, TitanHQ Click here to register for the...

Read More
FDA Issues Warning About Flaws in Medtronic Implantable Cardiac Device Programmers
Oct16

FDA Issues Warning About Flaws in Medtronic Implantable Cardiac Device Programmers

The U.S. Food and Drug Administration (FDA) has issued a warning about vulnerabilities in certain Medtronic implantable cardiac device programmers which could potentially be exploited by hackers to change the functionality of the programmer during implantation or follow up visits. Approximately 34,000 vulnerable programmers are currently in use. The programmers are used by physicians to obtain performance data, to check the status of the battery, and to reprogram the settings on Medtronic cardiac implantable electrophysiology devices (CIEDs) such as pacemakers, implantable defibrillators, cardiac resynchronization devices, and insertable cardiac monitors. The flaws are present in Medtronic CareLink 2090 and CareLink Encore 29901 programmers, specifically how the devices connect with the Medtronic Software Distribution Network (SDN) over the internet. The connection is required to download software updates for the programmer and firmware updates for Medtronic CIEDs. While a virtual private network (VPN) is used to establish a connection between the programmers and the Medtronic SDN,...

Read More
Most Common Healthcare Phishing Emails Identified
Oct16

Most Common Healthcare Phishing Emails Identified

A new report by Cofense has revealed the most common healthcare phishing emails and which messages are most likely to attract a click. The 2018 Cofense State of Phishing Defense Report provides insights into susceptibility, resiliency, and responses to phishing attacks, highlights how serious the threat from phishing has become, and how leading companies are managing risk. The high cost of phishing has been highlighted this week with the announcement of a settlement between the HHS’ Office for Civil Rights and Anthem Inc. The $16 million settlement resolved violations of HIPAA Rules that led to Anthem’s 78.8 million record data breach of 2015. That cyberattack started with spear phishing emails. In addition to the considerable cost of breach remediation, Anthem also settled a class action lawsuit related to the breach for $115 million. Even an average sized breach now costs $3.86 million to resolve (Ponemon/IBM Security, 2018). Previous Cofense research suggests that 91% of all data breaches start with a phishing email and research by Verizon suggests 92% of malware infections...

Read More
Vulnerabilities Identified in PeerVue Web Server, Carestream Vue RIS and Siemens Healthcare Products
Oct10

Vulnerabilities Identified in PeerVue Web Server, Carestream Vue RIS and Siemens Healthcare Products

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued five advisories in the past week about vulnerabilities discovered in equipment used by healthcare organizations in the United States. Change Healthcare PeerVue Web Server A vulnerability (CVE-2018-10624) has been identified in the Change Healthcare PeerVue Web Server which could allow an attacker to gain information about the web server that would enable it to be targeted in a cyberattack. The vulnerability only requires a low level of skill to exploit by an attacker on an adjacent network. The vulnerability exposes information through an error message. The flaw was discovered by security researcher Dan Regalado of Zingbox and has been assigned a CVSS v3 base score of 4.3. Change Healthcare took rapid action to address the vulnerability and a patch has now been issued. Users should contact Change Healthcare if they are running PeerVue Web Server 7.6.2 or earlier for information about installing the patch. Carestream Vue RIS A remotely exploitable vulnerability...

Read More
Atlantic.Net Included in November 2017 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations
Oct06

Atlantic.Net Included in November 2017 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations

HIPAA-compliant hosting company Atlantic.Net has been recognized by Gartner in its November 2017 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations. The Market Guide is produced by Gartner Research to help CIOs at Healthcare Delivery Organizations gain a better understanding of the rapidly evolving cloud market and helps them identify notable cloud vendors. The Market Guide explains how the cloud is now a well-established option for healthcare delivery organizations, what security solutions are required for HIPAA compliance, and the key cloud services that will help make the organization’s cloud journey a success. Atlantic.Net is an Orlando, FL-based provider of HIPAA-compliant hosting, cloud hosting, and managed cloud services to the healthcare industry. Established in 1994, the company has grown into a market leader with state-of-the-art data centers throughout the United States and beyond. Atlantic.Net has recently just opened its 7th U.S. data center in Ashburn, VA, through which the full range of cloud and hosting services are now being provided....

Read More
Lua Acquired by Life Biosciences Inc.
Oct03

Lua Acquired by Life Biosciences Inc.

Boston-based Life Biosciences Inc. has announced it has acquired the mobile communications platform developer Lua. The move is part of the company’s plan to create a proprietary artificial intelligence (AI) platform which will help to accelerate research for new therapies, technologies, and pharmaceutical products to tackle age-related decline (ARD). Biosciences Inc. will use Lua’s technology as the basis for a platform that allows comprehensive analyses of study data to be performed more quickly. The technology will also help to integrate scientific studies conducted at each of its daughter companies into a universal life Biosciences system more rapidly. Lua was formed in 2010 with the aim of developing a mobile-first communications platform for use in healthcare to improve patient outcomes by removing the barriers to communication between providers and patients. The communications platform includes a secure text messaging solution, supports voice and video calls, and allows files and medical images to be shared quickly and securely with all members of the care team. The...

Read More
Healthcare Industry Highly Susceptible to Phishing Attacks and Lags Other Industries for Phishing Resiliency
Oct02

Healthcare Industry Highly Susceptible to Phishing Attacks and Lags Other Industries for Phishing Resiliency

The healthcare industry is extensively targeted by phishers who frequently gain access to healthcare data stored in email accounts. In some cases, those email accounts contain considerable volumes of highly sensitive protected health information. Phishing is one of the leading causes of healthcare data breaches. In August 2018, Augusta University Healthcare System announced that it was the victim of a phishing attack that saw multiple email accounts compromised. The breached email accounts contained the PHI of 417,000 patients. The incident stood out due to the number of individuals impacted by the breach, but it was just one of several healthcare organizations to fall victim to phishing attacks in August. Data from the HHS’ Office for Civil Rights shows email is the most common location of breached PHI. In July, 14 healthcare data breaches out of 28 involved email, compared to 6 network server PHI breaches – The second most common location of breached PHI. It was a similar story in May and June with 9 and 11 email breaches reported respectively. Cofense Research Shows Healthcare...

Read More
JotForm Announces Enterprise Version of its Encrypted HIPAA Forms Software
Sep20

JotForm Announces Enterprise Version of its Encrypted HIPAA Forms Software

Jotform has announced that it has released an enterprise version of its HIPAA forms software to allow large healthcare organizations to collect and manage data more efficiently. JotForm is a leading developer of online form software and has more than four million users worldwide. The company’s software solution has been adopted by many enterprises for creating a wide range of data collection forms, although up until now, they were required to use multiple accounts within the same organization. In order to centralize and simplify data collection, the company developed a product to specifically meet the needs of enterprises. Enterprise users can now manage all of their data through a single umbrella account. JotForm Enterprise has no submission limits nor restrictions on the number of forms that can be created and used. The solution includes custom domains for forms, white-labeling for branding purposes, and a suite of management tools. Earlier in 2018, JotForm announced that it is now a HIPAA forms software provider and will sign business associate agreements with healthcare...

Read More
ICS-CERT Issues Advisory After Nine Vulnerabilities Discovered in Philips E-Alert Units
Sep03

ICS-CERT Issues Advisory After Nine Vulnerabilities Discovered in Philips E-Alert Units

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a further advisory about Philips healthcare devices after nine vulnerabilities were self-reported to the National Cybersecurity & Communications Integration Center (NCCIC) by the Amsterdam-based technology company. This is the fourth advisory issued by ICS-CERT in the past month. Previous advisories have been issued over cybersecurity vulnerabilities in its central patient monitoring system – Philips IntelliVue Information Center iX (1 vulnerability), Philips PageWriter Cardiographs (2 vulnerabilities), and Philips IntelliSpace Cardiovascular cardiac image and information management software (2 vulnerabilities). The latest advisory concerns nine vulnerabilities discovered in Philips eAlert units – These are non-medical devices that monitor imaging systems such as MRI machines to identify issues rapidly before they escalate. The devices are used by healthcare providers around the world. One of the vulnerabilities is rated critical, five are high severity,...

Read More
Critical Flaw Identified in BD Alaris Plus Medical Syringe Pumps
Aug28

Critical Flaw Identified in BD Alaris Plus Medical Syringe Pumps

A critical remotely exploitable flaw has been detected in BD Alaris Plus medical syringe pumps. The flaw would enable a threat actor to gain access to an affected medical syringe pump when it is connected to a terminal server via the serial port. If the flaw is exploited a threat actor could alter the intended function of the pump. The flaw is an improper authentication vulnerability. The software fails to perform authentication for functionality that requires a provable user identity. The flaw was identified by Elad Luz of CyberMDX who notified Becton, Dickinson and Company (BD), which in turn voluntarily reported the vulnerability to the National Cybersecurity & Communications Integration Center and the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The latter issued an advisory about the vulnerability on August 23, 2018. The vulnerability affects version 2.3.6 of Alaris Plus medical syringe pumps and prior versions, specifically the Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA products. The vulnerability has been assigned a CVSS v3 score of 9.4 out...

Read More
Warnings Issued About Vulnerabilities in Philips PageWriter Cardiographs and IntelliVue Information Center iX
Aug23

Warnings Issued About Vulnerabilities in Philips PageWriter Cardiographs and IntelliVue Information Center iX

Over the past few months, several vulnerabilities have been discovered in Philips medical devices, software and systems. This week, two further advisories have been issued by the Industrial Control Systems Cyber Emergency Team (ICS-CERT) about vulnerabilities the firm’s real-time central monitoring system, Philips IntelliVue Information Center iX, and its PageWriter cardiographs. All three of the vulnerabilities are classed as medium risk with CVSS v3 base scores ranging between 5.7 and 6.1. CVE-1999-0103 is a denial of service vulnerability that affects the Philips IntelliVue Information Center iX version B.02. The flaw was discovered by a user of the system and was reported to Philips, which in turn reported the vulnerability to the National Cybersecurity and Communications Integration Center’s (NCCIC). The vulnerability can be exploited remotely and does not require a high level of skill. If multiple initial UDP requests are made, it could compromise the availability of the device by causing the operating system to become unresponsive. The vulnerability has been assigned a...

Read More
Updates to Cofense Phishing Simulation Platform Add Even More Opportunities for Automation
Aug23

Updates to Cofense Phishing Simulation Platform Add Even More Opportunities for Automation

Cofense has announced that further updates have been made to its award-winning phishing email simulation platform, Cofense PhishMe. The updates provide even greater opportunities for automating phishing simulation campaigns to save administrators even more time. Security awareness and anti-phishing training is now an important part of healthcare organizations’ cybersecurity programs. In addition to investing in technology to block phishing and other email-based threats, end users require training. Even layered defenses will not stop all phishing threats from reaching inboxes. Without training, end users will remain the weakest link in the security chain. Phishing simulation exercises are an important part of the training process. They allow security teams to assess how effective their training programs have been and identify weak points in the training program. They also allow security teams to identify individuals who have failed to understand certain parts of the training program. While phishing simulation platforms include some opportunities for automation and scheduling,...

Read More
Atlantic.Net Launches VMware-Based Private Cloud Hosting Platform
Aug12

Atlantic.Net Launches VMware-Based Private Cloud Hosting Platform

Atlantic.Net has announced a new collaboration with the enterprise cloud computing and virtualization software giant VMware. VMware is the name behind the software that powers the digital infrastructure of millions of businesses around the world, from SMBs to large enterprises and many Fortune 500 firms. Atlantic.Net is a market-leading hosting provider that specializes in HIPAA-compliant hosting solutions for the healthcare industry and associated managed services. The collaboration has seen Atlantic.Net join the VMware Cloud Provider Program, which will allow the company to deliver a secure, high performance, ultra-flexible VMware-based private cloud hosting platform to its customers. The new platform will bring enterprise-class virtualization technology to the SMBs marketplace, which can be leveraged to improve efficiency and significantly reduce costs. “Now, at Atlantic.Net, we will be able to provide our clients with the ability to choose the best private cloud environment to meet their needs,” said Atlantic.Net Chief Executive Officer and President, Marty Puranik. “Whether...

Read More
Liquid Web Launches Protection & Remediation Services for its Managed Hosting Solutions
Aug12

Liquid Web Launches Protection & Remediation Services for its Managed Hosting Solutions

Lansing, MI-based managed hosting and managed application services provider Liquid Web has launched new Protection & Remediation Services for its Managed Hosting solutions to better protect customers from cyberattacks and help them achieve their compliance objectives. Cybersecurity is now a major concern for businesses given the increase in attacks and the high cost of remediating security incidents and data breaches. When cyberattacks succeed, identifying a breach typically takes 200 days or more. During the time that systems are compromised, sensitive data can be stolen and significant damaged can be caused. Liquid Web’s new Protection & Remediation Services have the dual purpose of hardening server and application-level defenses to make it more difficult for cyberattacks to succeed and also ensure that if defenses are breached, the attacks are identified and remediated rapidly. Liquid Web achieves this through the use of a range of preventative security tools such as web application firewalls, antivirus protection, and vulnerability scanning. These measures ensure...

Read More
Arnot Health Reduces ER Door-to-Floor Times by 36% with QliqSOFT
Aug10

Arnot Health Reduces ER Door-to-Floor Times by 36% with QliqSOFT

Arnot Health has implemented a new communications solution that has improved communication efficiency, slashed the time it takes to transfer patients from the emergency room to new units, and has improved both the level of care provided to patients and staff satisfaction. Arnot Health runs a 475-bed health system in southern New York State and constantly evaluates the healthcare services it provides to patients and searches for new opportunities to improve patient care. One area where there was considerable room for improvement was the admissions process, especially in its emergency department. “The amount of time it was taking to align all the appropriate resources was causing delays, and nobody wants to sit in an ER longer than they need to,” said Mike Connor, director of business information systems at Arnot Health. “We recognized an opportunity in the admissions process to greatly improve patient and staff satisfaction by eliminating the old school way of handling admissions and embracing a more mobile approach.” While many patients can be treated in the...

Read More
More Than 20 Serious Vulnerabilities in OpenEMR Platform Patched
Aug09

More Than 20 Serious Vulnerabilities in OpenEMR Platform Patched

OpenEMR is an open-source electronic health record management system that is used by many thousands of healthcare providers around the world. It is the leading free-to-use electronic medical record platform and is extremely popular. Around 5,000 physician offices and small healthcare providers in the United States are understood to be using OpenEMR and more than 15,000 healthcare facilities worldwide have installed the platform. Around 100 million patients have their health information stored in the database. Recently, the London-based computer research organization Project Insecurity uncovered a slew of vulnerabilities in the source code which could potentially be exploited to gain access to highly sensitive patient information, and potentially lead to the theft of all patients’ health information. The Project Insecurity team chose to investigate EMR and EHR systems due to the large number of healthcare data breaches that have been reported in recent years. OpenEMR was the natural place to start as it was the most widely used EMR system and with it being open-source, it was easy...

Read More
Vulnerabilities Discovered in Medtronic MyCareLink Patient Monitors and MiniMed Insulin Pumps
Aug08

Vulnerabilities Discovered in Medtronic MyCareLink Patient Monitors and MiniMed Insulin Pumps

An advisory has been issued by ICS-CERT about vulnerabilities in MedTronic MyCareLink Patient Monitors and the MiniMed 508 Insulin Pump. This is the second advisory to be issued about MyCareLink Patient Monitors in the past six weeks. In June, ICS-CERT issued a warning about the use of a hard-coded password (CVE-2018-8870) and an exposed dangerous method or function vulnerability (CVE-2018-8868). The latest vulnerabilities to be discovered are an insufficient verification of data authenticity flaw (CVE-2018-10626) and the storage of passwords in a recoverable format (CVE-2018-10622). The vulnerabilities are present in all versions of the Medtronic MyCareLink 24950 and 24952 Patient Monitors. If an attacker were to obtain per-product credentials from the monitor and the paired implanted cardiac device, it would be possible for invalid data to be uploaded to the Medtronic Carelink network due to insufficient verification of the authenticity of uploaded data. The vulnerability has been assigned a CVSS v3 score of 4.4 (medium severity). The way that passwords are stored could allow...

Read More
Cofense Develops New Phishing-Specific Security Orchestration, Automation and Response Platform
Jul30

Cofense Develops New Phishing-Specific Security Orchestration, Automation and Response Platform

Cofense has developed a new product which will soon be added to its portfolio of anti-phishing solutions for healthcare organizations and incorporated into its phishing-specific security orchestration, automation and response (SOAR) platform. The announcement comes at a time when the healthcare industry has been experiencing an uptick in phishing attacks. The past few months have seen a large number of healthcare organizations fall victims to phishing attacks that have resulted in cybercriminals gaining access to employee’s email accounts and the PHI contained therein. Perimeter security defenses can be enhanced to greatly reduce the number of malicious emails that reach employees’ inboxes, but even when multiple security solutions are deployed they will not block all phishing threats. Security awareness training is essential to reduce susceptibility to phishing attacks by conditioning employees to stop and think before clicking links in emails or opening questionable email attachments and to report suspicious emails to their security teams. However, security teams can struggle to...

Read More
Atlantic.Net Wins 2018 MedTech Breakthrough Award
Jul19

Atlantic.Net Wins 2018 MedTech Breakthrough Award

The MedTech Breakthrough Awards celebrate the companies and individuals in the health, fitness, and medical technology industries that are providing the best digital health and medical technology products and services for the global health and medical market. This year, more than 3,000 nominations for a prestigious MedTech Breakthrough Award were received. Nominees came from 12 countries and included some of the biggest names in healthcare technology, such as Philips, GE Healthcare, Abbott, Azalea Health, and WebMD. To be selected as an award winners with such strong competition demonstrates that a company has gone the extra mile and has developed cutting edge healthcare technology solutions that are much loved by users. The awards reflect the hard work, commitment, innovation, and successes of companies and individuals working across a range of health and medical technologies from robotics to cloud data storage. Awards are issued to individuals, products, services and companies in the categories of clinical and health administration, patient engagement, electronic health records,...

Read More
Atlantic.Net Opens New Northern Virginia Data Center Hosting Facility
Jul17

Atlantic.Net Opens New Northern Virginia Data Center Hosting Facility

Atlantic.Net has announced its new HIPAA data center hosting facility in Northern Virginia is now up and running and the company is now providing the full range of hosting services and solutions through the new facility. In response to demand for its cloud and managed services, Atlantic.Net has invested significant resources to improve its infrastructure and has embarked upon a major expansion of its data center footprint. The new Ashburn, VA data center is one in a string of new facilities that have been set up to meet the needs of the company’s rapidly growing client list. The Ashburn facility is located in Northern Virginia close to Washington D.C., and has historically been a hotbed of innovation. The new facility is protected by 24/7 manned security, state-of-the-art-security systems, biometric access controls, 2N generator power capacity, a N+2 cooling system, and the facility has been audited and has demonstrated compliance with HIPAA, HITECH, and SSAE 18 SOC1 and SOC2. The new data center joins those in New York, Dallas, Toronto, San Francisco, London, and Orlando. The...

Read More
TitanHQ Expands Executive Team with Appointment of Rocco Donnino as VP of Strategic Alliances
Jul04

TitanHQ Expands Executive Team with Appointment of Rocco Donnino as VP of Strategic Alliances

TitanHQ, the Galway, Ireland-based provider of spam filtering, web filtering, and email archiving solutions, has announced the appointment of Rocco Donnino to its executive team. TitanHQ has been experiencing impressive growth over the past three years and has doubled its staff to meet demand and provide support for its customers. To accommodate growth in the United States, TitanHQ has recently opened a new office in New York and has expanded its offices in Florida, now taking up all three floors of the Mazars Building. In the past 12 months, TitanHQ has formed new strategic partnerships with industry heavyweights such as Microsoft, Comcast, Datto, Kaseya, BitDefender, and ViaSat and now provides email and web security services to more than 7,500 businesses around the world. To help continue its impressive growth trajectory, TitanHQ has now appointed Rocco Donnino as its Executive Vice President of Strategic Alliances – a new position created to help ensure the continued expansion of the company’s strategic partnerships. Rocco Donnino has been charged with growing the firm’s...

Read More
Qcentive Controls AWS Costs & Enables Cloud Computing in Healthcare with ParkMyCloud
Jul02

Qcentive Controls AWS Costs & Enables Cloud Computing in Healthcare with ParkMyCloud

The Massachusetts-based healthcare startup Qcentive, the developer of a cloud-based platform that helps healthcare companies with the creation and management of value-based contracts, was one of the first companies authorized to move healthcare data to the cloud. The first-in-class transaction platform has been certified as HIPAA compliant and incorporates appropriate safeguards to ensure the confidentiality, integrity, and availability of ePHI. The company uploads patient and healthcare contract information to AWS, where the data are accessed by the company’s application. The platform helps its health plan clients and their value-based contracting providers analyze claims data and patient information such as emergency room visits and use the information to quickly calculate potential savings. While developing the platform, Qcentive uploaded large quantities of patient and claim data to AWS and created AWS resources as necessary, although as many companies discover, AWS costs can quickly mount up. Qcentive tried to find a way to keep its AWS costs under control, starting with...

Read More
Vulnerabilities Identified in Medtronic MyCareLink Patient Monitors
Jul02

Vulnerabilities Identified in Medtronic MyCareLink Patient Monitors

ICS-CERT has issued an advisory about two recently discovered vulnerabilities in Medtronic MyCareLink patient monitors. The devices are used by patients with implantable cardiac devices to transmit their heart rhythm data directly to their clinicians. While the devices have safeguards in place and transmit information over a secure Internet connection, the vulnerabilities could potentially be exploited by a malicious actor to gain privileged access to the operating system of the devices. The vulnerabilities – a hard-coded password vulnerability (CWE-259 / CVE-2018-8870) and an exposed dangerous method of function (CWE-749 / CVE-2018-8868) vulnerability – exist in all versions of 24950 and 24952 MyCareLink Monitors. The former has been assigned a CVSS v3 score of 6.4 and the latter a CVSS v3 score of 6.2. The vulnerabilities were discovered by security researcher Peter Morgan of Clever Security, who reported the issues to NCCCIC. Exploitation of the hard-coded password vulnerability would require physical access to the device. After removing the case, an individual could...

Read More
Online Tech Audit Confirms its Data Centers and HQ are Compliant with ISO 27001
Jun30

Online Tech Audit Confirms its Data Centers and HQ are Compliant with ISO 27001

Online Tech has announced that following a five-month process of audits by NSF International, all five data centers and its Ann Arbor, MI headquarters have been confirmed as compliant with ISO 27001. ISO 27001 sets rigorous standards for Information Security Management System (ISMS) to ensure all sensitive information is properly managed and remains secure at all times. ISO 27001 covers the implementation of the ISMS, its maintenance, and policies and procedures to ensure continuous improvements are made and high standards are maintained. ISO 27001 sets standards assessing risk, which are tailored to each organization, and in-depth risk management processes are required covering people, processes, as well as IT systems. Those risks must be managed and reduced to a low and acceptable level. In order to pass the audits and be certified as compliant, Online Tech’s ISMS was required to meet the minimum standards across 14 specific controls, which the company did without any exceptions or corrective actions at all 5 data centers and headquarters. Those controls include the information...

Read More
Acumera Partners with TitanHQ to Offer Web Filtering to Customers
Jun26

Acumera Partners with TitanHQ to Offer Web Filtering to Customers

The Galway, Ireland-based cybersecurity firm TitanHQ has announced the formation of a new partnership with the Austin, TX-based managed services provider Acumera. Acumera is a leading provider of managed network security services in the United States. Securing widely distributed networks consisting of hundreds or thousands of locations is one of the main strengths of Acumera, with the managed services provider able to meet the unique connectivity, operational, and data security challenges that these large networks create. The company offers network security, connectivity, and visibility services for a wide range of industry sectors. Acumera has been chosen by many healthcare provider networks who have chosen to outsource cybersecurity and provides network security services for drug stores, automated parking garages, and has secured the POS systems and networks of some of the best-known retailers in the United States, including 7-Eleven, Circle K, Subway, Valero service stations, Benetton, and Pluckers. One area where Acumera’s managed services required a boost was web filtering,...

Read More
Advisory Issued After 8 Vulnerabilities Discovered in Natus Xltek NeuroWorks Software
Jun21

Advisory Issued After 8 Vulnerabilities Discovered in Natus Xltek NeuroWorks Software

ICS-CERT has issued an advisory following the discovery of eight vulnerabilities in version 8 of Natus Xltek NeuroWorks software used in Natus Xltek EEG medical products. If the vulnerabilities are successfully exploited they could allow a malicious actor to crash a vulnerable device or trigger a buffer overflow condition that would allow remote code execution. All eight vulnerabilities have been assigned a CVSS v3 score above 7.0 and are rated high.  Three of the vulnerabilities – tracked as CVE-2017-2853, CVE-2017-2868, and CVE-2017-2869 – have been assigned a CVSS v3 base score of 10, the highest possible score. CVE-2017-2867 has been assigned a base score of 9.0, with the other four vulnerabilities – CVE-2017-2852, CVE-2017-2858, CVE-2017-2860, and CVE-2017-2861 – given a rating of 7.5. The vulnerabilities are a combination of stack-based buffer overflow and out-of-bounds read vulnerabilities. CVE-2017-2853 would allow an attacker to cause a buffer overflow by sending a specially crafted packet to an affected product while the product attempts to open a file requested by...

Read More
CSO Online Rates Cofense Triage One of Best Security Software Solutions of 2018
Jun15

CSO Online Rates Cofense Triage One of Best Security Software Solutions of 2018

Cofense Triage, the phishing incident response platform, has been included in CSO Online’s 2018 list of the best security software solutions of 2018. To produce the list, CSO Online conducted independent reviews of a wide range of software solutions. Strict review methodologies were used to select the best security products currently on the market. Each product was researched to find out how it worked, how the solution could be deployed in customer environments, the benefits it provided, and the major problems that the solution resolved. The review was based on the top technology areas for security identified by Gartner, which included cloud workload protection platforms, remote browsers, deception technologies, endpoint detection and response platforms, network traffic analysis solutions, managed detection and response services, microsegmentation solutions, cloud access security brokers, OSS security scanning services for DevSecOps, and container security. CSO Online tested all security solutions in a dedicated lab environment with each tested, where appropriate, against some of...

Read More
Secure Block Storage (SBS) Now Available for Atlantic.Net Cloud Servers
Jun14

Secure Block Storage (SBS) Now Available for Atlantic.Net Cloud Servers

Atlantic.Net, a leading provider of hosting and hosting services to the healthcare industry, has announced the release of Secure Block Storage (SBS) for its cloud servers. The new feature allows Atlantic.Net customers to attach additional storage drives to their cloud servers and easily scale their workloads. SMS allows customers to increase storage on the fly and move data between cloud servers. For total security, data is automatically encrypted at rest and SMS has been designed to provide 99.999% availability. To protect against data loss due to component failure, volumes are automatically replicated multiple times to ensure data can always be recovered. SBS has been developed to be highly scalable, highly redundant, easily accessible, and easy to use. SBS can be used for file, application, database, or backup storage and is available to all customers on demand. Initially, Atlantic.Net is launching SBS with an initial deal of 50GB of SMB free for one year and a rate of 7.9 cents per additional GB per month. “Here at Atlantic.Net, we remain steadfast in our commitment to...

Read More