HIPAA Archives

The Cloud: Selected Benefits, Risks, and Insurance Coverage Issues (Part 1) — Barnes & Thornburg

May 6th, 2019|Categories: HB Risk Notes|Tags: BYOC, cloud network, cloud risks, cloud security, cyber networks, cyber security, data, data breach, data cloud, data liability, data loss, data security, employee data, HIPAA, hippa, liability, secure data|

Cloud Risk: Do You Transfer Liability Along with Data? Many of us were using data clouds before we even knew what they were. Now, while most of us are comfortable with the concept, we may not be comfortable knowing who is liable when data is lost, damaged or breached. It's not a given that your cloud provider absorbs any liabilities, and it's not a given they can even afford the liability should it arise. Below are quotes from an article by Scott Godes, Kara Cleary, and Heidi Fessler of Barnes & Thornburg LLP on the subject, and a link to their complete article. Godes, Cleary, and Fessler list several cloud-related risks: data breaches, data loss, interruption of access, compromised credentials and broken authentication, and denial of service. But two other categories for concern are: #1. BYOC, or Bring Your Own Cloud. Employees may be innocently using productivity applications that store work data on non-company clouds, in effect, "bringing their own clouds" to the workplace. #2. Multi-Tenancy. This involves risks posed when unrelated cloud users are sharing the same computing resources. "Both the cloud provider and the user must be aware of system and data security to prevent a breach in the security. In addition, when a risk is realized, it may not always be clear who is at fault for the [...]

Healthcare Cyber Attacks 2017 Report from CryptoniteNXT

In boxing your trainer will tell you to keep your eyes open and your head and feet moving. After all, it's way harder to land a solid punch on a moving target. According to the Healthcare Cyber Research Report for 2017 by CryptoniteNXT the same is true for healthcare organizations. In just the ransomware category alone, they experienced an 89% increase of attacks last year. "Health care networks will remain under persistent attack by cyberattackers that target their valuable data through the use of well understood vulnerabilities," the CryptoniteNXT report reads. "It becomes imperative to deploy a comprehensive strategy both to detect and deter the sophisticated attacker moving through the network, as well as the multitudes of ransomware tools that they will deploy into 2018 and 2019." "New best practices and the technologies that support them," the report continues, "such as moving target cyber defense (MTD) and network micro-segmentation, can detect and defeat many of the attacks leveraged by vulnerabilities found in most health care networks. MTD and network level micro-segmentation technology sets can directly address the inherent weakness in TCP/IP networks. By building out a Zero Trust environment health care institutions can directly address the top vulnerability use cases that exist in their networks today. The decision to deploy moving target cyber defense and network micro-segmentation technologies shut down reconnaissance and [...]