May 12
10

Virtual & Live!

In continuing with our visibility efforts across the nation, we’re currently wrapping up our sponsorship at this week’s GRC Summit in Boston. There have been some excellent workshops and discussions, and it has been a great opportunity to further illustrate both the benefits of our data masking solution and consulting expertise

We’ve also been running a bi-weekly webinar series, with the next session scheduled for May 17th at 1:00 p.m. eastern. We hope you’ll join us:

Defending Data in Healthcare: Securing Private Information to Ensure Ironclad HIPAA Compliance

Register here!

There is an aggressive audit program in place to assess compliance with HIPAA this year. The Department of Health and Human Services (HHS) Office of Civil Rights (OCR) has already started a pilot program of 150 audits, and it plans to add even more.

Is your company ready for a compliance audit?

Join Ilker Taskaya, Data Security Architect, and Joe Santangelo, Senior Security Consultant, from data security solutions leader, Axis Technology, LLC, for a webinar that will cover critical steps for ensuring your business is protected, including:

•Non-compliance – potential consequences

•How to know exactly where your sensitive data is and identify where the real risks are

•Protecting data from external threats

•Securing data from improper internal access

•Protecting PHI when business associates are involved

•The impact of Bring Your Own Device (“BYOD”)

Title: Defending Data in Healthcare: Securing Private Information to Ensure Ironclad HIPAA Compliance
Date: Thursday, May 17, 2012
Time: 1:00 PM – 2:00 PM EDT

After registering you will receive a confirmation email containing information about joining the Webinar.

Next month we’re exhibiting at SIFMA, NY:

SIFMA brings together the shared interests of hundreds of securities firms, banks and asset managers. These companies are engaged in communities across the country to raise capital for businesses, promote job creation and lead economic growth.

We hope you’ll join us at one of our events- live or virtually!

Tags: , , , , , , ,
Posted in Clients Company News Data Masking encryption Events Uncategorized by Mike Logan. No Comments
<?php include (ABSPATH . '/wp-content/plugins/featured-content-gallery/gallery.php'); ?>

Apr 12
18

SOURCE Boston & TechForum NYC- Axis on the Move!

Last night Axis’ own data security & masking expert, Ilker Taskaya, gave a talk on best practices for secure outsourcing at the SOURCE Boston event. He offered some excellent insight, but if you missed it, don’t worry! Just send a note to us at info @ axistechnologyllc.com to ask for a copy of the presentation.

Tomorrow Axis is exhibiting at TechForum’s Security Forum in NYC. Stop by our table and learn about how DMsuite can safeguard your business’ sensitive data.

The showcasing doesn’t stop there! Next month Axis will also be exhibiting at The GRC Summit in Boston, May 8 – 10, 2012.

We hope you will join us!

Tags: , , , , ,
Posted in Breach Clients Company News Data Masking encryption Events by Mike Logan. No Comments

Apr 12
2

That’s Right- We’re Busy!

The first quarter has been quite the busy time for us at Axis, with much more to come this Spring. For starters, we’ve been pretty active with some industry events. Last week we exhibited at SecureWorld Boston, and in late February we took part in DataConnectors Jacksonville. Later this month our own data masking expert Ilker Taskaya will be speaking at SOURCE Boston:

Secure Outsourcing Success: Best Practices for Minimizing Data Risk
Ilker Taskaya, Director of Security Strategy
Tuesday, April 17, 2012- 5:30PM-6:00PM

In addition to events, we’ve also been weighing in on some important data security topics that have been making headlines:

InformationWeek- 8 Lessons From Nortel’s 10-Year Security Breach

SC Magazine- Social security risks

Another subject that is still receiving lots of attention is e-records and HIPAA. I was recently quoted in Western Pennsylvania Hospital News for a story called, “Bullet Proofing Your Online Security:”

“Healthcare costs continue to rise and many organizations want to adopt information technology to reduce those costs and improve the service they provide,” says Mike Logan, president of Boston, MA-based Axis Technology, a provider of IT consulting and data security offerings. “In the excitement to get these savings, special consideration should go to security. Addressing online security up front will prevent costly mistakes later.”

Additionally, regulatory requirements such as the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 require you to consider online security as part of your risk based compliance efforts to secure electronic protected health information (ePHI).

Online security breaches are becoming more prevalent across the board. This has directly affected the healthcare industry because they have become direct targets. Identity thieves look for systems that are insecure or using out-of-date software and attack them. Since most healthcare organizations need to use ePHI data, Logan says they must be vigilant and build in security from the start.

When it comes to the increased practice of sharing electronic records, cybercriminals are definitely an issue, among other risks. With the data privacy compliance, state laws and federal standards craze occurring now, many believe that encryption will solve the world’s data theft problems. Logan says that in reality, encrypted information is merely a puzzle that takes a little time to decode if it falls into the wrong hands.

“Additionally, it makes sharing necessary information difficult,” Logan says.

The good news is that the technology exists to protect your organization from cyber attacks. Most organizations are familiar with tools that provide perimeter security such as virus scanners. It is important to realize that just buying some software does not make you safe.

“Locking the front door doesn’t help if the back door is wide open,” says Logan. “One important thing to keep in mind is that you should reduce your risk by minimizing the number of places ePHI is stored. A well thought out approach to securing ePHI is needed.”

Understanding your current state of online security is also critical. For example, who is managing your HIPAA Security compliance program; what risk based framework are you using as part of your assessment approach; how are you protecting PHI at rest and in transit on operational systems and supporting applications; and how do you maintain vigilance over monitoring who and what has access to your environment?

The most successful solution that many companies are starting to deploy is new technologies that render data useless if a hacker or thief manages to break through perimeter security, such as data masking which manipulates data so that it’s still useable to doctors and nurses, but unable to be tied back to the individual patient. In short, if data is stolen, masked data is useless to a thief because it is out of context with no way to utilize it outside of the environment.

“By using data masking, companies do not have to disclose if there is a breach because the private data is unable to be used by thieves, therefore eliminating the risk to the patient,” says Logan. “It’s an effective measure to protect against both cyber thieves and accidental losses caused by internal mishandling.”

So, as the title of my post says, “we’re busy!” Stay tuned for more to come…

Tags: , , , , , , , ,
Posted in Company News Data Masking encryption Events Industry Uncategorized by Mike Logan. No Comments

Jan 12
30

“Celebrating” the Worst

This past Saturday was “National Data Privacy Day,” did you party? At Axis we made sure all of our closest friends and their friends had masks on. :-)

Network World’s Carolyn Duffy rounded up the worst Internet privacy scandals of all time. While there were many memorable, painful breaches in recent years, the one we definitely feel is up there among the top “worst” was last March’s HealthNet breach:

8. Patient data exposed

In March 2011, California-based insurer HealthNet announced a privacy breach for nearly 2 million of its customers, exposing their names, addresses, Social Security numbers, health and financial data. The data were unencrypted and stored on hard drives that have gone missing from contractor IBM’s data centre. A nationwide class action suit was filed against HealthNet and IBM as a result of this incident. It was HealthNet’s second big data breach in two years, having lost the Social Security numbers of 1.5 million policyholders stored on a hard drive in 2009.

HealthNet isn’t the only healthcare provider to lose private medical data or inadvertently post it online. The US Department of Health and Human Services says personal medical data for more than 11 million people have been exposed online in the last two years.

Loss of private data is continuing to plague the healthcare industry and according to a study conducted by the Poneman Institute, breaches have risen by 32 percent.

Three leading causes of data breaches in health care are lost or stolen equipment, errors by third parties and employee mistakes. In fact, sloppy mistakes by employees have led to many data breach increases, according to 41 percent of respondents.

Data breaches have cost the health care industry an average of $6.5 billion annually since 2010. With that money, the industry would have been able to hire 81,250 nurses nationwide, the Ponemon Institute reports.

This is extremely unsettling when it’s put that way. If healthcare organizatons took a simple step, they would literally eliminate costly risks that could have life-saving results. What a waste.

Tags: , , ,
Posted in Breach Data Masking encryption HIPAA Industry by Mike Logan. Comments Off

Jan 12
27

Forget Me Not?

Europe is hot in the headlines with its proposed way to significantly reduce the risks associated with storing old data: One-Size-Fits-All and Forget It!

According to ZDNet, here are a few highlights:

One regulation, less fragmentation
The current Data Protection Directive had to be implemented into the legal system of Europe’s 27 member states. This led to all countries having the same framework, but some legal systems having stronger and more protective rules than others. Germany’s data protection laws have the same elements as every other European country, but are far stricter than the ‘lenient’ UK’s laws, as an example.

The new Data Protection Regulation is a ‘one-size-fits-all’ legal instrument, and removes the need for member states to interpret the laws. It also makes way for better cross-border data transfers between European countries, and will save around €2.3 billion ($3.1bn) each year in ‘administrative’ costs.

The new Criminal Justice Directive will cover all matters pertaining to law enforcement, investigation, detection, or prosecution of criminal offences.

Right to be forgotten
This one is a tricky one, and details are still yet to be finalised. This ‘pet project’ of the European Justice Commissioner, Viviane Reding, will in effect allow European users to wipe their online slate clean. It will allow users to have their photos, details, and other data removed from websites, social networks, and search engines.

Users will have the right to demand that data held on them be deleted if there are “no legitimate grounds” for it to be kept. This includes if a user leaves a service or social network, like Google or Facebook, the company will have to permanently delete any data that it retains.

Search engines will also have to comply with this rule. The practicalities of search giants like Google complying, which has already warned that this may harm innovation, remains unclear.

ZDNet’s Zack Whittaker also summarized what US businesses need to know in terms of the reaching affects:

A European Commission spokesperson confirmed to ZDNet that the proposed measures are “focused on younger people”, particularly teenagers, students and young adults, in a bid to “protect the consequences of putting photos and other information on social network websites”.

It does not guarantee the right to have data held by local and European law enforcement agencies deleted, however.

But the proposed “right to be forgotten” laws have already been met with harsh criticism from the wider Web industry. It will create a right that will not only be difficult to implement, but could have a detrimental effect on the use of the Web in Europe.

Sheryl Sandberg, Facebook’s chief operating officer, gave an insight on what the wider argument could be amongst businesses and European regulators. While Web companies provide employment and spur on economic growth — such as seen with Facebook’s impact on the European economy — governments should not get in the way.

The Sony breach is a reference point for this, particularly because of the impact level it had on consumers and businesses alike:

Businesses are expected to lobby heavily for amendments that benefit them, and reduce the long-term workload that would be expected as part of the new Regulation’s finer details.
Details of data breaches — something every company will have to deal with at some point — also takes a high standing in the Regulation. Since the Sony breach, where over 70 million user accounts were hacked, Europe is responding by enforcing a “24-hour rule”.

“Companies that suffer a data leak must inform the data protection authorities and the individuals concerned, and they must do so without undue delay. As a general rule, without undue delay means for me ‘within 24 hours’,” Reding said in a speech earlier this week.

But should a company not be aware of a hack, a breach, or a data loss for 24 days, let alone 24 hours, it applies more pressure on companies to be aware of their own internal security matters and data protection policies.

Businesses will have a two or three year grace period with compliance, but nonetheless, the European data reforms are sparking a global shake-up. We’ll be watching this one closely…

Tags: , , , , , , , ,
Posted in Breach Data Masking European Data Reform Industry by Mike Logan. Comments Off

Older posts