Audit Controls
UPDATE: On February 17, 2017, Audit Controls Underlined in $5.5M OCR HIPAA SettlementMemorial Healthcare Systems recently agreed to an OCR HIPAA settlement, with a lack of audit controls cited as a key factor in the decision.Florida-based Memorial Healthcare Systems (MHS) recently agreed to a $5.5 million OCR HIPAA settlement, stemming from incidents that were reported in 2012. OCR stated that a lack of audit controls was a major factor in the determined settlement.A PHI data breach was first reported to OCR on April 12, 2012, where MHS employees inappropriately accessed patient information, including names, dates of birth, and Social Security [...]
Read more »
Top 10 healthcare data breaches of 2016
Here is the annual countdown of the Top 10 healthcare data breaches of 2016, in the US.Premier Healthcare, LLCPremier Healthcare reported a potential healthcare data breach in March, affecting 205,748 individuals, according to OCR- the US Office for Civil Rights (OCR) | HHS.govhttps://www.hhs.gov/ocr/HHS ensures that people have equal access and opportunities to participate in certain health care and human services programs without unlawful discrimination.A laptop was stolen from Premier’s billing department, but was returned to the provider in the mail “on or about March 7, 2016.” An investigation determined that the laptop had not been powered on since [...]
Read more »
SOA Testing Techniques
SOA Testing Tools for Black, White and Gray Box Web Services are the foundations of modern Service Oriented Architecture (SOA). Typical Web Services include message exchange between a consumer and a producer using SOAP request and responses over the ubiquitous HTTP protocol. A Web service producer advertises its services to potential consumers through Web Services Description Language (WSDL) – an XML file that contains details of available operations, execution endpoints and expected SOAP request-response structures. Many testing techniques and methodologies developed over the years apply to Web Services-based SOA systems as well. Through functional, regression, unit, integration, system and [...]
Read more »
IT Security Testing And Analysis
A network vulnerability assessment is a detailed study of the network security infrastructure of an organization’s systems. From a user workstation to the operating systems, databases, firewalls, and Internet routers, a network vulnerability assessment covers every piece of the information systems infrastructure in order to provide a comprehensive and consistent security vulnerability assessment of the current state of the information security architecture. Enterprise Risk Management’s information security network vulnerability assessment evaluations provide an in-depth technical security review of the hardware and software components supporting the technical infrastructure of an organization. To provide the best results, we supplement automated [...]
Read more »