Author Archives: HIPAA Journal

Montefiore Medical Center and Geisinger Fire Employees for Improper PHI Access

Montefiore Medical Center in Bronx, NY has fired an employee over the alleged theft of the protected health information of approximately 4,000 patients. Montefiore became aware of a potential internal data breach in July 2020 and launched an investigation into unauthorized medical record access.

Montefiore had implemented a technology solution that monitors EHRs for inappropriate access, which identified the employee. The investigation confirmed that the employee had accessed medical records without any legitimate work reason between January 2018 and July 2020.

Accessing the medical records of patients when there is no legitimate reason for doing so is a violation of HIPAA and hospital policies. Montefiore said criminal background checks are performed on all employees prior to being given a position at the medical center and Montefiore provides HIPAA training to all employees. The employee in question had received significant privacy and security training but had chosen to violate internal policies and HIPAA Rules.

The investigation into the breach is ongoing and the matter has been reported to NYPD, which has launched a criminal investigation.

“Montefiore deeply regrets this incident and will not tolerate any violation of patient privacy,” said a spokesperson for the medical center. “In support of all HIPAA guidance and laws, we view this activity to be criminal in nature and are fully cooperating with law enforcement as the case moves forward.”

The types of information accessed by the former employee included names, addresses, dates of birth, and Social Security numbers. Affected patients have been offered complimentary identity theft protection services for 12 months and are protected against financial loss by a $1,000,000 identity theft insurance policy.

Montefiore Medical Center is now expanding its monitoring capabilities and employee training programs.

Geisinger Fires Employee for Unauthorized Medical Record Access

Geisinger has fired an employee for improper medical record access.  A member of the workforce alerted the Geisinger Privacy Office about an employee who was suspected of accessing the medical records of patients when there was no legitimate work reason for doing so.

The report was received on June 3, 2020 and an investigation into unauthorized access was immediately launched. The investigation was concluded on September 8, 2020. The employee in question worked at a Geisinger Clinic and was authorized to access patient records, but the investigation revealed the records of around 700 patients had been accessed without any work reason for doing so. The unauthorized access started in June 2019 and continued until June 2020.

The types of information that could be viewed included names, dates of birth, medical record numbers, dates of service, social security numbers, addresses, phone numbers, medical conditions, diagnoses, medications, treatment information and other clinical notes. A review of the employee’s network activity uncovered no evidence to suggest information had been stolen but, out of an abundance of caution, all affected patients have been offered complimentary credit monitoring and identity theft protection services.

“At Geisinger, protecting our patients’ and members’ privacy is of the utmost importance and we are constantly working on safeguards and protocols to identify incidents such as these so we can prevent such occurrences in the future,” said Geisinger Chief Privacy Officer, Jonathan Friesen.

The post Montefiore Medical Center and Geisinger Fire Employees for Improper PHI Access appeared first on HIPAA Journal.

Sudden Infant Death Services of Illinois Confirmed as HIPAA Compliant

Sudden Infant Death Services (SIDS) of Illinois, Inc. has been confirmed as having met the requirements of the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy, Security, Privacy, and Breach Notification Rules, and all requirements of the HITECH Act.

SIDS of Illinois is a nonprofit 501(c)(3) organization dedicated to the prevention of sudden, unexpected infant death. This is achieved through educational programs for families, healthcare professionals, law enforcement, childcare providers, and the general public. SIDS of Illinois also provides bereavement services to families and others who have experienced the tragedy of a sudden, unexpected infant death.

Due to the sensitive nature of the work conducted by SIDS of Illinois, and the types of information collected, maintained, stored, and transmitted, compliance with the HIPAA Rules is essential. It is also important to be able to demonstrate compliance through HIPAA certification.

To ensure compliance with all aspects of HIPAA, SIDS of Illinois partnered with Compliancy Group and chose its HIPAA Seal of Compliance as certification demonstrating its commitment to compliance and the privacy and security of client data.

“HIPAA Certification is critically important to the mission of Sudden Infant Death Services (SIDS) of Illinois, Inc. Compliancy Group simplifies HIPAA compliance so that all of our staff can confidently provide Infant Safe Sleep education, and bereavement support to those families who have experienced the death of an infant,“ said Nancy Maruyama, RN, BSN, NCBF, Executive Director, SIDS of Illinois.

Compliancy Group has confirmed that SIDS of Illinois has successfully completed the Six Stage HIPAA Risk Analysis and Remediation process, using Compliancy Group’s compliance tracking software (The Guard).

“We are proud of the work we do and the services we provide to all residents of Illinois. In working with Compliancy Group’s experts, we can show that we continue to be HIPAA compliant and protect all sensitive information from and regarding our constituency,” said Maruyama. “Compliancy Group coaches walked us through the steps needed to complete the certification process. I would recommend Compliancy Group to any entity, especially non-profit organizations, as the best way to become Certified HIPAA Compliant.”

After successfully completing the 6-stage compliance process, Compliancy Group awarded SIDS of Illinois the HIPAA Seal of Compliance, demonstrating to clients, patients and others that SIDS of Illinois has implemented an effective HIPAA compliance program and is committed to ensuring the privacy and security of sensitive data.

The post Sudden Infant Death Services of Illinois Confirmed as HIPAA Compliant appeared first on HIPAA Journal.

August 2020 Healthcare Data Breach Report

37 healthcare data breaches of 500 or more records were reported to the HHS’ Office for Civil Rights in August 2020, one more than July 2020 and one below the 12-month average.

The number of breaches remained fairly constant month-over-month, but there was a 63.9% increase in breached records in August. 2,167,179 records were exposed, stolen, or impermissibly disclosed in August. The average breach size of 58,572 records and the median breach size was 3,736 records.

 

 

Largest Healthcare Data Breaches Reported in August 2020

 

Name of Covered Entity Covered Entity Type Individuals Affected Type of Breach Location of Breached PHI Incident
Northern Light Health Business Associate 657,392 Hacking/IT Incident Network Server, Other Blackbaud ransomware attack
Saint Luke’s Foundation Healthcare Provider 360,212 Hacking/IT Incident Network Server Blackbaud ransomware attack
Assured Imaging Healthcare Provider 244,813 Hacking/IT Incident Network Server Ransomware attack
MultiCare Health System Healthcare Provider 179,189 Hacking/IT Incident Network Server Blackbaud ransomware attack
Imperium Health LLC Business Associate 139,114 Hacking/IT Incident Email Phishing attack
University of Florida Health Healthcare Provider 135,959 Hacking/IT Incident Network Server Blackbaud ransomware attack
Utah Pathology Services, Inc. Healthcare Provider 112,124 Hacking/IT Incident Email Phishing attack
Dynasplint Systems, Inc. Healthcare Provider 102,800 Hacking/IT Incident Network Server Ransomware attack
Main Line Health Healthcare Provider 60,595 Hacking/IT Incident Network Server Blackbaud ransomware attack
Northwestern Memorial HealthCare Healthcare Provider 55,983 Hacking/IT Incident Network Server Blackbaud ransomware attack
Richard J. Caron Foundation Healthcare Provider 22,718 Hacking/IT Incident Network Server Blackbaud ransomware attack
UT Southwestern Medical Center Healthcare Provider 15,958 Unauthorized Access/Disclosure Other Unconfirmed
City of Lafayette Fire Department Healthcare Provider 15,000 Hacking/IT Incident Network Server Ransomware attack
Hamilton Health Center, Inc. Healthcare Provider 10,393 Unauthorized Access/Disclosure Email Misdirected Email

 

Causes of August 2020 Healthcare Data Breaches

Hacking/IT incidents dominated the breach reports in August, with the 24 reported incidents making up 64.9% of the month’s data breaches. 2,127,070 records were compromised in those breaches, which is 98.15% of all records breached in August. The average breach size was 88,628 records and the median breach size was 11,550 records.

There were 8 unauthorized/access disclosure incidents involving 32,205 records. The average breach size was 4,026 records and the median breach size was 992 records. There were 5 loss (2) and theft (3) incidents reported. The average breach size was 1,581 records and the median breach size was 1,768 records.

While phishing attacks usually dominate the healthcare data breach reports, in August, attacks on network servers were more common. The increase in network server attacks is largely due to ransomware attacks, notably, an attack on Blackbaud, a business associate of many healthcare organizations in the United States. Blackbaud offers a range of services to healthcare providers, including patient engagement and digital data storage related to donors and philanthropy.

Between February 7, 2020 and May 20, 2020, hackers had access to Blackbaud’s systems and obtained backups of several of its clients’ databases before deploying ransomware. Blackbaud paid the ransom to ensure data stolen in the attack were destroyed.

Only a small percentage of its clients were affected by the attack, but so far at least 52 healthcare organizations have confirmed that their donor data were compromised in the attack. We have data for 17 of those attacks and so far, more than 3 million individuals are known to have been affected. That number is likely to grow significantly over the next few weeks now the deadline for reporting the breach is approaching.

There were also two major phishing incidents reported in August. Imperium Health suffered an attack in which the records of 139, 114 individuals were potentially compromised, and Utah Pathology Services suffered an attack involving the records of 112,124 individuals.

Healthcare Data Breaches by Covered Entity Type

Healthcare providers were the worst affected covered entity with 24 data breaches reported in August. Three breaches were reported by health plans and five breaches were reported by business associates; however, a further 9 breaches had some business associate involvement.

States Affected by August 2020 Data Breaches

Data breaches were reported by entities in 24 states in August. Pennsylvania was the worst affected state with 6 breaches of 500 or more healthcare records, followed by Kentucky with 4, Texas with 3, and Arizona, Ohio, and Washington with 2.  One breach was reported in each of Arkansas, California, Colorado, Connecticut, Florida, Iowa, Idaho, Illinois, Indiana, Maryland, Maine, Michigan, Missouri, New York, Oklahoma, South Carolina, Utah, and Wisconsin.

HIPAA Enforcement Activity in August 2020

There were no HIPAA enforcement actions announced in August by either the HHS Office for Civil Rights or state attorneys general.

The post August 2020 Healthcare Data Breach Report appeared first on HIPAA Journal.

Systemic Noncompliance with HIPAA Results in $1.5 Million Financial Penalty for Athens Orthopedic Clinic

The HHS’ Office for Civil Rights has announced a settlement has been reached with Athens Orthopedic Clinic PA to resolve multiple violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules.

OCR conducted an investigation into a data breach reported by the Athens, GA-based healthcare provider on July 29, 2016.  Athens Orthopedic Clinic had been notified by Dissent of Databreaches.net on June 26, 2026 that a database containing the electronic protected health information (ePHI) of Athens Orthopedic Clinic patients had been listed for sale online by a hacking group known as The Dark Overlord. The hackers are known for infiltrating systems, stealing data, and issuing ransom demands, payment of which are required to prevent the publication/sale of data.

Athens Orthopedic Clinic investigated the breach and determined that the hackers gained access to its systems on June 14, 2016 using vendor credentials and exfiltrated data from its EHR system. The records of 208,557 patients were stolen in the attack, including names, dates of birth, Social Security numbers, procedures performed, test results, clinical information, billing information, and health insurance details.

OCR accepts that it is not possible to prevent all cyberattacks, but when data breaches occur as a result of the failure to comply with the HIPAA Rules, financial penalties are appropriate.

“Hacking is the number one source of large health care data breaches. Health care providers that fail to follow the HIPAA Security Rule make their patients’ health data a tempting target for hackers,” said OCR Director Roger Severino.

The OCR investigation into the breach revealed systemic noncompliance with the HIPAA Rules. Athens Orthopedic Clinic had not conducted an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI, in violation of 45 C.F.R. § 164.308(a)(1)(ii)(B).

Security procedures had not been implemented to reduce the potential risks to ePHI to a reasonable and appropriate level, in violation of 45 C.F.R. § 164.308(a)(1)(ii)(A).

From September 30, 2015 to December 15, 2016, Athens Orthopedic Clinic failed to implement appropriate hardware, software, and procedures for recording and analyzing information system activity, in violation of 45 C.F.R. §§ 164.312(b).

It took until August 2016 for HIPAA policies and procedures to be maintained, in violation of 45 C.F.R. § 164.530(i) and (j), and prior to August 7, 2016, the clinic had not entered into business associate agreements with three of its vendors, in violation of 45 C.F.R. § 164.308(b)(3).

Prior to January 15, 2018, Athens Orthopedic Clinic had not provided HIPAA Privacy Rule training to the entire workforce, in violation of 45 C.F.R. § 164.530(b).

As a result of the compliance failures, Athens Orthopedic Clinic failed to prevent unauthorized access to the ePHI of 208,557 patients, in violation of 45 C.F.R. §164.502(a)).

In addition to the financial penalty, Athens Orthopedic Clinic has agreed to adopt a corrective action plan covering all aspects of noncompliance discovered during the OCR investigation. The clinic settled the case with no admission of liability.

This is the sixth HIPAA settlement to be announced by OCR in September and the 9th HIPAA penalty of 2020. Earlier this month, OCR announced five settlements had been reached with HIPAA-covered entities under its HIPAA Right of Access initiative for failing to provide patients with a copy of their health information.

The post Systemic Noncompliance with HIPAA Results in $1.5 Million Financial Penalty for Athens Orthopedic Clinic appeared first on HIPAA Journal.

Senators Demand Answers from VA on 46,000-Record Data Breach

On September 14, 2020, the U.S. Department of Veteran Affairs announced it had suffered a data breach that had impacted 46,000 veterans. Several Senate Democrats are now demanding answers from the VA on the breach and the cybersecurity measures the VA has put in place to prevent data breaches.

Hackers gained access to an application used by the VA’s Financial Services Center to send payments to community healthcare providers to pay for veterans’ medical care. Six payments intended for community care providers were redirected to bank accounts under the control of the hackers and veterans’ data in the system was exposed and potentially stolen.

When the breach was discovered, the application was taken offline and will remain down until a full review has been conducted by the VA’s Office of Information and Technology. Affected veterans have been offered complimentary credit monitoring services and the VA is currently working on compensating the community care providers whose payments were redirected.

Officials at the VA Office of Information and Technology told Senate and House veterans’ affairs committees that approximately 17,000 community care providers were affected by the breach, although the VA has now said that while 17,000 community care providers use the application, only 13 were affected.

In a letter to VA Secretary Robert Wilkie, Sens John Tester, Patty Murray, Sherrod Brown, Richard Blumenthal, Mazie K. Hirono, Joe Manchin III, Kyrsten Sinema, Margaret Wood Hassan, and Jeanne Shaheen expressed “serious concerns” about the ability of the VA to protect veterans’ and community care providers’ data and called for the VA to provide assurances that the department is capable of safeguarding personal and financial data.

“Based on information currently available, it appears this cybersecurity incident was carried out by those able to find weaknesses in the way VA authenticates community care health care providers using VCAs and processes payments for their services,” said the Senators.

“This incident raises numerous concerns not just for this incident, but more broadly with how VA is approaching protecting the PII and other important data within its vast data systems and networks,” wrote the Senators. “This is not a new vulnerability for VA. Rather, it is a long-standing weakness of the Department as identified by independent reviews conducted by the VA OIG and the Government Accountability Office (GAO) for more than 10 years.”

The Senators reference two GAO reports from June 2019 and July 2019 that make several recommendations for agencies on cybersecurity, risk management and data protection, including recommendations specifically for the VA. They have called for the VA to provide information on the current status of the VA’s efforts to implement those recommendations.

The Senators have called for the VA to provide a state-level breakdown of all impacted community care providers and to provide information on the steps that have been taken to assure community care providers and veterans that their personal and financial data will be secure. The Senators want to know who discovered the breach – whether it was the VA or the VA Office of Inspector General. They also requested information on the systems used by the VA Financial Services Center.

The Senators also raised concern that the VA is in a reactive posture waiting for cybersecurity vulnerabilities to arise and want to know what proactive assessments have been conducted to identify vulnerabilities, the frequency of those assessments, and what steps the VA will take to ensure greater oversight of business rules and IT and cybersecurity processes to ensure vulnerabilities are identified and addressed before they are exploited.

“This most recent data breach is unacceptable. It also exposes the fact that VA has not taken the necessary steps to ensure oversight, accountability, and security of the vast financial, health, and other personal data it collects and processes to perform its critical services for America’s veterans,” wrote the Senators. “It is imperative VA take aggressive and decisive action to address this current incident and lay out a strategy to prevent such problems from arising in the future.”

The post Senators Demand Answers from VA on 46,000-Record Data Breach appeared first on HIPAA Journal.

Hospital Ransomware Attack Results in Patient Death

Ransomware attacks on hospitals pose a risk to patient safety. File encryption results in essential systems crashing, communication systems are often taken out of action, and clinicians can be prevented from accessing patients’ medical records.

Highly disruptive attacks may force hospitals to redirect patients to alternate facilities, which recently happened in a ransomware attack on the University Clinic in Düsseldorf, Germany. One patient who required emergency medical treatment for a life threatening condition had to be rerouted to an alternate facility in Wuppertal, approximately 20 miles away. The redirection resulted in a one-hour delay in receiving treatment and the patient later died. The death could have been prevented had treatment been provided sooner.

The attack occurred on September 10, 2020 and completely crippled the clinic’s systems. Investigators determined that the attackers exploited a vulnerability in “widely used commercial add-on software” to gain access to the network. As the encryption process ran, hospital systems started to crash and medical records could not be accessed.

The medical clinic was forced to de-register from emergency care, postponed appointments and outpatient care, and all patients were advised not to visit the medical clinic until the attack was remediated. A week later and normal function at the hospital has still not resumed, although the hospital is now starting to restart essential systems.

According to a recent Associated Press report, 30 servers at the hospital were affected. A ransom demand was found on one of the encrypted servers. The hospital alerted law enforcement which made contact with the attackers using the information in the ransom note.

It would appear that the attackers did not intend on attacking the hospital, as the ransom note was addressed to Heinrich Heine University in Düsseldorf, to which the medical clinic is affiliated. Law enforcement officials made contact with the attackers using the information in the ransom note and told the attackers that the hospital had been affected and patient safety was at risk.

The attackers supplied the keys to decrypt files and made no further attempts to extort money. No further contact has been possible with the attackers. Law enforcement is continuing to investigate and it is possible that charges of manslaughter could be brought against the attackers.

Until now there have been no confirmed cases of ransomware attacks on healthcare facilities resulting in the death of a patient, but when attacks cripple hospital systems and patients are prevented from receiving treatment for life threatening conditions, such tragic events are sadly inevitable.

Several ransomware gangs have publicly stated that they will not conduct attacks on medical facilities, and if hospital systems are affected, keys to decrypt files will be provided free of charge. However, even if keys are provided to decrypt files, recovery from an attack is not a quick process. Other ransomware operations have made no such concessions and continue to attack healthcare facilities.

The post Hospital Ransomware Attack Results in Patient Death appeared first on HIPAA Journal.

CISA Warns of Public Exploit for Windows Netlogon Remote Protocol Vulnerability

CISA has published information on a critical vulnerability in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC) now that a public exploit for the flaw has been released, which could be used to attack vulnerable domain controllers.

MS-NRPC is a core component of Active Directory that provides authentication for users and accounts. “The Netlogon Remote Protocol (MS-NRPC) is an RPC interface that is used exclusively by domain-joined devices. MS-NRPC includes an authentication method and a method of establishing a Netlogon secure channel,” explained Microsoft.

The vulnerability, tracked as CVE-2020-1472, is an elevation of privilege vulnerability that can be exploited when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. MS-NRPC reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode, which would allow an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and gain domain administrator privileges.

Microsoft is addressing the vulnerability in a phased two-part roll out. Microsoft released a patch for the vulnerability on August 2020 Patch Tuesday which changes Netlogon client behavior to use secure RPC with Netlogon secure channel between member computers and Active Directory (AD) domain controllers (DC). The second “enforcement phase” is planned for Q1, 2021, on or after February 9, 2021, and will be deployed automatically.

Microsoft explained the “changes to the Netlogon protocol have been made to protect Windows devices by default, log events for non-compliant device discovery, and add the ability to enable protection for all domain-joined devices with explicit exceptions.”

The patch enforces secure RPC usage for machine accounts on Windows based devices, trust accounts, and all Windows and non-Windows DCs.  A new group policy is included to allow non-compliant device accounts.

“Mitigation consists of installing the update on all DCs and RODCs, monitoring for new events, and addressing non-compliant devices that are using vulnerable Netlogon secure channel connections,” explained Microsoft. “Machine accounts on non-compliant devices can be allowed to use vulnerable Netlogon secure channel connections; however, they should be updated to support secure RPC for Netlogon and the account enforced as soon as possible to remove the risk of attack.”

After deploying the patch, monitoring should take place to identify warning events and actions are required on each of those events. All warning events must be resolved before the February 2021 enforcement phase begins.

Deployment guidelines for the August 2020 patch are detailed here.

The February patch will transition into the enforcement phase and will put DCs into enforcement mode regardless of the enforcement mode registry key, forcing all Windows and non-Windows devices to use secure RPC with Netlogon secure channel or explicitly allow the account by adding an exception for the non-compliant device.  The update will also remove logging as all vulnerable connections will be denied.

If the August 2020 patch has not yet been applied, systems will be vulnerable to attack. CISA warns that the flaw is an attractive target for attackers and immediate patching is strongly recommended. Should the vulnerability be exploited, and the Active Directory infrastructure compromised, significant damage can be caused, and the attack will be costly to mitigate.

The post CISA Warns of Public Exploit for Windows Netlogon Remote Protocol Vulnerability appeared first on HIPAA Journal.

Vulnerabilities Identified in Philips Clinical Collaboration Platform

5 low- to medium-severity vulnerabilities have been identified in the Philips Clinical Collaboration Platform (Vue PACS). If successfully exploited, an attacker could convince an authorized user to execute unauthorized actions or could result in the disclosure of information that could be used in further attacks.

Philips has not received any reports to indicate exploits for the vulnerabilities have been developed or used in real world attacks, and there have been no reports of incidents from clinical use associated with the vulnerabilities.

The vulnerabilities affect versions 12.2.1 and prior and range in severity from low (CVSS v3 base score 3.4) to medium (CVSS v3 base score 6.8).

  • CVE-2020-16200 – Resource exposed to the wrong control sphere – Allows unauthorized access to the resource (CVSS 6.8)
  • CVE-2020-16247 – Algorithm downgrade – A failure to control the allocation and maintenance of a limited resource, potentially leading to exhaustion of available resources. (CVSS 6.5)
  • CVE-2020-16198 – Protection mechanism failure – Failure or insufficient checks to verify the identity given by an attacker to ensure the claim is correct. (CVSS 5.0)
  • CVE-2020-14525 – Improper neutralization of scripty in attributes in a web page – Does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users. (CVSS 3.5)
  • CVE-2020-14506 – When input or data is provided, there are insufficient checks to ensure the input has the properties to allow data to be processed safely and correctly. (CVSS 3.4)

Philips released a patch for the Clinical Collaboration Platform (Version 12.2.1.5) in June 2020 for web portals which fixed two of low-severity flaws (CVE-2020-14506 and CVE-2020-14525).

Philips released a new version of the Vue PACS Clinical Collaboration Platform (Version 12.2.5) in May 2020, which corrected four of the flaws (CVE-2020-14506, CVE-2020-14525, CVE-2020-16247, and CVE-2020-16198).

The remaining vulnerability, CVE-2020-16200, could not be patched and requires manual intervention to prevent exploitation. Affected customers are encouraged to contact Philips Customer Support to receive assistance correcting the vulnerability.

Philips also recommends the following mitigations:

  • Implement physical security measures to limit or control access to critical systems.
  • Restrict system access to authorized personnel only and follow a least privilege approach.
  • Apply defense-in-depth strategies.
  • Disable unnecessary accounts and services.

The vulnerabilities were identified by Northridge Hospital Medical Center, which reported the vulnerabilities to Philips. Philips released a security advisory and notified relevant authorities about the flaws under its Coordinated Vulnerability Disclosure Policy.

The post Vulnerabilities Identified in Philips Clinical Collaboration Platform appeared first on HIPAA Journal.

Webinar Sept 22: How to Ensure Business Continuity with a Remote Workforce

2020 has been an extremely challenging year for businesses. They have had to rapidly adapt to a new way of working due to SARS-CoV-2 and COVID-19. In order to keep businesses running, it has been necessary to switch from a largely office-based workforce to allowing employees to work remotely from home.

Employees have managed to stay productive and continue to communicate and collaborate through videoconferencing solutions such as Microsoft Teams and Zoom, instant messaging platforms, and email. These tools have helped businesses to continue to function and move forward during these difficult times.

One area of concern for businesses with remote working is how to ensure compliance and maintain business and email continuity.

On September 22, 2020, TitanHQ will host a webinar to discuss some of the remote working challenges faced by businesses. During the webinar, TitanHQ’s experts will discuss the current technology landscape, explain how to ensure security and compliance with remote workers, how to protect business critical data, and the importance of continuity with remote working.

TitanHQ will also introduce ArcTitan – a cloud-based email archiving solution solves some of the key issues with remote working and helps to ensure business continuity.

Webinar Details

Title:       How to Ensure Business Continuity with Email Archiving for your Remote Workforce

Date:     Tuesday, September 22, 2020

Time:    London/Dublin: 5:00 pm (GMT +1)  ¦  USA:      12:00 pm ET; 09:00 am PT

Hosts:     James Clayton, ArcTitan Product Specialist  ¦ Derek Higgins, Engineering Manager, TitanHQ

 

Click Here to Register for the Webinar

The post Webinar Sept 22: How to Ensure Business Continuity with a Remote Workforce appeared first on HIPAA Journal.