Healthcare Technology Vendor News

Atlantic Receives Gold Stevie Award for Best Healthcare Technology Solution

The HIPAA-compliant hosting company Atlantic.Net has won two Stevie Awards at the 18th Annual American Business Awards, the premier business award program in the United States.

The Stevie Awards are part of a global business award program that recognizes companies and individuals who have made a big impact over the past 12 months and have demonstrated outstanding performance in the workplace. The program is split into 8 geographic regions with nominations received from organizations in more than 70 countries. Each year approximately 12,000 nominations are received globally.

This year, more than 3,600 nominations were received from organizations of all types and sizes in America. Almost all industry sectors were represented, including for-profit and non-profit organizations, and public and private sector companies. The nominations were assessed by more than 230 professionals worldwide.

Atlantic.Net is a global cloud service provider that specializes in managed and non-managed Windows, Linux, and FreeBSD server hosting solutions with data centers located in New York, London, San Francisco, Toronto, Dallas, Ashburn, and Orlando. The company has a strong focus on compliance and is a leading provider of HIPAA-compliant hosting solutions to U.S. healthcare organizations.

Atlantic.Net picked up the Gold Award in the Healthcare Technology Solution category and a Silver Award in the Cloud Platform category. “Since starting our business 25 years ago, we have always aimed to provide the best, most innovative solutions for our clients,” said Marty Puranik, CEO of Atlantic.Net. “This year is a poignant time for businesses to navigate, particularly in the healthcare tech sector, so we are thrilled to receive this prestigious honor from the American Business Awards.”

The post Atlantic Receives Gold Stevie Award for Best Healthcare Technology Solution appeared first on HIPAA Journal.

Webinar 05/21/20: How to Double Protection for Remote Workers

Are you concerned about your remote employees accessing malicious websites, being fooled by phishing scams, or downloading malware?

On Thursday May 21, 2020, the Ireland-based cybersecurity company TitanHQ is hosting a webinar to explain how you can better protect your remote workers and significantly improve your defenses against phishing and malware attacks.

Most cyberattacks that target employees have an email and web-based component. Email security solutions are effective at blocking the majority of malicious emails, but some emails may end up being delivered to inboxes.

Links in the emails direct employees to websites were credentials are harvested or malware is downloaded. Implementing a web filtering solution provides protection from the web-based part of the attack and prevents employees from visiting malicious websites. A web filter adds an important extra layer of security against phishing attacks and malware and ransomware downloads.

During the webinar, TitanHQ will explain how COVID-19 is being exploited by cybercriminals to attack organizations and steps that can be taken to meet the challenge of protecting a largely distributed workforce.

The webinar will focus on TitanHQ’s DNS-based web filtering solution – WebTitan – and will explain the features and security layers of the solution that will help you manage user security at multiple locations.

Webinar Details

Title:     Keeping your Remote Workers TWICE as secure with SpamTitan & WebTitan

Date:     Thursday, May 21, 2020

Time:    11:00-11:30 CDT

Host:     TitanHQ

  • Derek Higgins, Engineering Manger TitanHQ
  • Eddie Monaghan, Channel Manager TitanHQ
  • Marc Ludden, Strategic Alliance Manager TitanHQ
  • Kevin Hall, Senior Systems Engineer at Datapac

Click Here to Register for the Webinar

The post Webinar 05/21/20: How to Double Protection for Remote Workers appeared first on HIPAA Journal.

Zoom Reaches Settlement with NY Attorney General Over Privacy and Security Issues

Zoom reached an agreement with the New York Attorney General’s office and has committed to implementing better privacy and security controls for its teleconferencing platform. New York Attorney General Letitia James launched an investigation into Zoom after researchers uncovered a number of privacy and security issues with the platform earlier this year.

Zoom has proven to be one of the most popular teleconferencing platforms during the COVID-19 pandemic. In March, more than 200 million individuals were participating in Zoom meetings with usership growing by 2,000% in the space of just three months. As the number of users grew and the platform started to be used more frequently by consumers and students, flaws in the platform started to emerge.

Meeting participants started reporting cases of uninvited people joining and disrupting private meetings. Several of these “Zoombombing” attacks saw participants racially abused and harassed on the basis of religion and gender. There were also several reported cases of uninvited individuals joining meetings and displaying pornographic images.

Then security researchers started uncovering privacy and security issues with the platform. Zoom stated on its website that Zoom meetings were protected with end-to-end encryption, but it was discovered that Zoom had used AES 128 bit encryption rather than AES 256 bit encryption and its end-to-end encryption claim was false. Zoom was also discovered to have issued encryption keys through data centers in China, even though meetings were taking place between users in the United States.

Zoom used Facebook’s SDK for iOS to allow users of the iOS mobile app to login through Facebook, which meant that Facebook was provided with technical data related to users’ devices each time they opened the Zoom app. While Zoom did state in its privacy policy that third-party tools may collect information about users, data was discovered to have been passed to Facebook even when users had not used the Facebook login with the app.  There were also privacy issues associated with the LinkedIn Sales Navigator feature, which allowed meeting participants to view the LinkedIn profiles of other meeting participants, even when they had taken steps to remain anonymous by adopting pseudonyms. The Company Directory feature of the platform was found to violate the privacy of some users by leaking personal information to other users if they had the same email domain.

Zoom responded quickly to the privacy and security issues and corrected most within a few days of discovery. The firm also announced that it was halting all development work to concentrate on privacy and security. The company also enacted a CISO Council and Advisory Board to focus on privacy and security and Zoom recently announced that it has acquired the start-up firm Keybase, which will help to implement end-to-end encryption for Zoom meetings.

Under the terms off the settlement with the New York Attorney General’s office, Zoom has agreed to implement a comprehensive data security program to ensure its users are protected. The program will be overseen by Zoom’s head of security. The company has also agreed to conduct a comprehensive security risk assessment and code review and will fix all identified security issues with the platform. Privacy controls will also be implemented to protect free accounts, such as those used by schools.

Under the terms of the settlement, Zoom must continue to review privacy and security and implement further protections to give its users greater control over their privacy. Steps must also be taken to regulate abusive activity on the platform.

“This agreement puts protections in place so that Zoom users have control over their privacy and security, and so that workplaces, schools, religious institutions, and consumers don’t have to worry while participating in a video call,” said Attorney General James.

The post Zoom Reaches Settlement with NY Attorney General Over Privacy and Security Issues appeared first on HIPAA Journal.

Safe Partner Inc. Confirmed as HIPAA Compliant

Compliancy Group has announced that Safe Partner Inc. has demonstrated it has implemented an effective HIPAA compliance program and has successfully completed its proprietary 6-stage HIPAA risk analysis and remediation process.

Safe Partner Inc. is a Belmont, CA-based boutique software development and consulting company that provides a full range of software services, from design to development, implementation, and ongoing customer support. The company was formed in 1995 and works with clients in a wide range of industry sectors, including healthcare. Some of the software solutions developed by the company interact with healthcare data, which means the company is classed as a business associate and must comply with HIPAA Rules.

To ensure that no aspect of HIPAA compliance was missed, Safe Partner Inc sought assistance from Compliancy Group. Assisted by the company’s compliance coaches and using the firm’s HIPAA compliance tracking software solution, The Guard, Safe Partner Inc was able to demonstrate its HIPAA compliance program covered all aspects of the HIPAA Privacy, Security, Omnibus, and Breach Notification Rules. The company also conducted a comprehensive risk analysis to identify all potential risks to the confidentiality, integrity, and availability of protected health information, and ensured risks were effectively mitigated in accordance with the requirements of the HIPAA Security Rule.

After demonstrating to Compliancy Group that its policies and procedures met the minimum standards required by HIPAA, the company’s good faith effort toward HIPAA compliance was recognized and the company was awarded the Compliancy Group HIPAA Seal of Compliance.

The HIPAA Seal of Compliance helps the company differentiate its services and demonstrates to current and future clients that Safe Partner Inc. is committed to ensuring the privacy and security of any healthcare data provided to the company or accessible through its software solutions.

The post Safe Partner Inc. Confirmed as HIPAA Compliant appeared first on HIPAA Journal.

Compliancy Group Helps Acemanage Smart Inc Achieve HIPAA Compliance

Compliancy Group has announced that the Canadian start-up firm, Acemanage Smart Inc, has implemented an effective HIPAA compliance program and has demonstrated it is meeting all the requirements of the HIPAA Privacy, Security, Omnibus, and Breach Notification Rules.

Acemanage Smart Inc. has developed several software solutions over the past two years, including the WholisticDr platform. The WholisticDr platform allows patients in remote and rural areas to find practitioners and receive high quality medical care and is powered by artificial intelligence to make the process as quick and easy as possible.

Through the platform, holistic doctors and practitioners can list their practices, make appointments, manage billing and insurance, talk with and text other members and patients, conduct telehealth visits, and exchange health records, lab test results, and prescriptions.

As a business associate, Acemanage Smart Inc. is required to comply with HIPAA Rules. To ensure that its software solutions and staff are fully compliant with HIPAA Rules, Acemanage Smart Inc. has been working with Compliancy Group. Assisted by Compliancy Group’s compliance coaches, and using the firm’s proprietary HIPAA compliance tracking software, The Guard, Acemanage Smart Inc. has been able to confirm that all requirements of HIPAA have been satisfied.

“Patient’s health data are super confidential for our clients and us. We wanted to be accountable to our clients and stay to the highest standard of security in order to all of our clients feel safe and secure. So Acemanage Smart Inc has put extra time and effort to make sure our team are HIPAA compliant,” explained Acemanage Smart.

After completing Compliancy Group’s 6-stage HIPAA risk analysis and remediation process, the company was awarded with Compliancy Group’s HIPAA Seal of Compliance, which demonstrating the company’s good faith effort towards HIPAA compliance and shows healthcare clients that patient data is being protected to the high standards demanded by HIPAA.

The post Compliancy Group Helps Acemanage Smart Inc Achieve HIPAA Compliance appeared first on HIPAA Journal.

Compliance Group Helps Eyeward Inc. Achieve HIPAA Compliance

Compliancy Group has announced that Eyeward inc. has implemented an effective HIPAA compliance program and has achieved HIPAA compliance.

EyeWard is a free-to-use peer-to-peer consulting platform for iOS that allows healthcare professionals to connect with colleagues and securely communicate and share medical images. The app is intended to help physicians share clinical knowledge and consult with other medical professionals. Use of the app allows physicians to improve workflow and deliver better care to patients.

“Eyeward is dedicated to helping physicians provide the highest standard of care for their patients. Understanding that this level of care may require the use of sensitive health care information, Eyeward wanted to ensure all the appropriate measures were taken to properly safeguard PHI,” said Eyeward CEO, Stephen Atallah.

To ensure compliance with all provisions of HIPAA, Eyeward teamed up with Compliancy Group. Using Compliancy Group’s HIPAA compliance tracking solution, The Guard, and assisted by its compliance coaches, Eyeward was able to ensure its solution, policies, and procedures were fully compliant with HIPAA requirements.

Eyeward also completed Compliancy Group’s 6-stage HIPAA Risk Analysis and remediation process and the company’s good faith effort toward HIPAA compliance saw the firm awarded Compliancy Group’s HIPAA Seal of Compliance.

The Seal of Compliance demonstrates to HIPAA-covered entities and business associates that Eyeward has implemented an effective HIPAA compliance program and that its platform meets all requirements of HIPAA Rules and can be used for securely communicating patient information.

“By using our platform, doctors are putting their trust in Eyeward to secure their health care data,” said Atallah. “We wanted our users to know that we are doing all that we can to protect them and their patients.”

The post Compliance Group Helps Eyeward Inc. Achieve HIPAA Compliance appeared first on HIPAA Journal.

Vulnerability Identified in BD Pyxis MedStation and Pyxis Anesthesia (PAS) ES System

Becton, Dickinson and Company (BD) has identified a medium severity vulnerability in version 1.6.1 of the BD Pyxis MedStation medication dispensing system and the Pyxis Anesthesia (PAS) ES System of its anesthesia carts. If exploited, the vulnerability would allow an attacker to gain access to sensitive data.

BD devices use a software application implementation called kiosk mode. When in kiosk mode, restrictions are in place that limit the actions that can be performed. The vulnerability is a protection mechanism failure (CWE-693) which could allow an attacker to escape the restricted desktop environment, which would allow sensitive data to be accessed and altered.

The vulnerability only requires a low level of skill to exploit, but exploitation would require physical access to a vulnerable device. BD has performed a risk evaluation and has determined the risk of exploitation is low. As such, the vulnerability has been assigned a CVSS v3 base score of 6.8 out of 10.

BD is proactive in assessing its products to identify security vulnerabilities. The company operates with transparency and communicates security issues to customers in a timely fashion to allow them to take steps to effectively manage risk. While the vulnerability could potentially result in information disclosure, due to the low risk of exploitation customers have been advised not to discontinue use as the benefits of using the devices far outweigh the risk.

BD is in the process of deploying an update for the affected products which will strengthen kiosk mode and make it harder for currently known methods of kiosk escape to be used. Until the update is applied to vulnerable devices, BD has offered mitigations that will limit exploitation. Hospitals using the affected devices should limit physical access to the devices to authorized personnel, impacted systems should be isolated and only connected to trusted systems, and the devices should be monitored for unplanned reboots using network monitoring tools.

The post Vulnerability Identified in BD Pyxis MedStation and Pyxis Anesthesia (PAS) ES System appeared first on HIPAA Journal.

iland Named 2019 Veeam Impact Cloud & Service Provider Partner of the Year

iland has been named 2019 Veeam Impact Cloud & Service Provider Partner of the Year in North America by Veeam Software. This is the fifth year of the annual awards and the fourth time iland has collected the title, having also received the award in 2015, 2017, and 2018.

The annual awards recognize North America Veeam ProPartners and Veeam Cloud & Service Provider (VCSP) partners that have extensive knowledge of Veeam Software and have demonstrated success in delivering Veeam solutions to their customers and providing first-class support. To be considered for the awards, companies must also display a high level of innovation and continued product education.

iland’s cloud solutions have been developed to ensure that businesses are well protected from cyberattacks and ransomware, and provide peace of mind that should disaster strike, customer data will be protected and recoverable. The cloud backup and disaster-recovery-as-a-service offerings provide direct integration and 100% compatibility with Veeam’s backup and replication software and are provided to businesses by more than 500 channel partners around the world. One of those partners, CDW, also collected a Veeam award, being named 2019 Veeam Impact Partner of the Year in North America.

Iland also offers several other products that take advantage of the strength of Veeam backup solutions, including iland Test Drive, Autopilot Managed Recovery, Catalyst, and LabEngine.

“For more than 10 years, iland and Veeam have successfully partnered to help our joint customers navigate complex IT challenges. From migrating to the cloud, to backing up Office 365, to creating sophisticated disaster recovery plans, the beauty of our partnership is that we have solutions for every business,” explained Dante Orsini, iland senior vice president of business development. “Just as the Veeam backup technology continues to evolve, iland consistently finds new ways to easily and securely connect our customers to the cloud. Receiving this award for the fourth time represents a tireless commitment with Veeam and our global partners to deliver the most simple, flexible and reliable cloud data protection solutions on the market. We look forward to the decade ahead and our continued partnership with Veeam as we prepare our joint customers to embrace the next generation of IT innovation.”

The post iland Named 2019 Veeam Impact Cloud & Service Provider Partner of the Year appeared first on HIPAA Journal.

‘SweynTooth’ Vulnerabilities in Bluetooth Low Energy Chips Affect Many Medical Devices

A group of 12 vulnerabilities dubbed SweynTooth have been identified by researchers at the Singapore University of Technology and Design which are present in the Bluetooth Low Energy (BLE) chips manufactured by at least 7 companies.

BLE chips are used in smart home devices, fitness trackers, wearable health devices, and medical devices and give them their wireless connectivity. BLE chips with the SweynTooth vulnerabilities are used in insulin pumps, pacemakers, and blood glucose monitors as well as hospital equipment such as ultrasound machines and patient monitors.

It is not yet known exactly how many medical devices and wearable health devices are impacted by the flaws as manufacturers obtain their BLE chips from several sources. Some security researchers believe millions of medical devices could be vulnerable. BLE chips are used in around 500 different products. Hundreds of millions of devices could be affected.

The vulnerabilities are present in BLE chips manufactured by Cypress, Dialog Semiconductors, Microchip, NXP Semiconductors, STMicroelectronics, Texas Instruments, and Telink Semiconductor. The vulnerabilities have been assigned CVSS v3 base scores ranging from 6.1-6.9 out of 10.

7 of the vulnerabilities could be exploited to crash vulnerable devices, which would stop the devices communicating and may cause them to stop working entirely. 4 vulnerabilities could be exploited to deadlock devices, causing them to freeze and stop functioning correctly. One vulnerability could result in a security bypass which would allow an attacker to gain access to device functions that are usually only accessible by an authorized device administrator. The flaws can be exploited remotely by an attacker, although only if the attacker is within radio range of a vulnerable device. The range of BLE varies from device to device, with a maximum range of less than 100 m (328 ft).

Both the U.S. Food and Drug Administration (FDA) and the Department of Homeland Security’s Cybersecurity Infrastructure and Security Agency (CISA) have issued alerts about the vulnerabilities this week. The FDA explained that affected device manufacturers have been notified about the flaws and are assessing which devices are affected. Mitigations are being developed that can be implemented to reduce the risk of exploitation until patches are released to correct the flaws.

Cypress, NXP, Texas Instruments, and Telelink have already released patches to correct the flaws. Dialog has issued two patches, with the remaining patches scheduled to be released by the end of March 2020. Currently, patches have yet to be released by Microchip and STMicroelectronics.

The FDA has advised BLE chip and device manufacturers to conduct risk assessments to determine the potential impact of the flaws. Healthcare providers have been advised to contact the manufacturers of their devices to find out if they are affected, and the actions they need to take to reduce the risk of exploitation. Patients have been advised to monitor their devices for abnormal behavior and to seek medical help immediately if they feel their medical devices are not functioning correctly.

The post ‘SweynTooth’ Vulnerabilities in Bluetooth Low Energy Chips Affect Many Medical Devices appeared first on HIPAA Journal.