Cisco Blogs


Cisco Blog > Security

Nine HIPAA Network Considerations

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Omnibus Final Rule, released January 2013, introduced some significant changes and updates. At the same time, over 100 HIPAA audits concluded in 2012. The Office of Civil Rights (OCR) released initial analysis of these audits in May 2013. The HIPAA Omnibus Final Rule and 2012 HIPAA audit results may influence how you run your network in the future. Here are nine network considerations that could impact your network and IT processes.

  1. HIPAA Audits will continue
  2. The HIPAA Audit Protocol and NIST 800-66 are your best preparation
  3. Knowledge is a powerful weapon―know where your PHI is
  4. Risk Assessment drives your baseline
  5. Risk Management is continuous
  6. Security best practices are essential
  7. Ignorance is not bliss
  8. Your business associate(s) must be tracked
  9. Breach discovery times: know your discovery tolerance

Each of these considerations will be explored in a nine-part blog series, posted on the healthcare blogs site.

Tags: , ,

Expiring Albert: Recycling User IDs and the Impact on Privacy

Within many organisations offering online services to the public, there must be a great temptation to expire redundant user accounts that occupy desirable user IDs but which are never used by their users. Presumably the user IDs have been registered by someone, used on a couple of occasions, and then forgotten about. Expiring and recycling these user IDs and offering them to new users allows the organisation to better manage the quantity of unique User IDs, and also allows new users to potentially own the user ID that they desire.

On 20th June, Yahoo! announced that they will be expiring user IDs that have been unused for over 12 months in order to offer them to users.

you want a Yahoo! ID that’s short, sweet and memorable, like albert@yahoo.com instead of albert9330399@yahoo.com”, described Jay Rossiter, SVP of Platforms at Yahoo! [1].

Yahoo! is not the only webmail provider that expires inactive users and recycles their email addresses. Recently, researchers at Rutgers University identified that Hotmail also reissues email addresses that have been dormant for some time [2]. Yahoo! should be applauded for publicly raising the issue, describing their criteria for expiring accounts, and calling for users to access their accounts if they wish to prevent this happening. Read More »

Tags: ,

BYOD: Many Call It Bring Your Own Malware (BYOM)

June 24, 2013 at 2:02 pm PST

It is not new that people are referring to Bring Your Own Device (BYOD) as Bring Your Own Malware (BYOM). In 2012 alone, Android malware encounters grew 2,577 percent (for details, see Cisco’s Annual Security Report). Many organizations are struggling to keep up with the BYOD trend by allowing employees to bring their favorite gadgets to the office to increase productivity and employee satisfaction. However, they are also struggling when trying to protect critical corporate assets, user’s data, and intellectual property in their employees’ mobile devices. Read More »

Tags: , , , , , ,

‘Hijacking’ of DNS Records from Network Solutions

UPDATE: This blog post is related to the redirection of domain name servers that occurred back in June 2013.  This post is NOT related to the ongoing activity occuring July 16, 2013.  Cisco TRAC is currently analyzing the ongoing issues with Network Solutions’ hosted domain names and has more information available here.

Multiple organizations with domain names registered under Network Solutions suffered problems with their domain names today, as their DNS nameservers were replaced with nameservers at ztomy.com. The nameservers at ztomy.com were configured to reply to DNS requests for the affected domains with IP addresses in the range 204.11.56.0/24. Cisco observed a large number of requests directed at these confluence-network IP addresses. Nearly 5000 domains may have been affected based on passive DNS data for those IPs.

Traffic hits to 204.11.56.0/24

Traffic hits to 204.11.56.0/24

Read More »

Tags: ,

Standing Up to Threats: The Cisco 2013 Annual Security Report & Security Intelligence Operations [Infographic]

Are you thinking about the evolving threat landscape? You should be. Each day, new vulnerabilities are found and new exploits are crafted. Attackers are becoming increasingly sophisticated, while industry trends such as cloud computing and mobility are rapidly expanding the attack surfaces. Your mobile device could act like a Trojan horse, passing right through your network perimeter. Or your compromised server could spread an infection to your most sensitive assets.

This is the first in a series of blog posts that focuses on how Cisco stays ahead of the latest security threats. Of course, to stay on top of something as fast changing and widespread as security threats, you need to understand them in great detail.

And that’s what the Cisco 2013 Annual Security Report (ASR) and Cisco Security Intelligence Operations (SIO) offer. Read More »

Tags: , , , , , ,