The HIPAA Omnibus Final Rule is now in effect and audits will continue in 2014. At the HIMSS Privacy and Security Forum in Boston on Sept. 23, Leon Rodriguez, director of the Department of Health and Human Services’ Office for Civil Rights said to those who are wondering how the new rule will be enforced: “You’ll see a picture of where we’ll spend our energies” based on previous enforcement actions. Enforcement actions to date have focused on cases involving major security failures, where a breach incident led to investigations that revealed larger systemic issues, Rodriguez said.
On our list of 9 HIPAA Network Considerations, it is timely that our topic in this blog is on #7, Security best practices are essential.
- HIPAA Audits will continue
- The HIPAA Audit Protocol and NIST 800-66 are your best preparation
- Knowledge is a powerful weapon―know where your PHI is
- Ignorance is not bliss
- Risk Assessment drives your baseline
- Risk Management is continuous
- Security best practices are essential
- Breach discovery times: know your discovery tolerance
- Your business associate(s)must be tracked
The general rule for the HIPAA Security Rule is to ensure the confidentiality, integrity, and availability of ePHI that is created, received, maintained, or transmitted [45 CFR 164.306(a)]. Protect against threats to PHI. That relates directly to network security best practices. In the 2012 HIPAA audits, security had more than its share of findings and observations, accounting for 60% of the HIPAA audit findings and observations, even though the Security Rule accounted for only 28% of the audit questions. At the NIST OCR Conference in May, OCR presented the summary below.
Read More »
Tags: healthcare, HIPAA, PCI Compliance, security
Today, rapid changes in the world we live in, driven by technology trends, business model changes and market transitions, like the Internet of Everything, profoundly impact our networks and our data centers. With the advent of all of these new capabilities, we have created a new paradigm for security—it is what I refer to as the “Any to Any” Problem. That is, any user on any device increasingly going over any type of connection, to any application, that could be running in any data center and on any cloud. Regardless of how or where our users are connecting, we have to provide the right levels of inspection and protection against malicious actors.
Today, Cisco is announcing the new Application Centric Infrastructure (ACI) designed to seamlessly integrate layer 4 through layer 7—and security, in particular—into next generation Data Center environments. As part of this framework, we are announcing ACI Security Solutions, which support next generation Cisco ASA physical and virtual firewall technologies by stitching them directly into the ACI network fabric, and can be managed using the ACI Policy Infrastructure Controller management tool.
The Cisco ASA 5585-X Series Next-Generation Security Appliance has been updated and certified to interoperate with the new Nexus 9000 switches—whether they are deployed in traditional or ACI modes. The new Cisco ASA Virtual Firewall (ASAv) performs the same functions as any ASA appliance. However, unlike an ASA 1000v Cloud Firewall, the ASAv maintains its own data path. This allows it to work with any virtual switch and it will be available on multiple hypervisors. Read More »
Tags: ACI, application centric infrastructure, Chris Young, Cisco Security, cisco sio, security
Update 2013-11-12: Watch our youtube discussion
Update 2013-11-05: Upon further examination of the traffic we can confirm that a large percentage is destined for TCP port 445. This is indicative of someone looking for nodes running SMB/DCERPC. With that in mind it is extremely likely someone is looking for vulnerable windows machines or it is quite possible that the “soon to be” attackers are looking for boxes compromised by a specific malware variant.
On 2013-11-02 at 01:00 UTC Cisco saw a massive spike in TCP source port zero traffic for three hours. This was the largest spike of reconnaissance activity we’ve seen this year. TCP source port zero is a reserved port according to the RFC and it should not be used. Customers who see port zero activity on their network should consider the traffic suspicious and investigate the source.
This graph displays the magnitude of the number of sensors logging this activity. Normally we see a magnitude of less than 20, this increased five fold on 2013-11-02. There was also an associated massive increase in the volume of traffic observed by signature 24199-0.
Read More »
Tags: IPS, security, security research, TRAC
CSIRT, I have a project for you. We have a big network and we’re definitely getting hacked constantly. Your group needs to develop and implement security monitoring to get our malware and hacking problem under control.
If you’ve been a security engineer for more than a few years, no doubt you’ve received a directive similar to this. If you’re anything like me, your mind probably races a mile a minute thinking of all of the cool detection techniques you’re going to develop and all of the awesome things you’re going to find.
I know, I’ll take the set of all hosts in our web proxy logs doing periodic POSTs and intersect that with…
You shouldn’t leap before you look into a project like this. Read More »
Tags: CSIRT, csirt-playbook, incident response, infosec, logging, logs, playbook, security, SIEM
Is it the end of October already? As has been true for centuries, there is a tradition for children to wear costumes and disguise themselves while going door to door with a simple question: “Trick or treat?” While I am not sure there is a coincidence, but having National Cyber Security Awareness Month (NCSAM) end on a day characterized by pranks, false identifications and the like seems appropriate. And what scary stories we had to tell!
Read More »
Tags: byod, cloud, cryptography, dns, ncsam-2013, patch, security