Tag: hipaa

  • 8 Tips for Practicing Good Cybersecurity Hygiene in your Business

    8 Tips for Practicing Good Cybersecurity Hygiene in your Business

    We all know about good hygiene practices for ourselves and our homes, but what about practicing good cybersecurity hygiene? What does the word hygiene mean when applied to a digital context?

    When we think of hygiene for cybersecurity it’s the essential items needed to practice the bare minimum in cyber threat prevention, we’re strong advocates for advanced cybersecurity threat prevention and believe you can never be too protected – however these 8 items will in many cases prevent the vast majority of outside threats. As a bonus? The only thing you’ll need to spend to enact these in your business today is a little time.

    1. Use Strong and Unique Passwords
      Implement complex passwords and enable multi-factor authentication (MFA) for added security. We have a guide for what a strong password looks like and how to utilize MFA here.
    2. Regularly Update Software and Systems
      Keep your operating systems, applications, and antivirus software up to date to patch vulnerabilities.
    3. Educate Employees on Cybersecurity Best Practices
      Train staff on recognizing phishing scams, suspicious emails, and safe browsing habits. Interested in cybersecurity training for your business? Valley Techlogic includes it (at no additional cost) in all of our plans.
    4. Limit Access to Sensitive Data
      Implement role-based access controls and grant permissions only to those who need them.
    5. Enable Firewalls and Antivirus Protection
      Use firewalls, antivirus programs, and other security tools to prevent unauthorized access.
    6. Backup Data Regularly
      Perform frequent backups and store them in secure, off-site locations to prevent data loss from ransomware attacks.
    7. Monitor Network Activity
      Use intrusion detection systems and regularly review logs for unusual activity.
    8. Implement Secure Wi-Fi and VPN Usage
      Use encrypted Wi-Fi networks and require VPN usage for remote employees to protect data transmission.

    Implementing these 8 cybersecurity threat preventions will protect your business from most attacks, but if you’re looking to go a little further below are 4 cybersecurity benefits included with all Valley Techlogic service plans:

    Want to learn more? Schedule a consultation with us today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on X at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.

  • CMMC Changes for 2024 Summarized

    CMMC Changes for 2024 Summarized

    On December 26th 2023 the DoD (Department of Defense) dropped a slightly belated Christmas gift on defense contractors and vendors in the form of big changes to the CMMC (Cybersecurity Maturity Model Certification) program.

    Whether the timing of the info dump was intentional or not remains a matter of debate but what’s not up for debate is that these changes are now the law of the land when it comes to reaching your CMMC goals (at least until they’re possibly challenged in court but we wouldn’t hold our breath on that). If you have not started working on them yet this is your sign to get started ASAP.

    The 234-page document covered a variety of updates to the program, including splitting up tier 2 into self-attestation OR requiring contractors and vendors to obtain a third-party audit, but for those actively working on it we’re happy to say the controls themselves remain unchanged.

    The vast majority of contractors (63% as estimated by the DoD) will still fall under CMMC Level 1 but a new change will not allow these contractors to submit a POA&M (Plan of Action and Milestones) to comply with unmet milestones going forward.

    For contractors falling under Level 2 and 3 they can still submit a POA&M but while it previously allowed contractors to set their own timing for completing the actions required the new rules state all POA&M must have a plan for completion within 180 days of the initial assessment.

    This is a huge change and will make it very difficult for contractors who are trying to rush to get their accreditation to comply with existing contracts. There are also new limitations on POA&Ms and some controls don’t allow them to be completed under a POA&M at all.

    DoD contractors and vendors will have to rethink their entire plan for coming into compliance with CMMC this year.

    The good news is that if you do meet all of the new hurdles and pass your assessment you will be in the clear for 3 years.

    For those in the CMMC level 2 category (an estimated 37% of those affected) whether or not you can still self-attest in SPURs (Supplier Performance Risk System) or will need a third-party assessment is dependent entirely on whether the CUI (Controlled Unclassified Information) found in your contract warrants one or the other as determined by the DoD.

    As these rules are still rolling out Level 2 contracts will most likely be required to self-attest to start until the program gains its footing when we’ll start to see more required to take on a third-party assessment. Contractors should be prepared either way as they perform the actions needed to qualify for certification.

    There’s good news for Level 3 contractors in that not much has changed for them, and the program overall is still based on guidance from NIST SP 800-172. New language was added that CMMC Level 3 contractors must maintain a perfect Level 2 score in addition to achieving 20 out of 24 points to meet the qualifications for Level 3. Only a small minority of contractors will need to worry about achieving Level 3 and we have no doubt those that qualify know who they are and were already well prepared for this news.

    The proposed roll out of these changes and CMMC as a whole is under a phased implementation window that will expand across a three-year period. Beginning with the DoD looking at those soliciting new DoD contracts to have a Level 1 or Level 2 self-attested score all the way up to the inclusion of CMMC in all new and existing contracts by year three.

    It should also be noted that those who misrepresent their level of readiness under the CMMC program can face some pretty sharp penalties for doing so.

    To add salt to the wounds the DoD have given themselves a grace period up to 2027 to begin rolling out these changes within their own organization – rules for thee but not for me? Perhaps a little bit.

    These weren’t the only changes to be announced in December, if you would like to see and read the full 234-page document yourself you can find it here.

    Either way the time to get your ducks in a row was several years ago (CMMC 2.0 was released in 2021) but short of inventing a time machine to do so the second best time to start is now.

    Valley Techlogic has worked with clients on readiness for a variety of cybersecurity compliance frameworks including but not limited to CMMC, HIPAA, NIST, CIS and more. If you would like to learn more about how we can help you meet your CMMC goals, reach out today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • When a data breach leads to jail time for an ex-CEO, and why you should take data security seriously in 2023

    When a data breach leads to jail time for an ex-CEO, and why you should take data security seriously in 2023

    We’ve seen plenty of examples of extreme monetary penalties occurring from data breaches, but this is the first we’ve seen of anyone actually being jailed for one.

    Vastaamo was a Finnish psychotherapy provider that was founded in 2008. While it was a sub-contractor under the government, Vastaamo like many healthcare related businesses was the subject of data breach attempts, with two additional successful attempts occurring  in 2018 and 2019. These attempts failed to be reported by the company.

    The ex-CEO Ville Tapio did report the 2020 breach to authorities, after all of their patient data was stolen by the cyber criminals. These criminals asked for €450,000 (about $.0.5 million in US dollars at the time of writing) and when that was unsuccessful, they then demanded €200 from each patient of the clinic for which they had records on. They warned this fee would increase to €500 each if the clinic did not pay within 24 hours.

    They warned the patients that after 48 hours with no payment they would be doxxed. Doxxing is when your private details are leaked online (this can include your payment information but also things like your address). In this case they were even willing to leak client session records and notes. They leaked the details of 300 patients which included politicians and police office. A 10 GB file containing the patient notes for over 2000 patients was also found on the dark web following the hack.

    While the clinic, Vastaamo, was a victim in this case authorities still looked at the overall picture when making the decision to charge ex-CEO Ville Tapio, including the previous breaches and the fact that he had insider knowledge of the company’s cybersecurity coverage (or lack thereof). He was charged with a 3-month suspended sentence and the company itself had to file bankruptcy and eventually went under.

    The severity of the breach and the companies lack of accountability when it came to cybersecurity protections made them run afoul of the GDPR (General Data Protection Regulation) which are Europe’s regulations on data protection and privacy for its citizens.

    If you’re a US based company owner it’s not a good idea to think “Well nothing like this could happen here”. California recently passed the CCPA (California Consumer Privacy Act) which allows customers more say so over the data your business collects on them. If your business has contracts with the DoD (Department of Defense) you’re probably already seeing stricter restrictions and regulations for how your business must be cybersecurity compliant to keep doing business with the government via CMMC (Cybersecurity Maturity Model Certification). HIPAA is old news for medical practitioners, but we still find many that are not compliant with the regulations.

    Suffice to say there can be blowback that extends beyond financial penalties and injuries to your business’s reputation. Small steps in protecting the data within your business can make a huge difference in the outcome you have (whether it be avoiding an attack altogether or making for an easier recovery).

    If you need creating or developing a more robust cybersecurity gameplan, Valley Techlogic is the one you’re looking for. Cybersecurity is our number one concern, and we take implementing cyber prevention measures for our clients very seriously. If you would like a consultation to learn more just visit here to get started.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Bridging the technical gap, how technology can bring your dental practice into the future

    Bridging the technical gap, how technology can bring your dental practice into the future

    Dental practitioners are not technology novices, new technologies emerge all the time that help aid patients in the care of their teeth and in advancing restoration processes to combat the effects of tooth decay (just look at the use of lasers for repairing cavities).

    However, we see all the time that our dental practice owning clients will still be stuck in the past when it comes to the rest of their technology.

    If you’re a dentist, ask yourself if the following is true:

    1. Patient records aren’t as organized as you’d like them to be, you’re either still using the old tried and true (and also slow and cluttered) filing cabinet method, or you made the digital leap but don’t have a system for protecting confidentiality. Did you know dentists can also be subject to HIPAA rules?
    2. You have an office server but it’s ancient, well past the 5-year recommend life span for a server and running a copy of Windows server that’s no longer supported by Microsoft. Anything older than Windows Server 2019 is subject to the downsides of no longer being a supported operating system (including increased cybersecurity risks).
    3. Your own system and/or your employee’s workstations are sluggish, you often hear your office assistants tell patients “Sorry, this system is just so slow!” as they’re trying to check them out after a procedure or cleaning. This is frustrating for your employees, and your patients.

    It doesn’t have to be this way. We know as a dental office owner you’re no stranger to bringing on new technologies that can improve the way you do business. Making investments in the technology you use will make your dental practice more efficient, improve the safety of your clients’ records protecting you from liability, and help you accomplish goals you may have for growing your dental practice.

    Unlike the tools you use to practice your trade, you may be a little unsure where to start. Your clients come to you for your expertise in helping them protect their teeth because you’re a trusted expert. So why wouldn’t you reach out to an expert yourself as you navigate these investments in your business?

    The move from more analogue methods, such as the trusted filing cabinet system, may be intimidating, but think of the time it will save pulling up client records and the space you will reclaim in your office.

    New servers and workstations are large investments, but the downtime that occurs when these methods just fail (and they will) is substantial. Can you afford to be potentially stuck for weeks or even months if your office server that houses everything about your business suddenly goes kaput?

    We don’t want to sound gloom and doom, but help is out there to make informed choices about these issues before they become a problem.

    Valley Techlogic can help your dental practice; we have experience with the intricacies of your business and the concerns dental providers have when addressing these complex topics.

    We can help you bring your business into compliance with HIPAA, so as you grow your business your patients can feel confident their private information is protected at your practice. Below is a chart with some HIPAA rules specifically for dentists:

    Dentist need to follow HIPAA too

    If you’d like to learn more about Valley Techlogic can be a partner in technology for your dental practice, schedule a free consultation today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Our Five Best FREE Resources Ranked

    Our Five Best FREE Resources Ranked

    At Valley Techlogic we believe educating our community on internet safety and providing concrete goals for businesses in our area to help improve their cybersecurity measures whether or not they’re covered by a Valley Techlogic plan is a valuable resource our company can provide to make us all a little safer online.

    We’ve provided quite a few free resources and reports over the years, and we couldn’t help but notice which ones really have struck a cord with our audience.

    Here are our top five free resources and reports, ranked by popularity. Bonus, you can grab all of these right from this page, still absolutely free.?

    #5 The Data Contingency Planning Report

    Our Data Contingency Report tells you EXACTLY what you need to have a solid plan for backing up your business’s files. Click to grab the report now instantly.

    #4 The New IT Provider Checklist

    Our New IT Provider Checklist lets you check off the MUST have for your new IT provider. If they don’t cover one or more of these items, you should keep looking.

    #3 Our Section 179 Guide

    Our Section 179 helps you get the best tax benefits from the tech purchases you make for your business. We’ll have the updated 2022 version available later this year.

    #2 Our Cyber Security Framework Overview Report

    Our Cyber Security Framework Overview Report goes over in plain text a number of popular frameworks, CMMC, HIPAA and more.

    #1 Our Cyber Security Checklist

    By far our most popular resource, this no nonsense checklist gets straight to the point on what you need to be fully covered from cyber threats.

    To receive these resources and more, reach out to us to be added to our mailing list. That way you’ll be the first to receive tech tips, free reports and resources and more.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Cyber Insurance – What you can do to ensure your business will be covered in 2022

    Cyber Insurance – What you can do to ensure your business will be covered in 2022

    Last month we released our new cyber insurance report which is an in depth look into this topic, but we wanted to touch on what we’re specifically seeing so far in 2022 in today’s article because from what we’re seeing in from our clients and in the industry – cyber insurance requirements are on the rise.

    If you’re new to cyber insurance or aren’t sure what’s covered under this sort of policy, for most insurance providers cyber insurance offers coverage for technology related disasters. This could include a cybersecurity event such as ransomware or a data breach but depending on your level of policy it might also include IT related downtime not related to cybersecurity such as internet outages. You may even see coverage for specific device issues, such as the loss of an office server that’s critical for day-to-day operations.

    When it comes to the cybersecurity related coverage what many people don’t realize is it’s not only meant for covering your own losses, but also the potential loss incurred by your customers. If you have a data breach, your cyber insurance coverage will cover the cost of any litigation brought by your customers and it may also cover items such as on-going credit monitoring if their PII (personal identifying information) was exposed in the data breach your company suffered.

    It can be easy to feel detached from a loss you haven’t suffered yet. To put some perspective to, it during the Anthem data breach in 2015 when involved 80 million patient records, their costs to notify their customers (which HIPAA regulations stipulate must be done by snail mail) exceeded $40 million in just postage. That’s not even taking into consideration all of the other costs associated with that breach.

    They’re a major corporation, so again it may be difficult to imagine yourself in those shoes, but even for small companies the average costs are as high as $200,000 per breach. Also, if you’re hit with a ransom and think you can just pay it and get out intact, think again. Many times, even if you receive the de-encryption key from the hackers your data may still be lost.

    It’s not surprising that insurance providers are looking at this and wondering how they can alleviate some of the risk they’re taking providing insurance to customers going forward. The requirements are increasing, even for us as a technology provider for businesses we’re seeing longer forms that we’re assisting our customers with when they go to acquire a new cyber insurance policy.

    These longer forms are featuring more difficult questions as well. We have made cybersecurity a staple feature of our plans so our customers are in a good place for obtaining a cyber insurance policy, but the truth is if cybersecurity has been on the back burner for your business, you may have a difficult time in 2022 and beyond finding an insurer that’s willing to cover you.

    As an idea of where to start before you go to obtain a cyber insurance policy, we’ve created this checklist of items you can begin to work on to put your business in a better position this year.

    Be Cyber Insurance Ready in 2022
    Click to grab the full size version.

    Many of the items listed are easy for even someone who’s not very tech savvy to tackle, but if you’d really like to protect your business from hackers this year, we suggest teaming up with a tech provider like Valley Techlogic.

    Cybersecurity is a core focus for our business, we will match your business with a cybersecurity framework that makes sense – for example CMMC for defense contractors, HIPAA for healthcare providers, NIST or CIS for small and medium sizes businesses of any industry – and use that framework to have a concrete game plan for making sure your networks and devices are impenetrable to bad actors. Learn more today with a quick consultation

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • CMMC Series: What’s Happening in 2022

    CMMC Series: What’s Happening in 2022

    We’ve touched on the Cybersecurity Maturity Model Certification (CMMC) before in this blog, but over the next five weeks we’ll be doing a deep dive into this particular cybersecurity framework in our new CMMC Series. Starting with today’s post on what’s happening currently and what we can expect in 2022.

    At Valley Techlogic, we believe a good cybersecurity framework can be the backbone for businesses looking to beef up their cybersecurity implementation. The roadmaps found within frameworks such as CMMC, HIPAA, CIS and NIST act as a perfect guide whether you’ve been implementing cybersecurity strategies for a while or are brand new to the process.

    Our focus on CMMC occurs as the program is set to go through changes. CMMC Version 1.0 was released January 31st, 2020, and while it borrowed most of its components from NIST, it did have 30 additional requirements that aren’t found in the National Institute of Standards and Technology (NIST) framework.

    Those additional standards will not exist in version 2.0 however, as the Department of Defense (DoD) moves to simplify the program and roll back any government oversight that may overreaching. Version 2.0 will allow more companies to self-certify as well.

    Rolling out a new version of anything in the government is a time intensive process, since the new changes were announced it’s anticipated it could take anywhere from 9 months to 24 months before a ruling is established. Also, some groups who are currently involved in implementing CMMC are protesting the changes.

    Regardless of what version exists, we’re past the point where businesses who hold contracts with the DoD can choose to ignore the writing on the wall. You will need to start implementing these security measures now if you haven’t already if you want to maintain your compliance with the DoD rules for their contractors. Whether 2.0 passes or not, CMMC is not going away.

    CMMC accreditation audits are expected to kick off soon, and there’s even some talks about incentivizing businesses who receive their CMMC certifications before it’s officially required. CMMC certification also lets your customers know you take securing their data seriously within your organization.

    Whether it’s 5 tiers found in the existing model or 3 tiers found in 2.0, the best place to start is in the first tier. These changes are easy to quickly implement and will lay the foundation for future cybersecurity improvements. At Valley Techlogic, we have experience helping businesses implement the requirements found within CMMC (as well as NIST, HIPAA, CIS and more).

    We can help your business self-certify and prepare for CMMC accreditation. We can quickly bring you to compliance with tier one and set goals for the more advanced levels.

    Over the next weeks we will talk about the goals found within tier one and beyond in this ongoing CMMC series. If you’re hoping to meet the qualifications for CMMC accreditation in 2022, schedule a meeting with us today to learn how we can help with the process.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Grab our 2021 HIPAA compliancy checklist and see how you can address HIPAA in the New Year

    Grab our 2021 HIPAA compliancy checklist and see how you can address HIPAA in the New Year

    HIPAA (which was enacted on August 21, 1996) is not a new topic for healthcare providers and those who handle Protected Healthcare Information (PHI), yet many healthcare providers still do not meet the target goals assigned by the program to prevent a data breach that could devastate their business.

    That may be due to the cost and complexity that surrounds meeting all of the necessary components of HIPAA. It’s estimated the actual costs of HIPAA compliancy are around $8.3 billion per year. For physicians, they can be looking to spend $35,000 a year to meet the technology requirements alone.

    When you look at the numbers, it’s easy to see why many healthcare providers would simply choose to roll the dice under the assumption there’s only a small chance their business would ever be affected by a breach or cyberattack. We’re here to tell you, that’s really not a good idea.

    Patient records and other PHI data is some of the most valuable data available on the Dark Web, with patient records averaging $250 to $1000 each. That means even a small doctors office may be sitting on hundreds of thousands of dollars’ worth of data to would be cyber criminals.

    These records are then used to create credible profiles for criminals such as drug traffickers, who use them to purchase prescription medications under your client’s identity (while also having your clients’ personal details, such as where they live). This means a breach would not only be a risk to your business but also equals a risk to your client’s safety.

    We know no provider would willingly put their client’s health and safety in jeopardy, it’s antithetical to the oaths that healthcare workers commit to as they launch into their chosen profession. Knowing the risks involved doesn’t make the hurdles associated with implementing HIPAA effectively in your business any less daunting. That’s why we’re here to help, below is the checklist with the six most effective measures you can implement in 2022 to bring your business to HIPAA compliancy.

    HIPAA Compliancy Checklist
    Click to view the full version.

    Many of those items are not difficult to implement even sooner, such as security awareness training (the number one cause of data breaches is human error).

    Reviewing the way your vendors handle PHI data and obtaining confirmation that they’re protecting things on their end is also as simple as making some phone calls.

    For other items, such as an annual HIPAA checkup it may be best to have a technology partner that can help you not only address your current HIPAA concerns but also a path forward that includes accessible goals for your business.

    If you’re in the Central Valley, Valley Techlogic can be that partner. Many of our clients are in the healthcare sector, and we have helped them establish their compliancy with HIPAA and have helped them maintain it going forward.

    We have over a decade of experience with the topic of cybersecurity and can apply our tools and knowledge directly to your business under one of our easy to budget for inclusive monthly plans. Schedule a quick call to learn more about how we can help your business be HIPAA compliant in the new year.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.