Ciphertex's Healthcare Data Security Solutions At HIMSS 2017
Ciphertex attended the 2017 HIMSS Annual Conference and Exhibition in Orlando, Florida on February 19-23. The exhibition brought together over 40,000 health IT professionals.
Ciphertex featured its CX-2500ES3, CX-3500E3, Ranger-E and Ranger-EX, all of which are HIPPA compliant and come with separate encryption keys. Ciphertex Data Security offers advanced RAID configurations on our Ranger RAID series and NAS devices. All of our products secure data with AES-256 bit hardware-based encryption and multiple data protection protocols. Ciphertex rugged, portable RAID and NAS servers make data transport and migration easy.
HIMSS (Healthcare Information and Management Systems Society) is a global, cause-based, not-for-profit organization focused on better health through information technology. You can learn more about HIMSS by clicking here.
Ciphertex is a leading data security solutions provider and is trusted by organizations worldwide and in various industries. Ciphertex delivers powerful, secure and portable data storage systems using advanced hardware encryption. Learn to more about Ciphertex and its products by clicking here.
Ransomware: Cybersecurity's Next Biggest Threat
What is Ransomware?
Malicious software that locks your data files and demands a ransom payment to access them.
Ransomware is a term for the many variations of malware that infect computer systems, typically by social engineering schemes. A cryptovirology attack encrypts critical files and systems, then renders them inaccessible to the owner.
Ransomware sometimes marks the files for permanent deletion or publication on the internet.
The perpetrators demand a payment (usually in untraceable cryptocurrency like Bitcoin) for the private key required to decrypt and access the files.
Infamous ransomware examples include CryptoLocker, CryptoWall, Locky, Cerber, KeyRanger, SamSam, TeslaCrypt, TorrentLocker, and Reveton.
Who are Ransomware Perpetrators?
Cyber-criminals who profit by violating businesses that rely on data.
Ransomware perpetrators are sophisticated, profit-hungry, cybercriminals on the lookout for unsuspecting SMBs to violate. Ransomware cybercriminals are also organized and profitable, earning 10-50 million dollars a month.
Ransomware criminal teams often work out of office buildings, making the stealthy and disruptive pieces of malicious software, and designing deceptively simple schemes to infiltrate small to medium sized businesses.
Recently, a Ransomware-as-a-Service organized cybercrime ring was discovered, which infected around 150,000 victims in 201 countries in July 2016; splitting profits 40% to malware authors and 60% to those who discover new targets.
The overhead is low, the profits are high, the Bitcoin is anonymous, and the list of targets are endless.
Could my business be a Ransomware victim?
If data is important to your business, you are a target.
To get in to your systems, they may send a phishing email to your staff. Because 94% of people can’t distinguish between a real email and a phishing email 100% of the time, they get in. And if they don’t, they try again until someone somewhere clicks the link.
Ciphertex 3 Layers of Protection
Good Security practices regarding emails, email attachments, and computers is the first step. Educate anyone with access to company emails, computers, or servers.
Quality Antivirus can stop 1000s of attacks per day, saving a system from a full-blown infection even if an employee clicks on a virus-containing link.
TOTAL DATA PROTECTION
A redundant data security solution
that backs up and stores data in a secure location with snapshot technology, encryption, and replication.
Using Ciphertex 3-layered security system, even if ransomware penetrates your defenses, you can recover the data in a 'snapshot'. No ransom, no downtime, no problem.
Ciphertex is a leading data security solutions provider and is trusted by organizations worldwide
and in various industries. Ciphertex delivers powerful, secure and portable data storage systems using advanced hardware encryption. Ciphertex DAS
and NAS systems
offer unparalleled performance, security and reliability – seamlessly integrating hardware based AES 256-bit encryption with the latest in RAID storage technologies and smart chassis design.
Designed-in flexible connectivity is guaranteed with each system able to support the leading storage interfaces and operating systems. Each multi-bay Ciphertex system also offers simplistic functionality and setup via its graphical user interface combined with a powerful data management software suite.
Ciphertex NAS, DAS, and single drive
storage devices are lightweight and portable in order to be accessible to people with disabilities. Ciphertex offers solution from 2TB into the Petabyte’s for large data centers
Oil & Gas Companies "Drill" Into Cybersecurity Needs
"From cyber attacks to internal security breaches, cybersecurity is an issue in oil and gas that has deservedly come to the forefront," said Rigzone.com.
Mark Maddox, vice president and CIO for Apache Corp., said he doesn’t look at the issue as a cybersecurity challenge, rather an information security challenge.
“What we’re really protecting is our data. It’s not just the hacker and the attacks, it’s the internal side. It’s the people side. It’s the accidental issues,” Maddox said.
Workers have to be able to secure and
access the data provided because of its importance for company operations.
Ciphertex Data Security products mitigate data loss from external and internal attacks. Our rugged storage solutions and secure, tamper-evident transport case are ideal for shuttling data from oilfields to in-house data centers.
Ciphertex NAS servers
are specifically designed with multi-factor authentication to prevent unauthorized data access. They offer role-based access control, IP filtering/blocking, RAID protection
, Disaster Recovery protocols all based on a protected AES 256-bit hardware based encryption foundation.
Taking cues from industries such as the financial services sector, considered by some as the poster child for cybersecurity, Deskus said it’s good to determine how to bring that vein of thinking into the oil and gas industry.
And while the industry transitions into that way of thinking, it’s people that keeps oil and gas leaders up at night in regards to security challenges.
Portions of this article were directly sourced from "What Needs to Happen with Cybersecurity in Oil,Gas"
Original Article Posted on: Rigzone.com
Read Full Article Here
Author: Valerie Jones
Post Date: 2/17/2017
5 Steps to Ensuring Hospital Data Security
Hospitals and health systems face increasing regulation for protecting the security of patient health information; yet, data breaches remain common in the industry. Health system leaders must make data security a priority. Here are five initial steps to ensuring data security in your organization.
1. Conduct a HIPAA risk analysis
Risk assessment is an important task for any healthcare organization. Since the HITECH Act amendments to the Health Insurance Portability and Accountability Act took effect in February 2010, both covered entities and their business associates are required to complete risk assessments about threats and risks to protected health information.
After conducting the risk assessment, the organization must develop and implement safeguards to manage the identified risks. While HHS has not published a specific template for conducting a HIPAA risk analysis, it has referenced as a guideline the standards set by the National Institute of Standards Testing in its publication 800-30
According to the NIST standard, the key purposes of risk assessments are to identify "relevant threats" to the organization, including "vulnerabilities, both internal and external," and the "likelihood that harm will occur."
The NIST standards also call for all organizations, large and small, to designate a compliance officer. The officer should undergo needed HIPAA training and assume responsibility for end-user education about standards.
2. Implement encryption for all data as recommended by the AMA
The American Medical Association and many security experts recommend that physicians encrypt all protected health information. In its white paper, "HIPAA Security Rule: Frequently Asked Questions,"
the AMA notes that if a provider organization suffers a breach of protected health information, it must notify all the patients impacted unless the data (e.g., in a laptop or disk drive) was encrypted. In that case the data is considered "indecipherable," and no expensive notification is required.
According to the AMA, physicians should encrypt "any systems and individual files" containing PHI. This includes electronic medical records, medical images, claims payments and emails containing PHI.
The AMA notes that secure encryption systems use a "key," which can be a piece of data inside a software program or a small physical device (usually the size of jump drive). It is called a key because it "unlocks" the encryption formula to unscramble the data.
3. Choose the highest level of encryption without the lag
The AMA recommends that physicians use the "best available encryption algorithm" which is contained in the advanced encryption standard. The AES was selected by NIST in a competition and is stronger and faster than earlier encryption standards.
The newest encryption standard, AES 256-bit encryption, is unbreakable by brute force or by or criminals using computers. An encryption algorithm takes the original message, and a key, and alters the original message mathematically based on the key's bits to create a new encrypted message in 0s and 1s. In AES 256-bit encryption, the keys use a list of AES 256-bit 0s and 1s. It is exponentially more secure than earlier algorithms that used AES 128-bit keys.
In previous years, providers using first-generation encryption systems on older, low-capacity computers sometimes encountered slow or delayed data access. Advanced encryption storage devices now on the market can transfer at the rate of 1,000 mbps over a 10 GB network environment. This is fast enough to provide instant viewing of large medical images. There is virtually no performance or capacity impact. For example, a 2 megabyte CT scan will be transferred and displayed in one second. With advanced encryption systems in place, information is stored securely and the encryption process is invisible to users.
Many devices and software programs claim to be encrypted. It is important to determine exactly what form of encryption they use and how reliable it is. For example, some popular operating systems offer encryption. However, if the operating system itself is vulnerable to hackers, the encryption system it contains may not be sufficient.
4. Secure laptop data with encrypted portable storage devices
Laptops remain a major concern for PHI security. A $300 laptop that is lost or stolen can potentially result in a $500,000 penalty. One simple, affordable option is to store PHI on a portable, encrypted external hard drive instead of storing data directly on the laptop. For example, a small external hard drive (about the size of an iPhone) that is hardware encrypted cannot be accessed without the physical key and the content wouldn't be able to be accessed if lost or stolen.
Mobile devices (e.g. tablets, smart phones) should either be encrypted or configured so they do not store any PHI. Security experts point out that webmail services are not currently encrypted and secure. Sending patient information via text messages is an increasingly common HIPAA violation since many physicians and nurses are sending medical communications on their cell phones outside of an encrypted EHR system.
In addition, all portable storage backup discs (such as those connected to a server) should be encrypted, whether or not they are in a secured area. Note that in 2012, Blue Cross and Blue Shield of Tennessee was fined $1.5 million by HHS after a thief stole 57 hard drives containing unencrypted information on one million plan members.
5. Make sure you have disaster recovery and business continuity plan
Disasters range from power outages, floods, fires, storms, equipment failure, sabotage, terrorism (such as the events of 9/11) and earthquakes. Under HIPAA, both covered entities (e.g., hospitals, medical groups, clinics) and business associates are now required to plan for disaster recovery including natural disasters and loss of electricity. The HIPAA rules recommend that the covered entity should prepare a comprehensive, usable, and effective disaster recovery plan, which will involve the entire workforce to help restore or recover any of its crucial operations.
By having a plan, an organization can reduce the potential headaches involved with disaster recovery and, in turn, ensure business continuity. Part of any reliable disaster recovery plan is making sure your data storage system company offers solutions that are redundant, secure, robust and deliver WAN optimization.
Advanced portable storage devices enable large amounts of data to be encrypted and stored in rugged, lightweight units. For example, a five-drive unit smaller than the size of a shoebox and weighing 14 lbs. can store 20 terabytes of data, enough to store some 2 million medical images. These units can be easily carried by individuals in the event of an evacuation. In addition, the data storage units can be placed in water-resistant storage cases to provide protection against storms and flooding.
Jerry Kaner, CEO of Los Angeles-based Ciphertex, has consulted for the FBI and U.S. Secret Service on data encryption and recovery.
Article Originally Posted at Becker's Hospital Review
Ciphertex Data Security is exhibiting at SuperComputing 2016!
Booth #3770 Salt Lake City, Utah, Nov. 14 -17!
Ciphertex will be featuring our line of encrypted, rugged, and portable servers which our uniquely suited for data migration. The Ciphertex Data Defender overcomes the limitations and security deficiencies in data transfer over the wire and delivers high performance, secure data transfer in a single portable appliance.
Get a look at all of our data security products that are ideal for data center use and more. We're here to help you with your next data migration project and data security needs. We are offering free guest passes to interested parties!
Our 60-bay rackmount natively offers up to 600TB and over 1 Petabyte with JBOD expansion.
The CX-60K-REX is available with multiple software options and can be configured to suit your company's needs. Our standard AES-256 bit encryption, RAID, and other enterprise security features ensure the utmost protection for your data.
100 TB of portable storage in an rugged and encrypted server
The CX-10K-REX is equipped with fast performance capabilities include iSCSI and optional 10 GbE for effective and efficient data transfer. The NAS comes packed with over 60 applications for a variety of uses cases including networking, cloud storage, and server solutions. The CX-10K-REX with AES-256 bit encryption, advanced RAID configurations, and real-time remote replication is ideal for secure transport and migration of data.
A high density rackmount that is expandable from 12 to 24 bays.
The CX-24K-REX is specially designed 2u rackmount to maximize the physical space in your data center without sacrificing virtual capacity. With up to 240TB of capacity, our expandable 24 bay server offers all of the software capabilities and features of the 60-bay rackmount in a smaller package. Backed by a trusted name in data security, Ciphertex offers multiple software configurations and options to create a server product unique for your company.
Ciphertex Hard Transport Case
Our ruggedized transport cases protect our portable servers via shipment and ensure an extra lay of security. Our transport cases are waterproof, dustproof, dent-resistant, chemical-resistant, shatter-proof, and more. Secure your data during migration in one of our secure hard transport cases.
Request A Pass
This is a test post.
In today's advanced, interconnected world, businesses experience dramatic growth of digital data including documents, emails, and applications. Protecting the infrastructure that allows organizations to function is crucial. Security threats are inherently difficult to manage because there are so many different types –cybercrime, lost and stolen data, natural disasters, industrial accidents, terrorism and they are constantly evolving. Their economic and societal impact can be enormous.
This increasing data security requirement means that the challenges of businesses today extend beyond conventional defense methods. Security has taken on a new significance, encompassing security for protection of critical infrastructure, sensitive data, and information systems data and digital assets.