ACS EndpointLock™ THE MISSING LINK In Healthc
Post# of 82690
(Total Views: 581)
Posted On: 11/23/2018 11:13:23 AM
ACS EndpointLock™
THE MISSING LINK In Healthcare Security Protocol !
In between the PC or mobile keystrokes and the application or browser, exists a wide open vulnerability that puts millions of health records at risk
The Business Problem
Healthcare information is valued higher than credit card data on the black market because health records never expire.Despite the thousands of dollars, healthcare organizations invest in cyber security, the theft of healthcare data continues to climb. According to recent reports, the majority of hacks involve stolen credentials
[1], which are then leveraged in the initial stages of a healthcare breach in an effort to locate and steal EHR (electronic health records) and PII (personal identifiable information). Using various phishing techniques that cause the victim to unknowingly download a keylogger to his or her device, these passwords can be easily stolen from even the most well-educated clinical or administrative employee. And with close to 85 percent of healthcare professionals using the same device for both personal and professional use, the likelihood for stolen HER by keylogging increases exponentially.
[2] The keylogger intercepts keystrokes as they travel from the keyboard to the browser or application and is one of the main components in most advanced persistent threats. In fact, keyloggers were at the helm of many of the biggest healthcare breaches of our time including the Anthem breach which stole over 80 million patient records
[3}, Premera which stole over 11 million patient records
[4] and UCLA Health lost 4.5 million patient records.
[5] Unfortunately, most security protocols do not protect the keystrokes. Antivirus can only detect known catalogued malware and since many zero day keyloggers are polymorphic, they have the ability to change their form and go on undetected for months and sometimes years. Each year, healthcare organizations pay millions in penalty fees for losing EHR (electronic health records) and PII (personal identifiable information) to hackers. For instance, Anthempenalties have already exceeded 100 million in fees including the cost of issuing breach notifications to customers, paying OCR penalties, implementing new security measures and fighting lawsuits.
[6] These kinds of fees can prove devastating to a small practice. The law requires that providers must report as few as 501 patients if they are breached. Each violation will cost between $100 and $50,000, and then multiplied by the number of records leaked. So if your small practice has 1,000 records leaked, the fine would run between $100,000 and $1.5 million.
The Solution:
To fully protect everything typed into a device, ACS EndpointLock™ was designed to address the existing and growing intrusion of keylogger spyware in the PC and Mobile environments. ACS EndpointLock™ patented keystroke encryption, uses AES 256 encryption and Keystroke Transport Layer Security (KTLS™) technology in the lowest possible layer in the kernel to block and protect the endpoint’s keystrokes from being captured by a keylogger. EndpointLock™ closes a wide open vulnerability that exists in most security protocols and blocks one of the most common threats at the most persistent point of entry.
Compliance agencies have already made cryptography a mandatory requirement.
DEA and HIPAA Security Standards for the protection of EHI
PASSWORD MANAGEMENT (A) § 164.308(a)(5)(ii)(D)
“Implement procedures for creating, changing, and safeguarding passwords.”
ENCRYPTION (A)§ 164.312(e)(2)(ii)
“Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.”
PCI DSS Requirements:
PCI DSS Requirement 8.2.1
“Using strong cryptography, render all authentication credentials (such as passwords/phrases) unreadable during transmission...
NOTE: Keystrokes traveling to the browser or application are considered transmission of data.
THE MISSING LINK In Healthcare Security Protocol !
In between the PC or mobile keystrokes and the application or browser, exists a wide open vulnerability that puts millions of health records at risk
The Business Problem
Healthcare information is valued higher than credit card data on the black market because health records never expire.Despite the thousands of dollars, healthcare organizations invest in cyber security, the theft of healthcare data continues to climb. According to recent reports, the majority of hacks involve stolen credentials
[1], which are then leveraged in the initial stages of a healthcare breach in an effort to locate and steal EHR (electronic health records) and PII (personal identifiable information). Using various phishing techniques that cause the victim to unknowingly download a keylogger to his or her device, these passwords can be easily stolen from even the most well-educated clinical or administrative employee. And with close to 85 percent of healthcare professionals using the same device for both personal and professional use, the likelihood for stolen HER by keylogging increases exponentially.
[2] The keylogger intercepts keystrokes as they travel from the keyboard to the browser or application and is one of the main components in most advanced persistent threats. In fact, keyloggers were at the helm of many of the biggest healthcare breaches of our time including the Anthem breach which stole over 80 million patient records
[3}, Premera which stole over 11 million patient records
[4] and UCLA Health lost 4.5 million patient records.
[5] Unfortunately, most security protocols do not protect the keystrokes. Antivirus can only detect known catalogued malware and since many zero day keyloggers are polymorphic, they have the ability to change their form and go on undetected for months and sometimes years. Each year, healthcare organizations pay millions in penalty fees for losing EHR (electronic health records) and PII (personal identifiable information) to hackers. For instance, Anthempenalties have already exceeded 100 million in fees including the cost of issuing breach notifications to customers, paying OCR penalties, implementing new security measures and fighting lawsuits.
[6] These kinds of fees can prove devastating to a small practice. The law requires that providers must report as few as 501 patients if they are breached. Each violation will cost between $100 and $50,000, and then multiplied by the number of records leaked. So if your small practice has 1,000 records leaked, the fine would run between $100,000 and $1.5 million.
The Solution:
To fully protect everything typed into a device, ACS EndpointLock™ was designed to address the existing and growing intrusion of keylogger spyware in the PC and Mobile environments. ACS EndpointLock™ patented keystroke encryption, uses AES 256 encryption and Keystroke Transport Layer Security (KTLS™) technology in the lowest possible layer in the kernel to block and protect the endpoint’s keystrokes from being captured by a keylogger. EndpointLock™ closes a wide open vulnerability that exists in most security protocols and blocks one of the most common threats at the most persistent point of entry.
Compliance agencies have already made cryptography a mandatory requirement.
DEA and HIPAA Security Standards for the protection of EHI
PASSWORD MANAGEMENT (A) § 164.308(a)(5)(ii)(D)
“Implement procedures for creating, changing, and safeguarding passwords.”
ENCRYPTION (A)§ 164.312(e)(2)(ii)
“Implement a mechanism to encrypt electronic protected health information whenever deemed appropriate.”
PCI DSS Requirements:
PCI DSS Requirement 8.2.1
“Using strong cryptography, render all authentication credentials (such as passwords/phrases) unreadable during transmission...
NOTE: Keystrokes traveling to the browser or application are considered transmission of data.
(4)
(0)Zerify Inc (ZRFY) Stock Research Links
WORDS TO LIVE BY:
Never argue with stupid people, they will drag you down to their level and then beat you with experience.
Get .... PrivacyLok https://cyberidguard.com/
Try SafeVchat: https://cyberidguard.com/
My comments are only my opinion and are not to be used for investment advice.
Please conduct your own due diligence before choosing to buy or sell any stock.
Never argue with stupid people, they will drag you down to their level and then beat you with experience.
Get .... PrivacyLok https://cyberidguard.com/
Try SafeVchat: https://cyberidguard.com/
My comments are only my opinion and are not to be used for investment advice.
Please conduct your own due diligence before choosing to buy or sell any stock.