OSHA Postings are due the First day of February

Categories: Articles

Employers have to post OSHA Form 300A for 2018 by the first day of February and leave it up through April 30. This form displays illnesses and injuries that occurred during the previous year and serves as a log of work-related injuries and illnesses recorded. The form must be posted in an area where it is visible to all employees. Records must be kept at the worksite for a minimum of five years and available to not only current employees, but to former employees (or their representatives if need be) as well.

The United States Department of Labor requires employers with 10 or more employees to keep records of work-related illnesses and injuries that are considered serious (if an injury only required first-aid, it need not be recorded). Severe injuries regarding loss of an eye, amputation or hospitalization must be reported within 24 hours; any fatality must be reported within 8 hours. Businesses that employ 10 or less employees who work in low-hazard conditions are considered exempt from the above requirements.

Note: OSHA Form 300A (Summary of Work-Related Injuries and Illnesses) is the only form needed for electronic submission for establishments in excess of 250 employees as of July 30, 2018 due to issuance of a Notice of Proposed Rulemaking (NPRM). In addition to form 300A, OSHA also requires the employers submit their (EIN) Employer Identification Number.

Ensure Your Workers Are Safe:

Employers are responsible for providing a safe work environment and by law are required to provide training and information to employees in a manner of communication that the employee/s understands. They must be made aware of certain hazards in the workplace and instructed on how to avoid them or prevent them from happening according to OSHA standards. This can include labeling hazardous materials or chemicals and providing Fact Sheets; posting signs, color-coding; safety training and written instructions clearly defined in an Employee Manual and the implementation of OSHA’s Illness and Injury Prevention Program at your place of business.

Fines Are Steep for Violations:

Congress enacted legislation that required federal agencies adjust civil penalties to account for inflation as of November 2015. OSHA’s maximum penalties have not been adjusted since 1990 and are going to increase by 78 percent. Moving forward, this will adjust each year for inflation based on the Consumer Price Index beginning after August 1, 2016 when they went into effect.

  • Serious or Other-than-Serious Violations are currently $7000 per violation and the new penalty will be $12,471 per violation.
  • Failure to Abate is currently $7,000 per day beyond the abatement date and the new penalty will rise to $12,471 per day beyond the abatement date.
  • A Willful or Repeated violation is currently $70,000 per violation and the new rate will become $124,709 per violation.

In the course of a citation being issued, it must remain posted and visible until it has been corrected, or for a length of three days, whichever comes first. Smaller businesses may see a reduction in OSHA penalties based on deciding factors and number of employees/sizes of business. OSHA’s Field Operations Manual has been revised and is now available to field staff to address recent changes.

This may all sound a bit complicated, but it doesn’t need to be. If your business does not have a designated HR department, try reaching out to a local HR agency such as Stellaris Group in Marietta, Georgia.  Stellaris Group offers OSHA and Safety Programs, Government Compliance, Internal Investigations and everything you need for complete Human Resource Management for your business.

Article by: Dawn Stastny, SPHR, SHRM-SCP is the Managing Partner and Founder of Stellaris Group, LLC. To learn more about Human Resources Outsourcing and Consulting, connect with her at 678-935-6001 or by email at Dawn.Stastny@Stellaris.Co

5 Signs You’re Reading a Spear Phishing Email

Categories: Articles

Since the early 2000s, spear phishing scams have been a problem. These scamming emails occur when someone attempts to lure sensitive information from an unsuspecting recipient by posing as a legitimate company or entity (i.e. ‘please provide your credit card info for a free trial,’ or, ‘your account has been hacked, please reply with your password and username to reclaim control’).

Falling victim to a phishing scam can be detrimental to the individual or company who is preyed upon. And unfortunately, phishing scammers have been getting better and better, therefore making it more difficult to detect when an email is legitimate vs. when it is a fake.

To help you decipher between what’s real and what’s not, look for these 5 signs that you’re reading a spear phishing email.

Nosy and Suspicious Requests

Your bank, or any other company, will not ask you for your social security number, bank account information, PIN numbers, or any other highly sensitive material over email. Whenever you receive an email that is requesting any type of info from you, always remain suspicious. When in doubt, call the bank or company directly to ensure that the email is in fact legitimate.

Grammatical Errors

While we can all be guilty of a typo here or there, some phishing emails are often plagued by spelling, grammatical, and format errors. While in some instances, the grammatical errors are caused by the sender not being a strong English speaker, many theorize that these errors are prevalent in scam emails because they save time.

Because it usually takes multiple emails back and forth between the phisher and the victim for them to successfully extract the information, the scammers need to weed out between those who will fall for it and those who won’t. In other words, people who look past grammatical errors and ignore spelling mistakes are more likely to actually provide the information than those who don’t. Therefore, they can save time by sending low-quality emails to more people, faster, and cast a wider net around potential victims.

Pretty evil, we know. So always be mindful of too many grammatical errors!

Missing a Name for Who it is Addressed to

An email that begins with ‘Dear customer’ or a similarly generic introduction is more likely to be a spear phishing email than those that actually include your own name. For reasons described in the previous tip, it is more advantageous for these criminals to not take the time to figure out the names of the recipients, but rather to just send out as many as they can.

Email From a Public Internet Account

If you believe you’re receiving an email from a bank or business, the sender’s email should not have a public internet account attached to it. Email from @ Gmail, Yahoo!, Hotmail, or Outlook should be a red flag that the sender is not who they say they are. Many phishing emails will use the name of the bank or entity in the email to try and trick you.

(Example: NorthBranchBank@gmail.com)

Non-Accurate URL

Phishing scammers will often use fraudulent websites to try and steal your information. If you are provided a link, check carefully to make sure that the URL is correct. You can easily do this by opening a new tab and googling the website yourself and checking to make sure that it is the same as the one provided in the email. Scammers will try and make the website look as close to the original as possible, but you can spot slight differences, such as alternative spelling or added punctuation.

Use Medicus IT For Your Cybersecurity Needs

At Medicus IT, we offer phishing and security awareness solutions for our clients to help you prepare for a phishing email attack on your business. We’ll work with you to implement a phishing scam simulation, which will allow us to identify which employees fell for the scam. Therefore, we can pinpoint which employees need to be trained in how to spot these scams. It’s also a great reality check, as it shows just how easy it is for businesses and their employees to be tricked into giving up personal information.

These simulations are extremely important for healthcare providers, whose patient’s information and records should be confidential at all times.

Article by:

Oct 1 Safe Harbor Deadline

Categories: Articles

Are you a business owner who needs to reduce their current year taxable income and save for retirement? Now is the ideal time to evaluate retirement plan options for 2018 and beyond.

The deadline to establish a safe harbor 401(k) plan fpr 2018 is October 1st, 2018. These plans provide significant benefits to business owners and their key staff members:

  • Business owners to make the maximum 401(k) contribution this year ($18,500 or $24,500 if age 50+);
  • Safe harbor company contributions can be either a flat 3% contribution to eligible employees, or a matching contribution of up to 4% of pay;
  • The plan may allow for additional profit sharing or matching contributions;
  • These plans can be paired with cash balance/defined benefit plans for even larger tax-deductible contributions.

Please contact us ASAP so we can start designing a solution for your needs. We look forward to working with you!

Joshua C. Harper, CFP®, CLU®, ChFC®

 Office (404) 926-1303

Cell (404) 277-1604

Fax (470) 777-2470


Three Alliance Center

3550 Lenox Road NE, Suite 1100

Atlanta, GA 30326

Article provided by Joshua C. Harper , CFP®, CLU®, ChFC®, for Capstone Financial. For questions, please contact here.

The Story Of Windows 7 & Server 2008 End Of Life Has Just Gone Viral!

Categories: Articles

Microsoft’s most loved computing operating systems are ending sooner than we think. Support for Windows 7, Windows Server 2008 and Windows Server 2008 R2 end on January 14th, 2020. This means that they will discontinue all support, including paid support; and all updates, including security updates. At this time your systems will no longer receive regular security updates, it is because of this that your older systems will no longer be considered compliant. Additionally, your computers, servers, medical modalities running these older systems will be prone to new unpatched exploits, potentially leaving your systems open to further attacks.

Between now and January 2020, Microsoft is offering “extended support” for Windows 7. Which means, Microsoft is still offering paid support and continues to provide security updates. No new features will be released.

As for Windows Server 2008, everyone will need to migrate to Windows Server 2012 or higher. Microsoft will no longer accept warranty claims, or provide non-security hot fixes. Microsoft will continue to offer bug fixes and security updates through extended support. Be mindful though, that we must validate what systems are being supported by your line of business and your applications before proposing an upgrade solution, it is not uncommon for software vendors (including many EMRs) to not support the most recent Server operating systems.

In the table below you can see the current dates that Microsoft will be ending support for various operating systems:

What Do You Do Now?

Now, its time to upgrade your operating systems. The whole process takes time and careful planning, especially if you have a lot of machines and systems to assess in the process. Here are the steps to take to make sure your transition is successful:

1. Identify devices that need to be upgraded or replaced that meet essential (HIPAA) security compliance.

2. Develop a budget for upgrades, replacements and a timeline of when this will occur.

3. If your systems needing upgrades aren’t powerful enough for the latest Microsoft upgrades, we recommend backing up valuable data and then shredding the hard drive, recycling the old PC, and replacing it with a new computer running Windows 8 Professional or Windows 10.

4. Have security controls in place to separate difficult systems from Windows 7 and Server 2008 machines that cannot be upgraded or removed.

5. Training employees on the new upcoming operating systems that are going to be implemented in your practice/business.

What is Windows 10 and how do I upgrade From Windows 7?

If you don’t have a product key or a digital license, you can buy Windows 10 Pro from the Microsoft Store. Select the Start button, select Settings > Update & security > Activation, and then select Go to Microsoft Store.

The great thing about Windows 10 is that it supports apps that are used across multiple devices, including PCs, tablets, and smartphones. It supports face login, touchscreen, and keyboard/mouse input methods and is faster than Windows 7.

It has a lot of useful benefits like interface, security, speed, compatibility, and software tools that are a massive improvement over Windows 7. The goal of Windows 10 is familiarity and a much simpler learning curve. It gives you the best of both worlds.

Is your practice/business still using Windows 7 and Server 2008? Do you need help upgrading your operating system, replacing your computers with Windows 10 and Server 2012, hard drive shredding and recycling?

Then, Contact Us.

We’re always here to help with all of your IT needs.

Article provided by Mike Jann , for Medicus IT  mjann@medicusit.com.

Don’t Get Put on the SHAME LIST! ; Contribute to a Safer Web by Switching to HTTPS

Categories: Articles

Google has given us all a final push to defend our sensitive information since July (2018) with the release of Chrome 68, a new version of their free internet browser. This, of course, includes prospective patients that may be searching for a healthcare provider. The new version will mark all HTTP sites as “Not Secure,” according to a blog post published by Emily Schechter, Chrome security product manager. In a gradually increasing effort to ensure visitor safety and security throughout the web, Google started to mark more and more HTTP websites as “Not Secure” last January, including those asking for credit card information and passwords. Outside entities even published “Shame Lists” of websites that had not yet made the switch!

Just since last year, more than 68% of Google Chrome users on Android and Windows and more than 78% on Chrome OS and Mac now have protection through HTTPS encryption.  Of course, Google aims for 100% of traffic to be protected by HTTPS encryption by default. What does this mean for you? It means that your website needs a certificate for use with SSL or TLS if it does not have one yet.

Lost in a cloud of abbreviations? Here’s what you need to know:

HTTPS (HyperText Transfer Protocol Secure) is an extension of HTTP and a certain code that two computers use to scramble the messages they send to each other so that hackers can’t intercept those messages (i.e. your CC info, passwords, etc.) and read them. An SSL is a Secure Sockets Layer and TSL means Transport Layer Security. These layers are where HTTPS uses this “crime-fighting” code. They allow private and secure transfer of data to a browser from a server. Therefore, since July, anyone without an SSL or TLS will be deemed “Not Secure.”

Right now, HTTPS sites show a green lock and the word “Secure” in the far left of the URL bar. While previous versions of Chrome would only alert the visitor that the site was not secure when entering data into certain fields, anyone that does not switch to HTTPS will surely turn off visitors by showing a red “i” in a circle and the words, “Not Secure.”

If this switch has already impacted your website, don’t worry; there is a path to recovery. It may cause damage (turning patients away from your site), but it can be reversed. There are new automatic auditing tools that make migrating to HTTPS very simple, such as the audit in Lighthouse. Developers can use Lighthouse to determine which parts of your site are ready to update to HTTPS. Moving to HTTPS will also allow for new features and performance enhancements that HTTP cannot support.

In February 2018, Google reported that HTTPS was already the default for 81% of the top 100 sites. Ask NicheLabs to help you obtain your SSL today by calling 888-978-9254 or click here to send a message.

Article provided by Christina O’Brien, Marketing Manager, NicheLabs. For questions, please contact here.

Meet the Team

Categories: Meet the Team, Team Member Spotlight

Paul Mancini, Clear Choice Telephones

Family – married? Children? Pets?
Paul spends much of his free time with his wife, Robin, his son Austin (who now also works for Clear Choice Phones) and his dog, a dachshund named Bella that they adopted.

Where did you grow up? Interests as a child? What did you want to be “when you grew up”?
Paul was born in Pittsburgh but has lived all over. He wanted to play tennis when he grew up.

What college did you attend? What did you study? Best memories of those years?
Paul attended West Virginia University where he had a successful tennis career, ranking top 10 in the country, and #400 in the world. His best memories included the travel that tennis allowed him.

Where in Atlanta do you live? What brought you here?
He moved to Alpharetta after college because he had many friends there.

Tennis, working out, podcasts.

If money were no issue, what would you do with your time?
Paul’s dream would be teaching tennis to children and dabbling in technology. He would always find a way to keep busy.

Favorite food? Worst food?
Italian – pizza/pasta.  Any seafood has to be cooked.

Cook or clean dishes?
Dishes; His wife is the cook.

Favorite sports team (s)?  Favorite book? Favorite movie? A true Steelers fan, he even has a sticker on his car.  Shawshank Redemption, The Godfather

Furthest you’ve ever traveled? Best trip of life?
Paul travelled “unintentionally” during his tennis career. He spent 1 year in Hawaii.

Mountains, beach, or staycation?
All 3?

Role Model in your life?
Growing up as a tennis player, Andre Agassi was Paul’s role model. His dad was a huge fan, too.

Practice Manager of the Month

Categories: Practice Manager of the Month

Simone Flack - Practice Manager of the Month (PMOM), August 2018 - Healthcare Services TeamSimone Flack
Practice Manager, Atlanta Clinical Care

Simone Flack is the Practice Manager at Atlanta Clinical Care.  The group has four full time doctors and two mid-levels.  The practice is located near Northside and St. Joseph’s and receives a lot of hospital patient referrals from surgery as they focus on infectious diseases and infusion services.  The practice also has a travel clinic, Atlanta Travel Medicine, where they provide pre-travel shots to prevent the spread of infectious diseases.  Simone has been with the practice for six years.  She worked previously at another medical practice before Atlanta Clinical Care.  Prior to working in the medical field, she worked 20 years in banking helping doctors and attorneys.  Her combination of medical knowledge and finance has made her a valuable asset for the doctors as they know the practice is running smooth and she ‘knows where the money is.’

Simone has found a different kind of stress working in a doctor’s office versus a bank but finds it rewarding.  She prides herself on providing outstanding customer service and her can do attitude.  She loves being with people and trying to help them. She enjoys problem solving and that no day is the same.

In any walk of life, Simone knows that to be successful it takes a team.  With her role as Practice Manager she does need to view everything at the 30,000 feet level.  But, she understands that it is very important that she knows the different areas in the practice and appreciation for what each person does.  It is important not just to know what they need to do, but also what it takes to do the work and know each person and what they are going through.  Simone states that relating to your fellow employees and showing appreciation helps to earn their respect and empowers them to be successful.  She says that if one link is not working properly, then the whole chain breaks down.  By staying in front of any issues, the work runs smoothly and creates a good environment.

Some of the best advice that Simone received came from a former banking colleague Robert Taylor in South Carolina.  He told her there are many ways to get to the goal; roll with the punches and realize there is not just one way to do it.  Simone keeps this in mind and is open to different views and opinions and tries to incorporate them into her day to day.  If she keeps the goal in sight and knows there different ways to get there, she stays focused and shares the same vision with her colleagues.

Matthew J. McCall MD at Atlanta Clinical Care states, “Simone is an integral member to our team/family and therefore I cannot use the term “office manager” when it relates to her.  She has been with us for over 5 years and has vastly contributed to the ongoing success which we have been blessed to have. Her diligence, intelligence, and management skills are unparalleled. She wears too many hats with her job duties to describe in a few sentences.  What I can say is that each hat is worn with 100 percent precision and the job(s) are always handled to perfection. The great success of our practice lies greatly on the back of Simone. I cannot imagine being in a practice, or owning a practice, without the assistance of Simone. I would rather this would be a “Practice Manager of the years” nomination, rather than a monthly nomination as it does not do justice to my gratitude to Simone.  The greatest compliment I can give is that if the time ever came for her to have a better opportunity for her or her family, I would have a hard time writing all of my recommendations on a single form as I cannot imagine ever running a business without her.”
Simone’s focus outside of work is keeping up with the lives of her two adult daughters.  One is a registered nurse in California, and the other opened a law firm in Atlanta.  Simone loves to travel, especially to the mountains to ski.  Her list of mountains to conquer is Park City, Smokies, Steamboat, and Heavenly.  She will be meeting her brother in Austria soon and also hopes to travel to Alberta.

Simone Flack was nominated by Sheila Fox-Lovell of Shandy Creative Solutions.  She describes Sheila as the sweetest and most positive person.  The relationship started with business cards, then needed some help to redevelop the website, and just continues to grow.  She appreciates Sheila’s patience as often their projects together will be working on something for a bit, then has to take break to focus on other areas as Practice Manager.   She looks forward to continuing their friendship and business relationship with other future projects.

Let the Patient Inside Before Their Visit; The Benefits of Virtual Tours

Categories: Articles

It’s safe to say that most people do not stroll around town to look for healthcare practices when they need a check-up or to see the doctor for a sore throat. Besides word-of-mouth (no pun intended), how do they find the right doctor’s office? Google tells us that consumers use mapping tools (like Google Maps) 44% of the time when they are searching for businesses. After they find you, they need a reason to learn more and book an appointment. The longer they engage with your site, the more likely they are to make an appointment. A Google Street View Virtual Tour is an easy, low maintenance, one-time investment that lasts forever and can increase both web traffic and in-office visits.

We’ve all sat in the waiting room for what feels like forever, anxiously waiting for our doctor to provide us some relief or at least some answers. When someone searches for “doctor’s office near me,” they want to find a place that looks comfortable and clean. This is where Google Street View Virtual Tours come in. The 3D tours are an addition to the Google Maps platform. Anyone with a physical location listed with Google My Business can integrate a tour into their listing. As one of the most high-impact marketing tools available, a virtual tour literally gives a potential patient the ability to move around inside your business, choosing what they want to see.

Meet Medicus IT, a leading Healthcare IT Support Provider serving the Southeast. Nichelabs gave Medicus IT the power to leverage Google Virtual Tour Technology and showcase their beautiful new office in Alpharetta, GA.

What does the 3D tour tell us about Medicus IT?

Benefits of Google Virtual Tour, Medicus IT - Image 1

The vibrancy of their office exudes the energy of their brand. Polished and professional, the space gives the correct impression that they are a successful business. Any website can go on boasting for paragraphs about how fantastic their patient services are and how great their practice’s reputation is because of it. Why not just SHOW the prospective patient the fruits of your labor and instill the confidence that you are an established, active healthcare practice of integrity. The most powerful copywriting imaginable still could never produce the impact that we get from this virtual tour.

Benefits of Google Virtual Tour, Medicus IT - Image 2

In order to take care of your patients, you must first take care of your medical and administrative staff. We are able to see the office lounge area, complete with comfy couch, pool table, and even a foosball table. Notice how it is right next to a mass of spacious cubicles; In fact, the whole office has an openness to it. This Virtual Tour allows us to SEE that they promote an atmosphere of open communication and idea sharing, which for a doctor’s office would leave less room for patient cases, inquiries, and test results getting lost in translation.

Benefits of Google Virtual Tour, Medicus IT - Image 3

Notice the adorable “DADDY” drawing from an employee’s son or daughter. Clearly, you will not be dealing with “robots” if you call Medicus IT.

Benefits of Google Virtual Tour, Medicus IT - Image 4

“Take a walk” down the hall and you will see the impressive lunch area. They clearly care about employee experience.
There are so many positive mental notes that the visitor can infer as they navigate through this 3D tour. The interest it creates quickly turns to interaction to see and know more. Click, Click, Click!

Google Virtual Street Tours Enhance Your Online Visibility

Benefits of Google Virtual Tour: Enhance visibility

When it comes to online presence, it pays to look good, but it is important to understand that you are also aiming to impress Google’s algorithms. There are certain factors that Google looks at to determine whether your business is relevant to a community, including distance. What better way to show Google that you are a real and credible practice than visual proof that you are where you say you are?

Beyond instant credibility, virtual tours help to boost your Local SEO, search engine rankings, and website traffic. The point of local SEO is to increase your visibility in your community.

After searching, “doctor’s office near me,” or “IT company near me,” the user may see a box on the right side with information about a local company (in the respective industry) such as hours of operation, phone number, address, and reviews. This box is called the Knowledge Panel. One of the sources that “influences” the Knowledge Panel is Google My Business. Google Street View Tours are a great way to optimize your Google My Business Page, improving your Local SEO. Google’s research indicated that 41% of the searches through mapping tools (mentioned earlier) resulted in site visits, and business listings with photos and virtual tours were twice as likely to generate interest.

More Interaction = Enhanced SEO

Click-through rate is another factor that tells Google whether you are important or not. It is a measurement of how successful an ad, post, campaign, or link is at capturing interest. It is calculated by dividing the number of clicks (interactions) by the number of impressions (views). Increase click-through rate by getting your users to interact! It only matters that you are found if users visit your site and stay there long enough to complete a desired action. If your content is boring, why would they stay? If you fail to give them a reason to look any further than your landing page or homepage, you will have a high bounce rate and a low click-through rate.

To improve click-through rate, you can embed video, photos, text, and links in the tour that, when clicked, will redirect the user to another landing page or part of your website that calls for an action. Ex. When the user views the reception desk, they see a “Book an Appointment” button that takes them straight to a reservation system or contact page.
Besides your My Google Business Page, how can you use your virtual tour?

  • Embed it in your website or feature it on a dedicated landing page.
    Imagine a tab in your website menu titled “See Inside.” The user sees a large, vivid, 3D tour pop up. There is a slim chance of them not clicking one of the arrows to move around and explore. Congratulations, you’ve just engaged your potential client by providing an interactive experience. Visitors will stay on your site longer and are more likely to hop from page to page.
  • Integrate into your Facebook page, Facebook ads, and feature in your social media posts
    Think of how many times you have clicked on a picture on Social Media to enlarge and get a better view. Posts are more enticing when they include a virtual tour that users can interact with to view from different perspectives.
  • Add audio, video, links, and info…
    …to get even more clicks and redirect to more pages. Remember that click-through rate!

A Google Virtual Street Tour is a real “set it and forget it.” No campaign necessary. If you would like to invite your future patients in before they even leave home, contact NicheLabs to create your Google Virtual Street Tour today.

Healthcare is one of the biggest hacking targets for two major reasons: legacy technology and the need to access data to ensure operations..

Categories: Articles

Healthcare is a hacking target

In the article below, the Department of Homeland Security issued an alert to help medical organizations about all CPUs with Intel hardware, who may have potential security flaws. They go on to emphasize the need to one, perform a Security Risk Analysis, and two, place protocols within your organization that will help monitor any suspicious activity. Most practices utilize a third party IT firm to help manage and monitor their networks, and work with them to learn how to mitigate risks. Additionally, a third party privacy & security expert can help create information security policies to help a practice follow “best practices.”

Read Full Article

Submitted by
Bill Steuer
GSG Capital, LLC
GSG Compliance, LLC
877-270-8306 ext. 133
678-209-2021 x133 (local)

Five reasons why your practice should implement a SIEM

Categories: Articles

A Security Information & Event Management (SIEM) system combines analyzing system events and device logs in real time to safeguard against unauthorized access to protected information. By utilizing a SIEM, it highlights the actionable events to proactively prevent a security incident while filtering out the noise found in traditional log data.

To best protect systems and ePHI, Healthcare practices should implement a multi-layered cybersecurity program to help protect their sensitive data and ultimately protect the practice. One way to improve any cybersecurity program is by utilizing SIEM.

Five reasons why your practice should implement a SIEM:
1. Respond to Incidents In Real Time
2. Reporting – Ability to Prove it
3. HIPAA Security Compliance
4. Dedicated Cybersecurity Team
5. A Single Security Breach Could Put Your Practice at Risk

How SIEM Works

SIEM software collects and aggregates log data generated throughout the organization’s technology infrastructure, from host systems and applications to network and security devices such as firewalls and wireless access points.

The software identifies and categorizes incidents and events, as well as analyzes them so practices can address issues that matter before the security incident occurs. The software sifts through thousands and thousands of security-related events, such as successful and failed logins, malware activity, and other possibly malicious activities to find the needle in the haystack.

Quote from Paul Musich, EMA

Why Your Practice Needs Managed Cybersecurity Services

The list of vulnerabilities to protect and monitor for is growing at a rate that IT support teams cannot keep up with and as a result, many businesses are choosing to outsource network security and monitoring to companies dedicated to providing expert security service 24/7.

If you are wondering how SIEM can benefit your practice and why you should consider implementing a SIEM solution as part of your cybersecurity program, then read the five reasons below.

1. Respond to Incidents In Real Time

Hackers, bots, viruses, malware, and, ransomware attacks are occurring daily in healthcare. A SIEM solution logs, reports, and alerts on known items or events out of the ordinary. Our Security Operations Center (SOC) team reviews flagged items and address items which need attention, such as a brute force attack or continued unauthorized access attempts to systems.

2. Reporting – Ability to Prove It

Reporting covers anything security-related such as successful and failed logins, malware activity, and other malicious activities attempting to hack into your network. Having this information helps not only to show compliance with the practice’s required HIPAA Policies & Procedures (P&P’s), but also can help prove whether a cybersecurity incident has occurred or not. When a cybersecurity incident occurs, it is up to the practice to prove that ePHI is not compromised. A SIEM can help in many cases to show what was accessed and even how much data was transferred, which alone could save hundreds of thousands of dollars.

3. HIPAA Security Compliance

Most medical practices don’t have the in-house security expertise necessary to perform the event monitoring and security reporting required to maintain HIPAA compliance, which is where SIEM comes into play. Reports generated by a SIEM allow your practice to demonstrate to the OCR auditor that you have reasonable means for protecting ePHI. Having reports and documentation on such cyber activity is required, according to HIPAA guidelines, to pass an audit by the OCR.

4. Dedicated Cybersecurity Team

Most practices think that SIEM is something that they can implement on their own without realizing the amount of information the software spits out. Also, many who try to analyze the data themselves without using a cybersecurity expert could potentially miss some tell-tale signs of a severe security issue. A qualified team managing your practice’s cybersecurity program will not only give you peace of mind but also ensure that you receive notification of security incidents that need to be addressed.

5. A Single Security Breach Could Put Your Practice at Risk

One single security breach could cost your practice thousands, if not millions in damages, attorney fees, fines and penalties, data forensics, crisis management, patient notification costs, and credit monitoring. Not to mention the damage to the reputation of the practice should you ever have to report to the media about your security breach. The above is reason alone for you to think about your practice’s current security program and what you can do to make it better.

By: Medicus IT

© Copyright - Healthcare Services