Any companies using Drupal, especially those that are within regulated industries such as healthcare, have to be diligent and proactive about installing any patches in order to maintain security. By using HIPAA-compliant managed services through a host with a strong healthcare background, you will be able to benefit from infrastructure that is engineered to guard against any security incidents and HIPAA violations; you will also be able to have someone pay attention to security updates when they are released so that your site is patched right away. Improving the password needs of the system and encrypting the web forms that are submitted by users are steps you can take yourself to ensure there is full HIPAA compliance within the software layer.
Four Novel Ways to Secure Credit Card Payments
With fraud looming as an ever-present and sophisticated threat, it’s important to protect your business by equipping it with the most innovative technology available. Although PCI DSS requirements increase each year to meet new fraud techniques, you can always take your security a step further by staying informed about novel security features.
Do Healthcare Surveys Need to Be HIPAA Compliant Too?
One of the biggest challenges for doctors, hospitals, insurance carriers, and any other organizations handling patient data is HIPAA compliance. Compliance with HIPAA, short for the Health Insurance Portability and Accountability Act, can get particularly tricky for these organizations when it comes to communicating with patients and gathering feedback. For instance, these organizations must use HIPAA-compliant email, messaging, and patient reviews, which must be compliant but are often a source of violations.
Atlantic.Net announces Cloud Services Location in Ashburn, Virginia!
If you need the lowest latency and fastest routes to 70 percent of the world’s web traffic, our new Ashburn, VA (USA-EAST-3) location is now available. This latest addition is located in the heart of the world’s data center capital. You can now utilize our full suite of hosting services with the same power, speed, and reliability Atlantic.Net is known for in our Ashburn, VA (USA-EAST-3) location:
IoT Security Risks, GDPR and Healthcare Data
Many technology professionals are excited by the significant benefits and enhancements the Internet of Things (IoT) can bring to the healthcare sector. The future of IoT healthcare data and the enhancements that can be offered to the patient’s care are intriguing, unfortunately, there are many obstacles that must be overcome to make it a viable technology for the healthcare profession.
Why Atlantic.Net Chose NGINX
This article also appears on NGINX’s blog. Read at NGINX >
Traditionally, web development and hosting were done primarily using the LAMP stack – LAMP being short for Linux (operating system), Apache (web server), MySQL (database), and PHP (programming language), the core components which were then used to run enterprise sites.
As web stacks and load balancers become more agile, and as business needs dictate better performance and stability, it is becoming increasingly common to replace Apache HTTP Server with a lightweight and highly scalable alternative, NGINX. With NGINX, the stack becomes known as LEMP – Linux, (e)NGINX, MySQL, PHP.
HIPAA Compliant Hosting for a Web Application: 8 Questions to Ask
The Health Insurance Portability & Accountability Act is the first consideration for any conscientious healthcare organization when considering infrastructure for a web application. After all, they need to know that any protected health information (PHI) – that is, health information of individuals that is protected by the US government through the Department of Health and Human Services (HHS) – is secured when it is stored, processed, or transmitted through the hosting service. HIPAA rules relate to data handling regardless of the party performing the handling; nonetheless, there are questions that you will specifically want to ask when you set up hosting for a web app, or for anything else.
Can MongoDB Be HIPAA-Compliant?
When you consider a HIPAA compliant database for storing protected health information (PHI), you may wonder if a NoSQL solution such as MongoDB is a strong choice. If using MongoDB, you can take steps to make sure your database stays compliant with the Health Insurance Portability and Accountability Act (HIPAA) – both in choosing the right flavor of MongoDB and understanding its security features.
Protecting against Intel’s new L1TF speculation vulnerabilities
Intel recently announced a new security vulnerability called L1 Terminal Fault (L1TF) that affects all modern Intel processors and the virtual machines running on them.
In short, the L1TF vulnerability in Intel processors can allow a savvy attacker to expose the level-1 cached data from another virtual machine running on the same host processor core as the attacker’s virtual machine.
Since Intel’s announcement of L1TF we have been testing and working on deploying mitigations to secure our platforms against L1TF. We anticipate completion of these efforts across our global footprint within a few weeks. If any of these efforts require service affecting changes, we will notify you directly in advance of those changes being implemented.
What steps should you take to protect your environment against L1TF?
You should ensure your operating system within your virtual machines is up-to-date with all available patches applied.
In closing, new vulnerabilities will always be discovered by researchers and vendors and Atlantic.Net will always work diligently to protect our customers and offload much of the burden of addressing these vulnerabilities.
We will update this post as more information becomes available.
Is It Possible to Protect PHI in the Cloud?
Is It Possible to Protect PHI in the Cloud?
The number of organizations adopting virtualized environments continues to grow in many industries, including health care[I]. Virtualization enables network flexibility that most healthcare organizations could benefit from, but many are held back by a lack of clarity about what virtualization is, and how it relates to HIPAA cloud.
A virtual environment is one in which a software layer, called a “hypervisor,” has been added to a physical server. An operating system can then be loaded onto the hypervisor layer to create a “virtual machine” (VM), which is a software-defined server, and as such can do some things not possible with physical, hardware-dependent servers. The hypervisor layer can determine the precise size and location of the server VMs or “instances” loaded onto it since it provides separation from the physical limitations of each piece of hardware. As we will explore below, this can benefit organizations through increased agility and automation.
HIPAA compliance can be particularly scary for organizations, due to the implications of a breach of security inherent in health care, the complexity of the regulations, and the severity of potential fines. Timely access to medical information can be a matter of life and death, but ensuring that information is accessible, portable, and renewable only covers Title I of the Act. Title II, covering health care fraud and abuse, along with the enforcement-strengthening HITECH Act[II], imposes security and privacy rules on health care providers and the companies that support them. Compliance failures can result in fines of up to $1.5 million[III], and data breaches, which are increasingly common in healthcare[IV], can be even more expensive, particularly when reputational harm is considered.
Fortunately, virtualized environments can not only be HIPAA Compliant quickly but can make compliance easier.
