Atlantic.Net Blog

Protecting against Intel’s new L1TF speculation vulnerabilities

Josh Simon August 22, 2018 by under Cloud Hosting 0 Comments

Intel recently announced a new security vulnerability called L1 Terminal Fault (L1TF) that affects all modern Intel processors and the virtual machines running on them.

In short, the L1TF vulnerability in Intel processors can allow a savvy attacker to expose the level-1 cached data from another virtual machine running on the same host processor core as the attacker’s virtual machine.

Since Intel’s announcement of L1TF we have been testing and working on deploying mitigations to secure our platforms against L1TF. We anticipate completion of these efforts across our global footprint within a few weeks. If any of these efforts require service affecting changes, we will notify you directly in advance of those changes being implemented.

What steps should you take to protect your environment against L1TF?

You should ensure your operating system within your virtual machines is up-to-date with all available patches applied.

In closing, new vulnerabilities will always be discovered by researchers and vendors and Atlantic.Net will always work diligently to protect our customers and offload much of the burden of addressing these vulnerabilities.

We will update this post as more information becomes available.


Is It Possible to Protect PHI in the Cloud?

 Is It Possible to Protect PHI in the Cloud?

Protecting ePHI in the cloud

The number of organizations adopting virtualized environments continues to grow in many industries, including health care[I]. Virtualization enables network flexibility that most healthcare organizations could benefit from, but many are held back by a lack of clarity about what virtualization is, and how it relates to HIPAA cloud.

A virtual environment is one in which a software layer, called a “hypervisor,” has been added to a physical server.  An operating system can then be loaded onto the hypervisor layer to create a “virtual machine” (VM), which is a software-defined server, and as such can do some things not possible with physical, hardware-dependent servers.  The hypervisor layer can determine the precise size and location of the server VMs or “instances” loaded onto it since it provides separation from the physical limitations of each piece of hardware.  As we will explore below, this can benefit organizations through increased agility and automation.

HIPAA compliance can be particularly scary for organizations, due to the implications of a breach of security inherent in health care, the complexity of the regulations, and the severity of potential fines.  Timely access to medical information can be a matter of life and death, but ensuring that information is accessible, portable, and renewable only covers Title I of the Act.  Title II, covering health care fraud and abuse, along with the enforcement-strengthening HITECH Act[II], imposes security and privacy rules on health care providers and the companies that support them. Compliance failures can result in fines of up to $1.5 million[III], and data breaches, which are increasingly common in healthcare[IV], can be even more expensive, particularly when reputational harm is considered.

Fortunately, virtualized environments can not only be HIPAA Compliant quickly but can make compliance easier.

Read More


Seismic-Compliant Data Center Requirements

Kent Roberts August 9, 2018 by under HIPAA Data Centers 0 Comments

A Long Beach hospital that nearly reached 100 years in operation had to shut its doors because it was built on an active earthquake fault and is incapable of meeting state-mandatory seismic safety law. The hospital, Community Medical Center Long Beach, sent the city notice to end the lease in four months at the beginning of March, taking effect on July 1st. Earthquake research performed in November discovered an active fault beneath the 200-bed hospital.

Read More


HIPAA Data Breach Answers from an Expert

Q&A With Gillware Forensics Investigator Nathan Little

Will Ascenzo is a blogger, copywriter, and technical writer for Gillware Data Recovery and Gillware Digital Forensics.

With how prevalent data breaches are in the news cycle now, data breaches seem to be every big business’ bête noire. Most at risk of data breaches and cyber attacks are organizations in the financial industry and healthcare industry. Due to the sensitivity of the healthcare data and HIPAA regulations regarding the unauthorized access to and disclosure of protected healthcare information, the threat of data breaches presents a particular problem to HIPAA-covered entities and business associates of all shapes and sizes.

Read More


How Secure is the Cloud?

Organizations migrating to a new IT environment, such as the Cloud, should always give serious consideration to the security of that environment. But how secure is the Cloud? If you don’t know exactly what piece of hardware your private data is found on at a given time, how do you know it is secure?

For those relatively new to Cloud, the first thing to be aware of is that while some of the tools and methods used to secure a network and data in the Cloud are different, the basic principles are the same as for any other environment. The next thing to know is that because the Cloud runs in data centers staffed by experts in Cloud services, data stored in the Cloud is “probably more secure than conventionally stored data,” according to Quentin Hardy, former Deputy Technology Editor of the New York Times[i].

Read More


Hospital Recycling Audit Reveals PHI Disposal Often Incorrect (Study)

A recent study demonstrated how problematic health record disposal is. The Privacy and Security Rules of the Health Insurance Portability and Accountability Act (HIPAA) make it clear how to properly get rid of health records while maintaining the confidentiality of patients and protecting their rights. The study indicates that poor disposal of records occurs frequently and is a strong area to target if you want to bolster your defenses against HIPAA violations. Along with a concern with paper PHI in an era when it can get overlooked, it is crucial to have strong protections for the increasing volume of electronic records as well.

Read More


Office 365 or Google Docs for HIPAA Compliance

Organizations that handle healthcare data, whether they are covered entities (healthcare providers, plans, or data clearinghouses) or their business associates, must meet the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA and HITECH (the Health Information for Economic and Clinical Health Act of 2009) are US federal laws that created regulations related to how sensitive personal health data is used and disclosed (essentially in an effort to protect it and make it accessible to patients). It is necessary for doctors, hospitals, health insurers, and other healthcare organizations to meet the stipulations within these laws and to have the responsibilities within the relationship defined by a business associate agreement (BAA). The BAA contract is important because it clarifies all aspects of data creation, storage, receipt, and transmission so that accountability is possible for all privacy and security concerns.

Read More



Multi-Cloud Strategy is Great, But Who Will Manage It?

Kent Roberts July 2, 2018 by under Cloud Hosting 0 Comments

Multi-cloud server infrastructure arises almost inevitably in enterprises, as indicated by David Gewirtz. Since that is the case, enterprises should consider their management strategy for the multi-cloud environment.

This article looks at what multi-cloud is, why it is adopted, its distinction from hybrid cloud, and ways to properly manage it. Finally, it addresses the issue of responsibility for management – whether you should take the DIY route or use an expert third party.

Read More


How Does Employee Monitoring Software Provide HIPAA Compliance?

Inside the healthcare industry is an abundance of sensitive and valuable data. This has created a massive attack surface. HIPAA (Health Insurance Portability and Accountability Act) was created to minimize the attack surface and create a national standard for security and privacy of healthcare-related data.

Just how many healthcare-related data records have been breached? According to the HIPAA Journal, approximately 54.25% of the U.S. population has been subjected to a data breach between 2009 and 2017. HIPAA Journal states that the above percentage equates out to 176,709,305 records stolen.

Read More


New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Resources

We use cookies for advertising, social media and analytics purposes. Read about how we use cookies in our updated Privacy Policy. If you continue to use this site, you consent to our use of cookies and our Privacy Policy.