The Atlantic.Net Blog

Two-factor authentication – Is it necessary? How do I get my employees to use it?

May 5, 2017 by Derek Wiedenhoeft under HIPAA Compliant Hosting 0 Comments

Contributing writer: Ahmed Muztaba

Why two-factor?

Today, nothing is more valuable than information. Because the majority of online content is behind the lock and key of the so-called “deep web,” it’s no wonder that hackers are more interested than ever in ferreting out secure information. Today’s great heist doesn’t require a cat burglar. A mouse is easier to maneuver.

Two-factor authorization (or 2FA) arose as a bulwark against the hijinks of Internet pirates whose Trojan Horses and phishing scams were netting easy prey. The premise is simple: by requiring a second layer of verification, it makes your data twice as hard to access illegally. You can see this everywhere; from the chip-and-pin credit card requirements to the “secret questions” that some websites require their users to answer.

By reducing the points of vulnerability in your company, both company and employee sensitive data can remain far less likely of being breached. Requiring strongly-typed password used to be enough, but with the increase in computing power and prevalence of botnets, a person or organization with malicious intent can have an immense amount of resources to harness. This means that once touch-to-crack passwords are now much easier to crack. By requiring a second layer of authentication that requires a code to be entered within a given amount of time before expiring, this can greatly prevent widespread damage.

I Need PCI Compliance for My Small Web Store

April 28, 2017 by Derek Wiedenhoeft under HIPAA Compliant Hosting 0 Comments

PCI Compliance – Critical for small businesses

PCI compliance is critical for small businesses. It is important for two reasons: it gets the company in line with the standards set up by the major credit and debit card brands, and it legitimately checks the security of the business’s systems. In other words, PCI compliance isn’t just about following rules but about protection – especially important since three in five small businesses that get hacked are bankrupt within six months.

The Beginner’s Guide to PCI Compliance

April 21, 2017 by Derek Wiedenhoeft under HIPAA Compliant Hosting 0 Comments

Introduction

If your business accepts credit cards and other types of payments cards, you may have heard about something called PCI compliance. Payment card industry compliance (PCI compliance) is the meeting of guidelines developed by the PCI Security Standards Council, an open worldwide body formed to focus on payment card data protection during and following transactions. This article will explain the basics of getting started with becoming PCI compliant.

I need HIPAA-compliant hosting. How do I get started?

March 10, 2017 by Derek Wiedenhoeft under HIPAA Compliant Hosting 0 Comments

So you need HIPAA-compliant hosting, and you want to know what the basics to get started are. Before we delve into the details, it helps to know the different types of companies that are concerned with HIPAA, in order to understand your relationship with the hosting provider.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines two different types of organizations that must meet its parameters: covered entities and business associates. However, there is now a third type of organization that falls under HIPAA rules. Here is basic descriptive information for these categories from the National Institutes of Health (NIH)[i]:

What is HIPAA Hosting and why do I need it?

March 10, 2017 by Derek Wiedenhoeft under HIPAA Compliant Hosting 0 Comments

Economy-class hosting vs. first-class HIPAA hosting

A hard fact of the Internet is that you need machines to be part of it – either on your own or as a service. If you are in the healthcare field and don’t want to set up servers for your website or other services in your own datacenter, you need HIPAA hosting.

All hosting is not created equal. Because there is a disparity of security and other checks and balances from one system to another, standards were created to guide oversight of infrastructure and maintain proper protection of patient data. Those standards were developed by the US Health and Human Services Department (HHS), as directed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Hence, beyond simple web hosting, anyone who is aiming to secure healthcare records needs HIPAA compliant hosting, sometimes called simply HIPAA hosting.

Atlantic.Net Cloud Hosting: FreeBSD 11 Now Available!

February 18, 2017 by Derek Wiedenhoeft under Announcements 0 Comments

Atlantic.Net is always working to provide our customers with the latest and greatest! We are happy to announce that FreeBSD 11 is now available to provision in our Cloud Hosting Portal.

If you have not already signed up, please sign up for a Cloud Hosting account here, and spin up a server in less than 30 seconds.

To see what’s new in FreeBSD 11, click here.

The Beginner’s Guide to HIPAA Compliance

February 8, 2017 by Derek Wiedenhoeft under HIPAA Compliant Hosting 0 Comments

Compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is important to the covered entities and business associates that are expected by the federal government to follow the law. However, the requirements of HIPAA and its regulatory agency, the US Department of Health and Human Services (HHS), are not as rigid as they first may seem.

Why HIPAA?

The healthcare privacy and security law was written to encompass the broad array of organizations for which it was intended. For that reason, the HHS website notes that “there is no single standardized program that could appropriately train employees of all entities.”[i]

Nonetheless, training is a requirement of HIPAA, so it’s necessary to find a strong beginner’s guide that can be used to train your employees on the essentials of compliance. Most of what is available online through the federal government is either aggregations of disparate pieces of information or sizable PDFs, such as the Guide to Privacy and Security of Electronic Health Information[ii] – created by the Office of the National Coordinator for Health Information Technology (ONC). The former is a bit disorganized. While the latter can be great as course material, its 60+ pages are overkill for the purpose of an initial overview.

Fault Tolerance with Linux High Availability

February 7, 2017 by Derek Wiedenhoeft under Managed Hosting 0 Comments

IT downtime is expensive for any business. Gartner[I] estimates that each minute of downtime costs $5,600 on average, with true costs depending on the vertical, the size of the company, and other factors. The cost can be largely avoided, however, with systems designed for high availability and fault tolerance.

Definition: High Availability

Oracle[II] defines high availability as “computing environments configured to provide nearly full-time availability.” A commonly held standard for high availability is “five nines,” or 99.999 percent uptime.

Not all service providers are able to meet this robust standard, which makes just over 5 minutes of downtime per year permissible.

For organizations that would approach the average downtime cost, achieving even higher availability than “five nines” is important to profitability, and even survival. Atlantic.net offers an industry-leading 100 percent network uptime guarantee, in part by leveraging Linux High Availability (Linux-HA).

Can I be HIPAA-Compliant in a Cloud Hosting Environment?

January 17, 2017 by Derek Wiedenhoeft under HIPAA Compliant Hosting 0 Comments

The number of organizations adopting virtualized environments continues to grow in many industries, including health care[I]. Virtualization enables network flexibility that most healthcare organizations could benefit from, but many are held back by a lack of clarity about what virtualization is, and how it relates to compliance.

A virtual environment is one in which a software layer, called a “hypervisor,” has been added to a physical server. An operating system can then be loaded onto the hypervisor layer to create a “virtual machine” (VM), which is a software-defined server, and as such can do some things not possible with physical, hardware-dependent servers. The hypervisor layer can determine the precise size and location of the server VMs or “instances” loaded onto it since it provides separation from the physical limitations of each piece of hardware. As we will explore below, this can benefit organizations through increased agility and automation.

HIPAA compliance can be particularly scary for organizations, due to the implications of a breach of security inherent in health care, the complexity of the regulations, and the severity of potential fines. Timely access to medical information can be a matter of life and death, but ensuring that information is accessible, portable, and renewable only covers Title I of the Act. Title II, covering health care fraud and abuse, along with the enforcement-strengthening HITECH Act[II], imposes security and privacy rules on health care providers and the companies that support them. Compliance failures can result in fines of up to $1.5 million[III], and data breaches, which are increasingly common in healthcare[IV], can be even more expensive, particularly when reputational harm is considered.

Fortunately, virtualized environments can not only be HIPAA-Compliant quickly but can make compliance easier.