HIPAA Compliant Hosting

Finding HIPAA Hosting Solutions as a Small Business Owner

Operating within the healthcare industry can be challenging. There are many moving parts that must be accounted for, whether you’re a new startup firm or a large network of hospitals. When most small business owners are looking for hosting solutions, the only concerns are cost and the capability of the hardware to meet the needs of a website. The options are endless when it comes to finding simple hosting. When it comes to firms in the medical sector, there are special considerations to be had.

Your hosting options are significantly narrowed when looking for HIPAA-compliant hosting. Small business owners working in healthcare must seek out hosting companies that specialize in HIPAA compliance. Relatively speaking, few hosting companies can provide this service because of what it entails. Powerful hardware is just one part of the equation. There must also be a long list of security measures put in place to protect sensitive data. This strict set of regulations is the reason why you can’t trust your hosting with just anyone. It’s also why many hosting companies can’t offer this service and why trying to establish local infrastructure to handle these duties isn’t the best option. Part 2 of this document released by the SANS Institute delineates what is required at the local level to remain compliant with HIPAA regulations.  Maintaining HIPAA compliance at the hardware level is cost-prohibitive for most firms and a host is required.

Finding a hosting provider that can meet your organization’s needs can seem daunting, but there are a number of things to be aware of when seeking out a HIPAA-compliant hosting solution. Here are some general guidelines to keep in mind when looking for the right hosting solution for your business.

Read More

SSAE 16, SSAE18, SOC 1, SOC2: What they are and why you should care

Cloud computing has revolutionized the world of software licensing, but it has also opened the gates to new security risks. In the past, if a company wanted to add new software, it had to endure long installation processes on local servers. This gave companies the opportunity to verify the reliability of their systems, while local hosting gave them more control over their data. However, it was also immensely time-consuming and costly to set up and maintain.

Read More

DIY Security: Why It’s Usually a Bad Idea for Most Businesses

Do-it-yourself is a popular mantra among many people building websites, doing home renovations, or marketing artistic and cultural products.  Unfortunately, however, it is not an appropriate approach for some things; like network security.  Just like a home renovation DIY project gone horribly wrong, organizations taking on cybersecurity roles outside of their core competency could cause themselves ruinous, avoidable expense.

Some companies make the decision to be wholly responsible for their network security intentionally, perhaps due to cost considerations, or a lack of understanding about the frequency and harm of security incidents.  For some companies, it was simply neglected, or a tiny startup in stealth mode grew too quickly for management to keep up with all demands.

The cost of network downtime for enterprises is $5,600 per minute, which is close to $300,000 per hour.

According to Gartner research, the cost of network downtime for enterprises is $5,600 per minute, on average, which is close to $300,000 per hour.  Worse, Ponemon research found that the average total cost of a data breach in 2016 was $4 million.  Protecting against that kind of risk is a job for professionals.  Keeping a network secure can be easy.  You just have to have the right help.

Read More

Is Two-Factor Authentication Necessary? How Do I Get My Employees to Use It?

Contributing writer: Ahmed Muztaba

Why is two-factor authentication necessary?

Today, nothing is more valuable than information. Because the majority of online content is behind the lock and key of the so-called “deep web,” it’s no wonder that hackers are more interested than ever in ferreting out secure information. Today’s great heist doesn’t require a cat burglar. A mouse is easier to maneuver.

Two-factor authorization (or 2FA) arose as a bulwark against the hijinks of Internet pirates whose Trojan Horses and phishing scams were netting easy prey. The premise is simple: by requiring a second layer of verification, it makes your data twice as hard to access illegally. You can see this everywhere; from the chip-and-pin credit card requirements to the “secret questions” that some websites require their users to answer.

By reducing the points of vulnerability in your company, both company and employee sensitive data can remain far less likely of being breached. Requiring strongly-typed password used to be enough, but with the increase in computing power and prevalence of botnets, a person or organization with malicious intent can have an immense amount of resources to harness. This means that once touch-to-crack passwords are now much easier to crack. By requiring a second layer of authentication that requires a code to be entered within a given amount of time before expiring, this can greatly prevent widespread damage.

Read More

I need HIPAA-compliant hosting. How do I get started?

So you need HIPAA-compliant hosting, and you want to know what the basics to get started are. Before we delve into the details, it helps to know the different types of companies that are concerned with HIPAA, in order to understand your relationship with the hosting provider.

 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) defines two different types of organizations that must meet its parameters: covered entities and business associates. However, there is now a third type of organization that falls under HIPAA rules. Here is basic descriptive information for these categories from the National Institutes of Health (NIH)[i]:

Read More

What is HIPAA Hosting and why do I need it?

Economy-class hosting vs. first-class HIPAA hosting

A hard fact of the Internet is that you need machines to be part of it – either on your own or as a service. If you are in the healthcare field and don’t want to set up servers for your website or other services in your own datacenter, you need HIPAA hosting.

All hosting is not created equal. Because there is a disparity of security and other checks and balances from one system to another, standards were created to guide oversight of infrastructure and maintain proper protection of patient data. Those standards were developed by the US Health and Human Services Department (HHS), as directed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Hence, beyond simple web hosting, anyone who is aiming to secure healthcare records needs HIPAA compliant hosting, sometimes called simply HIPAA hosting.

Read More

A Beginner’s HIPAA Compliance Guide

Overwhelmed with HIPAA compliance? You’re not alone. Compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) is important to the covered entities and business associates that are expected by the federal government to follow the law.

However, the requirements of HIPAA and its regulatory agency, the US Department of Health and Human Services (HHS), are not as rigid as they first may seem. We’ve detailed the broad concepts required to understand HIPAA in this article, which serves as a beginner’s HIPAA Compliance Guide.


The healthcare privacy and security law was written to encompass the broad array of organizations for which it was intended. For that reason, the HHS website notes that “there is no single standardized program that could appropriately train employees of all entities.”[i]

Nonetheless, training is a requirement of HIPAA, so it’s necessary to find a strong beginner’s guide that can be used to train your employees on the essentials of compliance. Most of what is available online through the federal government is either aggregations of disparate pieces of information or sizable PDFs, such as the Guide to Privacy and Security of Electronic Health Information[ii] – created by the Office of the National Coordinator for Health Information Technology (ONC). The former is a bit disorganized. While the latter can be great as course material, its 60+ pages are overkill for the purpose of an initial overview.

Read More

HIPAA-Compliant Cloud Hosting – Is It Possible to Protect PHI in the Cloud?

HIPAA Compliant Cloud Hosting

HIPAA Compliant Cloud Hosting

The number of organizations adopting virtualized environments continues to grow in many industries, including health care[I]. Virtualization enables network flexibility that most healthcare organizations could benefit from, but many are held back by a lack of clarity about what virtualization is, and how it relates to compliance.

A virtual environment is one in which a software layer, called a “hypervisor,” has been added to a physical server.  An operating system can then be loaded onto the hypervisor layer to create a “virtual machine” (VM), which is a software-defined server, and as such can do some things not possible with physical, hardware-dependent servers.  The hypervisor layer can determine the precise size and location of the server VMs or “instances” loaded onto it since it provides separation from the physical limitations of each piece of hardware.  As we will explore below, this can benefit organizations through increased agility and automation.

HIPAA compliance can be particularly scary for organizations, due to the implications of a breach of security inherent in health care, the complexity of the regulations, and the severity of potential fines.  Timely access to medical information can be a matter of life and death, but ensuring that information is accessible, portable, and renewable only covers Title I of the Act.  Title II, covering health care fraud and abuse, along with the enforcement-strengthening HITECH Act[II], imposes security and privacy rules on health care providers and the companies that support them. Compliance failures can result in fines of up to $1.5 million[III], and data breaches, which are increasingly common in healthcare[IV], can be even more expensive, particularly when reputational harm is considered.

Fortunately, virtualized environments can not only be HIPAA-Compliant quickly but can make compliance easier.

Read More

Ransomware: Malware That Makes You Pay


What is ransomware?

One of the fastest and most damaging cyber security threats falls under a category called “ransomware.” Ransomware is malicious code that encrypts all the user’s files and is usually downloaded unknowingly. This type of malware gets its name from what it does when a user tries to open an infected file: it prompts the user to pay a ‘ransom’ within a timeframe to receive a decryption key, which would then allow you to decrypt your files.[1] Even if you choose to pay the ransom, there is no guarantee you will gain access to your data. In this article, we will explain steps you can take to protect and secure your environment.

The numbers

Ransomware is a real threat to any business that allows user access, as it depends on users to spread it. Different industries also have different risks, with healthcare usually opting to pay the ransom to protect patient data, while the education industry has the highest rate of infection.  Other lucrative targets include classified documents, financial documents, and intellectual property[2]. With names like Telecrypt, iRansom, FSociety, and CryptoLuck, the goal of ransomware is all the same for their creators: making money. According to Lavasoft, the CryptoWall 3 ransomware cost users $325 million just in 2015 alone.[3] As ransomware grows and evolves, they become even more costly. At the end of 2016, one of the most harmful ransomware is named “Cerber.” Not only does it lock your files from being accessed, but recent variations have incorporated the stealing of personal information and scripts that cause your machine to target other servers.[4]

Source: https://info.bitsighttech.com/bitsight-insights-ransomware Source: https://info.bitsighttech.com/bitsight-insights-ransomware

Read More

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4