HIPAA Disaster Recovery

What are the HIPAA Compliant Online Data Backup and Retention Requirements?

Richard Bailey September 24, 2019 by under HIPAA Disaster Recovery 0 Comments

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its subsequent amendments were enacted into law to protect patient healthcare data, also known as Protected Health Information (PHI); HIPAA protections also apply to Electronic Health Records (EHR) – PHI stored on computers. Managed service providers who maintain HIPAA compliance must adhere to several stringent regulations which are designed to limit the exposure of confidential or sensitive patient information from unauthorized access.

Read More

What Are the HIPAA Disaster Recovery and Business Continuity Requirements?

To comply with HIPAA, healthcare companies and their business associates must formulate a robust contingency plan in case of an event that disrupts operations. These plans have smaller component plans such as a Disaster Recovery Plan (DRP) and an Emergency Operations Mode Plan. This business continuity strategy requires healthcare organizations to be capable of recovering critical IT systems that handle Electronic Patient Health Information (ePHI) into a disaster recovery location while ensuring critical business functions continue in the event of a crisis.

Read More

The Importance of Disaster Recovery In the Midst of a Natural Disaster

Kent Roberts January 15, 2019 by under HIPAA Disaster Recovery 0 Comments

You may see natural disasters on TV or read about them but not completely understand the vulnerability associated with this issue. Actually, the risk is almost throughout the industry.

More than half of organizations (58%) are not ready for a major loss of data. Actually, the extent to which firms are unprepared is very worrisome: 60% will go bankrupt within 6 months, according to data from Washington, DC-based research firm Clutch. Also according to the statistics compiled by Clutch, cloud backup is on the rise, with:

  • 84% of the organizations that have already adopted cloud backup having implemented both on-premises and cloud backups;
  • 68% of cloud backup business customers testing their backups at least once per month; and
  • 78% of small businesses planning to use cloud-hosted backup by 2020.

To set aside the specific technology of cloud backup, the need for disaster recovery is clear from the data on the business impact of large data losses. Since it is possible to have a disaster completely take you by surprise, and to in turn lose thousands or millions operationally and economically, it is a basic business need to have a disaster recovery plan implemented.

Read More


All businesses should have a business continuity plan (BCP), especially companies that rely on IT infrastructure to support or operate their business model. A business continuity plan is a predefined business process created to document and demonstrate the planning undertaken to prevent a disaster scenario occurring.  The BCP also documents and demonstrates the process of how a business will recover from a declared disaster scenario. The disaster could be caused by any number of scenarios; typical causes may be user error, hardware failure or a natural disaster.

Read More

What Is a DDoS Attack?

Matthew Watts September 23, 2015 by under HIPAA Disaster Recovery 0 Comments
Target Audience

This article is aimed at non-expert computer users (without a background in network or systems administration).


DDoS stands for “Distributed Denial of Service” and, naturally enough, is a type of Denial of Service (DoS) attack. The basic aim of a DoS attack is to render a cloud server, PC or network resource inaccessible or unusable–denying service to anyone trying to access it. It is a malicious attack designed to cause maximum inconvenience.

Are DDoS Attacks a New Thing?

No, DDoS attacks are not a new phenomenon, but they have been making the headlines more in recent years as their scope has increased in size and as they have included higher profile targets. One recent example is the attack on the Playstation Network and Xbox Live. A hacking group known as ‘Lizard Squad’ used a DDoS attack to shut down the online gaming services on Christmas Day 2014, upsetting many gamers and causing financial and reputation damage to Microsoft and Sony.

How Do DDoS Attacks Work?

In a Denial of Service attack, the attacker uses a computer to send an overwhelming amount of data to a target. This target receives so much traffic that it slows down and cannot respond to legitimate traffic, or, in the case of a Permanent Denial of Service (PDoS) attack, its hardware is damaged beyond repair. In this simple style of DoS attack, one computer directly targets another. It is a fairly simple attack to execute and requires minimal computer skills–an attacker can simply acquire and run a piece of software to conduct a DoS.

The ‘distributed’ in DDoS refers to the multiple computers used in this type of attack. The attacker either launches a synchronized attack with collaborators or, more commonly, uses a botnet to execute a DDoS. A botnet (a shortened form of “robot network”) is a network of computers infected with malware that allows the attacker to remotely control them without the owner’s knowledge. Using a botnet, an attacker dramatically increases the effect of their attack.

Another method attackers use to increase the effect of a DDoS is the “amplification attack”. Rather than directly bombarding a target with data, an attacker sends requests for data to multiple servers. The attacker spoofs the source IP address of each request so that it looks as though it comes from the target of the attack instead of from the attacker. As a result, all of the responses go to the IP address of the victim, flooding them with traffic. It’s essentially like signing your friend up to a load of unwanted junk newsletters.

Attackers have found various ways to create these amplification attacks. The IP address spoofing is possible, in part, because they use the UDP protocol-–a protocol that doesn’t validate source IP addresses or connections. The amplification comes into play in the way attackers have found ways to cause the responding servers to return certain responses that are significantly larger than the requests. For example, DNS (Domain Name Service) servers can deliver a response 50-150 times larger than the response. Similarly, Character Generation Protocol (CharGEN) supported by various servers will respond to a character generation request with a response that is 200-1000 times larger. Similarly, the Network Time Protocol (NTP) used to sync clocks across machines, can return a response that can be up to 556.9 times larger than the request.

Why Do People Use DDoS Attacks?

The motivations behind DDoS attacks vary. In the case of Lizard Squad , it appeared to be a publicity stunt to promote their freelance hacking services. Sometimes attackers target websites with a demonstration and send their owners extortion letters demanding payment to prevent future attacks. One of the Internet’s more renowned and iconic hacking groups, Anonymous, has used these sorts of attacks as a tool for activism. In their ongoing fight against organizations such as Scientology and the Westboro Baptist Church, people acting under the Anonymous banner have used DDoS attacks to take down their respective websites.

What Defenses Are There?

DDoS attacks are difficult to fight, and mitigation is often the best a target can hope for. A big part of dealing with DDoS attacks is simply being prepared. Here are some techniques that can be used to mitigate the effects of a DDoS attack:

Some organizations invest in more bandwidth for their servers. The more bandwidth the target has, the harder it is to DDoS. In principle, it’s the same idea as adding more lanes to a road–the wider the road, the more cars are needed to cause a traffic jam.

ISPs (Internet Service Providers) may also offer services to help mitigate the effects of DDoS attacks. Since they generally have access to more powerful networking resources, ISPs may have DDoS mitigation plans in place that can help keep your servers safe.

There are now many companies who provide help to those who might be targetted by DDoS attacks. During an attack, the target’s traffic is redirected to the mitigation company’s network, where they then “scrub” the data, identifying malicious traffic to drop and allowing through legitimate traffic which is then rerouted back to the target. Companies such as CloudFlare, Black Lotus, F5, Prolexic, and Incapsula offer such services in this growing sector.

Part of the Problem?

Most of us will likely not be the target of a DDoS. So even if you might feel too small a target, your home computer, your multimedia server, your little home router, the cloud hosting server that hosts your website may, however, be a part of a vast botnet being used to DDoS, without your even realizing.

For home systems, keeping up with security patches and changing default device passwords to something much more secure can help protect you exploitation.

For web-facing servers (such as web servers or DNS name servers), you can take a little time to close security vulnerabilities, such as those that can be exploited in amplification attacks. You can also monitor network traffic for any unusual traffic patterns with something like Zabbix or with a more elaborate Intrusion Detection System (IDS) like Suricata or Security Onion.

More from Atlantic.Net

Learn more about Atlantic.Net’s hosting solutions, including HIPAA compliant disaster recovery services.

How to Install OpenVAS Vulnerability Scanner on CentOS 7


This how-to will guide you on installing OpenVAS (Open Vulnerability Assessment System) on CentOS 7. The OpenVAS application is free and open source vulnerability scanner and vulnerability management solution. With the significant Vulnerabilities that have come out recently it is a good idea to have a scanner that can detect vulnerabilities on the systems that you manage.


A server with CentOS 7 installed.  If you do not have a server, why not fire up an extremely fast SSD cloud server from Atlantic.Net

Install OpenVAS Vulnerability Scanner on CentOS 7

We first need to install the Atomic repo with the following command:

wget -q -O - http://www.atomicorp.com/installers/atomic | sh

NOTE: If wget is not installed, install it with the following command:

yum install wget

Read More

Atlantic.Net Cloud – Do You Offer Data Backup For My Cloud Server

Verified and Tested 04/20/2015


Daily server backups are available and can be enabled via the Atlantic.net cloud control panel during the initial provisioning of a cloud server. The cost for this service is an additional 20% of the server’s hourly price. Go server backups are $1 per month. Snapshot backups of the server will be taken on a daily basis, and retained in our systems for 30 days. Backup restores can be initiated from within the cloud control panel.  In this brief article we will explain how to enable backups for your cloud server.

Enabling Backups

You can enable backups during the initial provisioning of a server. To do so, first log in to your account via cloud.atlantic.net. Once done, on the upper left corner click on “Add Server”. This will take you to the “Add a Server” window. Here you can edit the server name, choose the location, select your operating system, choose a plan, and lastly enable backups. After you have finished editing these fields click on the box next to “Enable Backups”, and then click on the “Create Server” button, as shown below.

Does Atlantic.net Offer Data Backup for my cloud server-1

Example of the “Enable Backups” option via the cloud control panel

You can also enable backups after you’ve created a server, if you forgot to or decided to add this feature after the fact.  Select “Servers” from the left, select your server, and click on either the “Backups” button (Server Backups) or the hyperlink that says “Disabled” under backups.


Example of the “Enable Backups” option via the cloud control panel

It will bring up this message, regardless of which option you choose.  Select “Enable Backups” and your server will be backed up within the next 24 hours, and will continue to back up each day.


Example of the “Server Backups” window via the cloud control panel

Please note that if you decide you no longer want the backup feature enabled, you can disable it and it will stop adding the extra 20% to your monthly bill.

Atlantic.Net has a industry leading selection of hosting options, one-click applications, and managed cloud hosting choices for your consideration. Learn more about Atlantic.Net’s hosting solutions, including HIPAA compliant disaster recovery services.

How to Protect Your Server From the Shellshock Bash Bug

Verified and Tested 02/17/2015


This guide will cover how to check and fix your server if you are vulnerable to the Shellshock Bash bug.
The Shellshock Bash bug effects ‘nix based operating systems, which allows attackers to remotely run commands on the server gaining unauthorized access to the server and further exploiting the server.
This guide will show you how to test, and fix your server if it is vulnerable.

Is My System Vulnerable?

Run the following command:

env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

If you see the following in the output, your system is vulnerable to the Bash bug and it needs to be updated:

Bash is vulnerable!

Move to “System’s Vulnerable? No Worries.”

If you, instead, receive the following output:

Bash Test

This means, your system is secure and no further work is required.

System’s Vulnerable? No Worries.

The fix is simple, run the following command:

In CentOS/Fedora

yum update bash

In Debian/Ubuntu

sudo apt-get update && sudo apt-get install –only-upgrade bash

In FreeBSD

pkg upgrade bash

More from Atlantic.Net

Learn more about Atlantic.Net’s hosting solutions, including HIPAA compliant disaster recovery services.

New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4


London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom