Quanexus Information Security Group Featured on Front Page of Dayton Daily News

Quanexus Information Security Group Featured on Front Page of Dayton Daily News

Jack Gerbs photo

The Dayton Daily News featured Quanexus on the Front Page this past Saturday.  Our Information Secuity group has been getting busy assiting clients wtih incident managmnent and risk mittigation.  You can check the article out at this link:  http://www.daytondailynews.com/news/news/hackers-targeting-small-businesses/nP5fZ/

Quanexus offers Information Secuirty Services, InfoSec

Posted by Jack Gerbs in Information Security, Recent Posts
Small Practice fined by HHS for HIPAA Security Violation

Small Practice fined by HHS for HIPAA Security Violation

Health and Human Services continues to crack down on covered entities that are failing to abide by HIPAA. Most of the news coverage is about large entities being fined millions for failing to protect their data. Most recently Alaska settled their HIPAA case with HHS for 1.7 million, however smaller entities are being targeted.

Phoenix Cardiac Surgery, a 5 person practice in Arizona agreed to pay $100,000 in civil money penalty along with taking corrective actions.  Specifically HHS found the following:

  • “Phoenix Cardiac Surgery failed to implement adequate policies and procedures to appropriately safeguard patient information;
  • Phoenix Cardiac Surgery failed to document that it trained any employees on its policies and procedures on the Privacy and Security Rules;
  • Phoenix Cardiac Surgery failed to identify a security official and conduct a risk analysis; and
  • Phoenix Cardiac Surgery failed to obtain business associate agreements with Internet-based email and calendar services where the provision of the service included storage of and access to its ePHI.”

The overview of the case can be found on the HHS website.

A resource for HIPAA Security Rule compliance is provided by NIST 800-66 and is provided as an introductory guide.  Additionally, practices should consider forming a relationship with third party organizations that specialize in compliance.

Posted by Jack Gerbs in Information Security, Small Business
Quanexus is Fortinet’s Newest Gold Partner; Fortigate and FortiAP

Quanexus is Fortinet’s Newest Gold Partner; Fortigate and FortiAP

Today Quanexus has been approved as a Fortinet Gold Partner.  The Gold level designation means that we will have a closer working relationship with Fortinet.  Quanexus focuses on Fortinet’s Fortigate UTM Firewall products and their FortiAP wireless products.  Fortinet’s Fortigate UTM firewalls have been listed in the leaders quadrant of Gartners report for 2012.  Quanexus has been selling and supporting Fortigate firewalls for over 4 years, and we have been selling and supporting their wireless products since they were introduced.

Posted by Jack Gerbs in Information Security, Recent Posts, Small Business, Wireless
Don’t Talk to Siri!

Don’t Talk to Siri!

IBM bans Siri from their network. If you work for IBM, you can bring your iPhone to work, but forget about using the phone’s voice-activated digital assistant Siri. The company is worried that the spoken queries might be stored somewhere. And they’re right. When you use Siri or Dictation, the things you say will be recorded and sent to Apple in order to convert what you say into text. Siri also collects other information including names of people from your address book and other unspecified information… all of this to help Siri do a better job. And Apple doesn’t mind its iPhone 4S users uploading data to its datacenters. If anything, the more the better. The more data Siri receives, the better Siri becomes.

IBM is right to block off Siri, and its right to take precautions. IBM also bans Dropbox and similar cloud services. Siri and the Dictation feature can be used to write emails, text messages, and store other information that IBM may not want being uploaded to Apple before it is downloaded back to the iPhone.

Posted by Terry Watson in Information Security