AccuImage, LLC

SmartCipher(TM) Product Suite Provides Policy-Based Data Security

Covertix’ SmartCipher(TM) solution provides policy-based data-centric security, automatically applying encryption to documents that meet the criteria defined by the company’s administrators in the policy.

This article at Document Imaging Report provides more detail on the SmartCipher(TM) product suite: Covertix Dynamic Context Classification Engine Delivers On-the-fly Protection.

Accuimage, LLC has partnered with Covertix to provide our customers with this advanced form of document protection. Contact us today to learn more about how SmartCipher(TM) fits with your company’s security strategies.

Document Encryption Secures HIPAA Data - Even On Portable Media

We see more businesses using portable storage media such as flash drives, DVDs, and USB hard drives. In addition, nearly every employee has their own personal account with free cloud storage services such as DropBox, Google Drive, and other such services. All it takes is for one lost or stolen flash drive or a compromised cloud storage account with sensitive data on it to put a company in violation of HIPAA.

4Med Approved reports that one small unencrypted thumb drive resulted in a $150,000 HIPAA penalty after it was stolen from an employee’s vehicle. This HIPAA penalty could have been avoided had the data on that thumb drive been protected by AccuImage’s SmartCipher product, which automatically applies encryption based on the contents of the document without user intervention. This layer of encryption also travels with the document so that the data is secured no matter if it is within the company’s network, stored on portable media or in cloud storage.

Contact AccuImage, LLC for more information about how our SmartCipher solution can protect your company’s sensitive information.

Source: http://www.4medapproved.com/hitsecurity/small-thumb-drive-brings-large-hipaa-penalty/ 

AccuImage's SmartCipher™ Solution Secures Electronic Protected Health Information (ePHI)

AccuImage can provide data centric security for your electronic protected health information (ePHI) using our Covertix SmartCipher™ solution.

Health care is a vulnerable sector with respect to cyber security. Medical institutions are attractive targets, and attackers are becoming more sophisticated. According to the Ponemon Institute’s Fifth Annual Benchmark Study of Privacy and Security of Health Care Data, criminal attacks against ePHI have increased by 125% over the last five years.  Health care organizations are trusted with sensitive health information and the compromise of this data potentially risks lives.

We offer the Covertix SmartCipher™ solution to provide persistent and transparent protection of critical medical data assets. Authorized users will be able to work normally while our solution provides protection using industry standard encryption along with complete control of the confidential patient data.

SmartCipher™ provides seamless persistent protection by wrapping the actual data with a protection layer that secures the data itself be it in motion, at rest or in use.

SmartCipher™ adds ongoing control and protection, securing patient data that resides within, as well as outside of the healthcare organization’s boundaries, independent of network, device, application or data type. For example, if data has been transferred to an external drive or uploaded to a remote location it will not be useable by an unauthorized person. Care providers will have complete control and protection of the confidential data with extended reporting and audit capabilities for compliance. Our solution provides the ability to lock down security and provide audit compliance from the point at which data has been received, all the way through to the last critical mile of exchanging patient data.

Contact our team at AccuImage today!  We will demonstrate our unique and robust solution for protecting data that is specific to your industry.

"The Great Brain Robbery"

In case you missed it, 60 Minutes on CBS aired an excellent report on the threat faced by American Corporations from cyber-attacks.

In the report titled “The Great Brain Robbery” which aired on 60 Minutes on Jan. 17, 2016, correspondent Lesley Stahl wasted no time in identifying the primary offender.

“If spying is the world’s second oldest profession, the government of China has given it a new, modern-day twist, enlisting an army of spies not to steal military secrets but the trade secrets and intellectual property of American companies. It’s being called ‘the great brain robbery of America.’

In the report Stahl spoke with John Carlin, the assistant attorney general for National Security. Speaking about the Chinese government Carlin told Stahl, “They’re targeting our private companies. And it’s not a fair fight. A private company can’t compete against the resources of the second largest economy in the world.

To see the full report please go to:

http://www.cbsnews.com/news/60-minutes-great-brain-robbery-china-cyber-espionage/

If you would like to learn more about our data centric security solution that extends control and protection of confidential information within and beyond the perimeter of an organization. At a high level, it provides attribute-based security/encryption that stays with the file when it is shared, copied, forwarded, edited, etc. ensuring that sensitive information stays protected. Please feel free to contact us at 615-242-7226 or tom.beasley@aitest.accuimagellc.com

Information Security Focus: Enterprise vs. SME

Cyber-attacks affect businesses of all sizes. These attacks can range in complexity from isolated malware infections to fully executed APTs (Advanced Persistent Threats). Cyber criminals can be highly indiscriminate of whom they attack; in many cases, they scan for soft targets and breach with automated tools. When necessary, skilled hackers can employ sophisticated reconnaissance for extended periods before launching an highly customized attack. Regardless of the method of ingress, the critical requirement for attack execution is the discovery of a vulnerability – preferably an easily exploitable one.

Large businesses and organizations generally have dedicated security teams and hardware/software solutions to detect and prevent internal and external breaches. They are able to spend large amounts of money to protect their critical data assets, and generally represent a greater challenge to would-be intruders. Small and medium sized businesses, on the other hand, do not have the resources to spend on complex intrusion and prevention systems, or the dedicated staff required to monitor them. As such, a hacker’s “hit rate” will generally be higher in the SMB category. Smaller business are highly interconnected – both to other small/medium-sized business and to major corporations. This interconnectedness is just the type of low-hanging fruit that attackers can use to gain entry into enterprises of any size. This is one reason that the SMB segment is under increasing attack. Consider the following:

• Many vulnerabilities are found simply by scanning with rudimentary tools; this “low-hanging fruit” is generally the first to fall.
• Smaller companies are more vulnerable because their security spend (in terms of hardware, software, and personnel) is necessarily low.
• Small/medium-sized companies are interconnected with each other and with large enterprises.

The facts above provide a compelling ROI proposition for attacking smaller businesses. Easy discovery and penetration combined with the potential of unsecured data of other connected businesses is a winning combination.

The article below highlights some of the points we discussed earlier:

1. Criminals don’t care who they attack – they scan for a target and breach with automated attacks. Low hanging fruit falls first.
2. Smaller companies are more vulnerable because they cannot afford the security spend (in terms of hardware, software, personnel)
3. SME’s are interconnected. A breach at a smaller company can be an inroad into a large enterprise (NOTE: most large breaches are not discovered by the major entity, but by a business associate – vendors and contractors, or the FBI)

http://www.csoonline.com/article/2866911/cyber-attacks-espionage/why-criminals-pick-on-small-business.html

Recent trends and statistics:

• Firms with annual revenues less than $100M cut infosec spend by 20% last year, whereas those between $100M and $999M increased spend by 5% (PwC Global State of Information Security Survey, attached)
• In 2013, 62% of attacks in 2013 were against SMEs (Verizon DBIR 2013)

In brief, the overall trend of cyber-attacks is toward small/medium sized businesses – primarily because they are not as well defended and represent an easy point of entry to into the larger companies with which they do business.

Contact AccuImage, LLC today for information on how our SmartCipher™ suite can help protect your company’s data.

Accuimage Develops ePAV System For The Metropolitan Government Of Nashville & Davidson County

The Metropolitan Government of Nashville & Davidson County uses AccuImage’s ApplicationXtender system for document management. As most of their documents are a matter of public record, Metro Government decided it would be more efficient to empower the public to retrieve their own documents rather than utilize internal manpower fulfilling these requests for documents. The process needed to be simple enough for the average citizen to easily use and also had to accommodate a variety of operating systems and web browsers since Metro Government had no control over the public users’ computers.

AccuImage was tasked with custom development of a system that would fulfill this need for Metro Government, and the solution we provided is now called ePAV. Our software uses the existing ApplicationXtender document repository as a backend, so the data available in our ePAV system is always the most current data in their Imaging System. While Metro Government stores documents in the AppXtender system in a variety of formats (TIF, JPG, DOC, XLS, PDF, etc.), our ePAV system converts each document to a standard PDF file when a public user requests it, ensuring that users can easily open and read the document with a free version of Adobe Reader rather than needing to install the programs associated with the original file types. Users can either print the document or download the digital copy of the document, whichever is their preference.

Users enter search criteria to a web page, which is then passed to our ePAV processing server, where the request is parsed and submitted to the AppXtender database and fulfilled. Because the search interface is a simple web form, Metropolitan Government of Nashville has complete control over the look and feel of the front-end interface that is presented to their public customers. This allows for them to change the web page’s look, content, and more without need to engage AccuImage’s development team when cosmetic changes are necessary for the web page interface.

The Metropolitan Government of Nashville & Davidson County has recently announced the two latest departments to go online in our ePAV system, and you can read it in their news article here: http://www.nashville.gov/News-Media/News-Article/ID/4136/New-Metro-Contract-Search-Tools. The Metro article also provides links to two of their departments live ePAV pages.

Control & Protect Confidential Information, Anywhere

SmartCipher™ provides definitive security for any type of file used anywhere inside or outside the organization. A simple yet sophisticated rule set embedded in the file determines where, when, and by whom materials can be viewed, printed, changed and shared.

AccuImage, LLC partners with Covertix

AccuImage, LLC is pleased to announce our new strategic partnership with Covertix. Together, AccuImage and Covertix deliver security solutions that are data-centric, elevating our customers’ information security to a new level designed to protect their data even if documents or devices fall into the wrong hands.

For close to 20 years Accuimage has provided clients document management and business process automation solutions designed to improve business operations. With this new partnership AccuImage now offers a security solution that provides persistent protection to information at rest or in motion.

Click here to read the official press release regarding our newest partnership. Contact us for more information about our SmartCipher™ suite.

Medical Data Security Breaches in 2015

Only three months into the year 2015, and we have already seen two significant security breaches of medical data. In February 2015, Anthem reported that hackers broke into a database that contained information on more than 80 million customers. One month later, Premera Blue Cross experienced a similar attack that exposed personal information on over 11 million of their customers.

The Department of Health and Human Services reports any breach of medical data that affects 500 or more people, and the frequency of such events is staggering. Medical data for more than 120 million people has been compromised since 2009 and the list grows each year. Compromised sources for these breaches include laptops, desktop computers, portable electronic devices, emails, paper or film, network servers, and more. The methods of these breaches run the gamut – everything from theft, hacking, unauthorized access, loss of portable device, IT incidents, improper disposal – the list goes on and on.

How can your organization better secure your confidential records and protect both your customers and your employees data? AccuImage’s SmartCipher™ software secures data at the file level, and this security travels with the file itself. Policies can be set to allow confidential files to be accessed only on certain networks, by authorized users, and even by specific IP addresses. Using AES 128-bit encryption technology, protected documents cannot be accessed if the conditions set by the policies governing this data have not been met.

Organizations using SmartCipher™ Enterprise can set organic policies that watch documents that are created and accessed within the domain so that security is set as soon as a data security policy is triggered. For instance, a policy can be set to automatically secure documents of any type if they contain a string that fits the format of a Social Security number. As soon as such a string is entered and the document saved, the applicable policy takes effect.

SmartCipher™ Mobility allows the same protection for digital documents that travel away from your organization’s office when employees work from home or travel for business.

While standard network and domain security is still important, our SmartCipher™ suite adds an additional layer of security to your company’s files that make your confidential data safe even if it falls into the wrong hands. Contact us today to find out more about how we can help your company with its data security needs.

Data Security Challenges for 2015

After very public security breaches at Target and Home Depot in 2014, both consumers and business executives are paying closer attention to data security. CSO Online has some insights regarding the security challenges that companies face in 2015 and how these challenges will reshape the role of the Chief Security Officer (CSO) in large organizations. This article also does a great job of pointing some fundamental responsibilities that companies should be conscious of in order to adequately secure their intellectual property, sensitive data concerning employees and customers, and more.

Click here to read this thought-provoking article at CSO Online.

AccuImage, LLC has partnered with Covertix to offer our customers a suite of software products that can secure data at the file level. The security travels with the file itself, providing an additional layer of security. Our SmartCipher™ product suite has a solution that works for both on-premise users and mobile workers. Contact us today for more information about our SmartCipher™ products.