Happy Thanksgiving from Courion

Posted by David Earhart - CEO on Thu, Nov 26, 2015

On this Thanksgiving Day we have sent home our bloggers and the rest of our Courion team but I didn’t want to let that stop us from sending our sincere thanks to our amazing employees, partners, and customers who have made this year such a successful one. In the span of eleven months we have seen a great deal of change in our organization that has led to growth, innovation, and historic sales. With the acquisition of two new companies we have been able to plan and develop new products and solutions that will help our customers detect and remediate risk faster and better than ever before.

We could not have done this without our remarkable employees. We know you are the backbone of our company and we appreciate your hard work, enthusiasm, and willingness to do whatever it takes to make Courion the best it can Happy-Thanksgiving-Header.pngpossibly be. This year we’ve worked in many states and countries while moving our headquarters from Westborough, MA to Roswell, GA and then were separated into two temp spaces for months until just recently when we were able to come together in our incredible new headquarters building. Throughout these challenges you were able to come together and build a supportive culture that works together to overcome any obstacle and collaborates to make our products and solutions the best in the market. Your hard work and support means the world and we thank you for everything that you do.

To our partners who have been nothing short of amazing during the many changes we have seen this year, you have not only supported our customers in making sure that their solutions ran as smooth as ever but have supported our teams like never before. To our partners old and new, thank you for working with us to create such an incredible partnership that supports so many.

Lastly, to our customers, we want to say thank you for your trust and support during the past eleven months. We have always had the vision of building products and solutions that will deliver the utmost in value and security, and now with our board behind us and a focus on execution, we have the power to make this vision come true. We are determined to deliver best in class solutions and as you will see over the coming months, we have built a strong and thorough roadmap to help us do just that. 

We are charging ahead to deliver the best solutions on the market and look forward to sharing more exciting news with you very soon. We hope you enjoy this holiday season and look forward to growing with you in 2016 and beyond.

~ The Courion Executive Team 

Tags: Courion, Thank you

Chipotle serves up "phish" tacos, Android's Gmail has bugs, and much more in this week's #TechTuesday

Posted by Harley Boykin on Tue, Nov 24, 2015

Tags: cybersecurity, IOT, #techtuesday, Hacking, phishing

Beware Black Friday Threats

Posted by Ashley Sims - Marketing Manager on Mon, Nov 23, 2015

While most American's are already dreaming of turkey, stuffing, family time, and leftovers there is another national holiday this week- Black Friday. 

Maybe you aren't ready to camp out the night before and fight for some silly toy with the rest of the world but one thing you can be sure of is that hackers are gearing up for their most fruitful day of the year. Everyone remembers the Target data breach one infamous Black Friday years ago but what you don't see are the other millions of attacks that are launched on that day. 

No matter if you're a retailer or consumer you should be continuously monitoring your accounts throughout the holiday season to keep your accounts and networks safe. 

Here are 5 tips for keeping your information safe this Black Friday. 


Are you watching what's happening in your network? With a Quick Scan of your system we can show you where you greatest threats lie. 

Start My Quick-Scan

Tags: cybersecurity, cyber risk, threats, cyber security, cyber attack, black friday threats, cyber threat

Improving Operational Efficiencies within Healthcare IT

Posted by Ashley Sims - Marketing Manager on Thu, Nov 19, 2015

As a healthcare security specialist, do the concerns of breaches and operational inefficiencies keep you up at night? With the average health record worth an industry high $398 per record, we can understand why. 

Last week, William "Buddy" Gillespie, HCISPP, the former CTO/CIO of Wellspan Health joined tablet.jpgus for a webinar and detailed ways that you could improve operational efficiences within your organization and decrease your threat surface. Buddy drilled down into the issues facing organizations today such as HIPAA compliance, healthcare operations, and more. It was a perfect first for our series of three webinars and we hope you enjoyed it as much as we did. 

For those of you who couldn't make the webinar and want to get caught up, we have it available for download now.

In this webinar you will learn: 

  • Regulatory Guidelines
  • PHI Security
  • Health Information Management
  • Healthcare Operations
  • And much more 

Download Now


After you download part 1, make sure to get ahead of the crowd and the meetings that are always filling up your calendar and save the date for the second part of our series: 

Privacy and Security in Healthcare: Drivers, Trends, Challenges, and Solutions 

Wednesday, December 9th at 11:00 AM ET 

Sign Me Up!

Tags: hipaa compliance, healthcare data, healthcare IT, HIPAA, healthcare security, phi security

#TechTuesday Roundup: Malicious InstaAgent App Pulled from Stores, Rally Health Launches Online Healthcare Shopping Experience, and More

Posted by Harley Boykin on Tue, Nov 17, 2015

Tags: cyber risk, IOT, #techtuesday, healthcare IT, malicious software

4 Things CISO's Are Thankful For

Posted by Ashley Sims - Marketing Manager on Thu, Nov 12, 2015

Tags: cybersecurity, intelligent IAM, intelligent, password management, CISO, password

#TechTuesday Roundup: Pay Your Bills With a Selfie, An Edward Snowden-Approved App, and More

Posted by Harley Boykin on Tue, Nov 10, 2015

Tags: #techtuesday, cyber technology, Hacking, tech tuesday

Interview with a Healthcare Security Expert: William "Buddy" Gillespie, HCISPP

Posted by Ashley Sims - Marketing Manager on Thu, Nov 05, 2015

At Courion, we strive to provide the most innovative solutions possible to allow our customers to detect and remediate risks across all organizations in any industry. We read, we research, and we do our best to stay on top of every new threat, breach, rule, and regulation. However, to truly understand what is happening in the industry and on the ground every day, we turn to the experts who have lived through these scenarios and can help us better understand what you need as a customer.

Today, we welcome one of these experts to our blog in the first post of a new series we will call “An Interview with the Expert”. This week’s guest is Mr. William “Buddy” Gillespie, a highly accomplished visionary, driven Senior Healthcare IT Executive. Mr. Gillespie is a leader with extensive experience and achievements within Healthcare Information Technology (HIT) including strategic positioning, budgeting, staff recruitment, customer service, and implementation and consulting, customer support, customer relationship management, privacy and security sales/marketing and collaborative relationship positioning with multiple HIT vendors and business associates.

He has expertise in Health Information Technology, HIPAA Privacy and Security (HCISPP Certified) and most recently with Analytics and Health Information Exchange (HIE) has included extensive work with Electronic Medical Records (EMR), state-wide HIEs, and marketing of Disaster Recovery/Cloud Hosting solutions.

A certified Healthcare Information Security and Privacy Practitioner (HCISPP), Mr. Gillespie served as the VP, CIO, and CTO at WellSpan health, an integrated delivery system based in York, Pennsylvania and serving more than 70,000 people in south central PA. As the CTO, Mr. Gillespie was responsible for the strategic and tactical efforts surrounding the business and clinical systems at WellSpan. Now “retired”, he works as a consultant, presenter, and active member of several prestigious organizations.

Here is what Mr. Gillespie had to say:

Courion Corporation: What are the biggest challenges you have seen in the last 6 years?

Buddy Gillespie: The last 6 years has been a fast-train for Health Information Technology and has resulted in a huge magnitude of change to the delivery of healthcare. The major force vector behind the high rate of change has been the HITECH Act.  There is no doubt that this Act was the major catalyst to get hospitals to invest in the EMR and other related technologies. The number one change has been in the way patient care is delivered.  Physicians, for the most part, no longer fight technology but embrace it. The question on the table, is will the changes sustain or will they fall back, we can only hope that Meaningful Use is “too big to fail”.

CC: What are the strongest emerging drivers and trends in healthcare?

BG: I would say the sustainability of HITECH, Electronic Health Records, Meaningful Use, and the Triple Aim.

In 2009, the HITECH Act was signed into law which established the goal to implement the Electronic Health Record across all healthcare providers and thereby establish a road to have every caregiver to utilize the EHR in a manner which constitutes a “meaningful use” of the patient data.  Rules were established to define Meaningful Use and if the provider achieved the goal incentive payments would be paid to the providers.  The Act was setup into three phases and each phase have its own criteria/rules to define the objectives for achievement. Ninety percent of providers have achieved the first two phases and over $20 billion dollars have been paid-out in incentives. The criteria for the final phase have been released and providers are gearing up. The ultimate goal of the HITECH Act and Meaningful Use is to meet the three pillars of the Triple Aim: Reduce the cost of healthcare, increase quality and improve the patient experience.  The question now becomes how successful have the first two phases been in meeting the goals of the HITECH Act and the Triple Aim.  Surveys to that regard have resulted in mixed reactions. While the overall feeling is positive some have responded that the Act has created additional burden on an already excessive patient load for physicians.  There is no doubt that the Act has resulted in the expansion of the EHR to a level never before seen in healthcare.  Today over 50 percent of physician practices and over 60 percent of hospitals have implemented a robust EHR.  Phase Three will be the ultimate test of the success factors for the HITECH Act.  That phase will build on the first two phases and take into account the pros and cons of the first two phases. 

In my opinion the real critical success factor will be sustainability.  Once the dollar incentives are gone and the “awe gee” reaction has passed, will the current level of Meaningful Use survive? I think not unless health systems and providers continue to monitor, nurture and invest in the resources and technology to sustain Meaningful Use.

CC: We’ve all heard about the new phase 2 for the OCR and the HIPAA Audit program. What do you think will be the biggest impact and how can companies prepare?

BG: The Office for Civil Rights (OCR) has announced that they are ready to start the second phase of the HIPAA/HITECH audit program. The scope of Phase 2 will be to audit 200 plus covered entities.  The audit criteria will be benchmarked to the compliance of the HIPAA Privacy and Security Rules plus the requirements for Breach Notification.  The Covered Entities Audits will be followed by audits of the Business Associates to include EMR vendors, Cloud Service Providers, and other BAs in the HIPAA Chain of Trust continuum.

Although OCR has indicated that the first round of audits will be a review of policies and processes, additional on-site audits will be more comprehensive in nature and focus on a deep-dive of internal technology and other types of mitigating solutions in place to support risk prevention. 

So what is a good rule of thumb for preparing for the OCR audit?  First of all make the assumption that you will be part of the 200 plus and prepare a plan sooner than later.

The plan should be kept simple and kept to a few basic components:

  • Review OCR’s audit protocol and be well versed on the HIPAA and HITECH regulations
  • Review your documentation and insure you have the most recent HIPAA guidelines, policies, and procedures in place and the organization is well-educated relative to those documents
  • Have a clear understanding on what OCR’s expectations/process is relative to providing your documentation to the auditors.
  • Orchestrate a “mock” audit with all internal parties and simulate a real audit.
  • Lastly, establish a communication chain within your organization to communicate events, timelines, tasks, status, etc.


For more on our conversation with Mr. Gillespie, 

join us next month for Part 2 of our interview 

or register today for our webinar,

Improving Operational Efficiencies in Healthcare Organizations

Wednesday, November 11, 2015 at 11AM 



Tags: cybersecurity, cyber risk, healthcare, cyber security, healthcare IT, Cyberattack, healthcare security

#TechTuesday Roundup: An 11-year-old is creating and selling diceware passwords, iris-scanning ATMs and another possible password breach

Posted by Harley Boykin on Tue, Nov 03, 2015

Tags: cybersecurity, #techtuesday, Passwords, cyber technology, breach, password, tech tuesday

The Walking Dead: How to Find Zombie Accounts in Your Network

Posted by Chelsea Herring- Sales Operations Analyst on Thu, Oct 29, 2015

Living in Atlanta, I get my fair share of zombies. The popular television show “The Walking Dead” was actually filmed on Georgia State’s campus downtown and features several Atlanta landmarks. We have the Centers for Disease control who (hopefully jokingly) has a zombie preparedness plan.  We even have a zombie walk each year
around this time where anyone who wants to get in on the madness can dress as a zombie and stagger around town. While zombies may be popular when it comes to fictional T.V. shows or once a year costumes, they are a real and ongoing problem when it comes to your IT security.

Zombie accounts, also known as abandoned accounts, are user accounts left with no verifiable owner. This happens most often when someone leaves your company and their access to a certain application is never terminated. In a perfect world, the person that leaves you would never try and get back into your system for any reason. However, our world is not perfect. Instead, we have rogue players who can create or hide these accounts in your system for nefarious reasons. There are also hackers who are stealing user credentials from all over the world and trying to use them to get into your system. If your employees have the same password at their bank that was just breached and your hospital EHR system, then the hackers are already in. 

The solution sounds simple, almost as if you can’t believe people don’t terminate access immediately after someone leaves, but it happens all the time. For example, let’s think about a hospital with 200 doctors, 400 nurses, and 300 members of the support staff. Each nurse needs access to the email, EHR system, file share system, and the patient portal. Except for the nurses that also work with insurance, they need to get into that system. Oh and the nurse that worked on the floor for a month before transferring to the ER; she is gone now but did we ever shut off her floor access?

Have you had a layoff or have a seasonal business where employees are leaving at once? What about interns or contractors?   The rise of zombie accounts isn’t like something out of the movies, it is as simple as any of the examples above. With so many users in your system, without an automated process you can’t see who is signing into these accounts or monitor their usage in real time. Leaving these accounts open increases your threat surface and the likelihood that you will be breached.

So how do you stop zombie accounts from happening? On T.V. it’s as easy as a single shot to the head. In the real world, that silver bullet is called intelligence. With a manual system full of spreadsheets, you have to be able to comb through each of them, hoping that their manager didn’t miss anything. In an organization with only ten people, this method might be feasible. However, in an organization with hundreds or thousands of employees, a manual system doesn’t give you the insight that you need when you need it.

With an intelligent IAM system you will be able to de-provision accounts automatically. No spreadsheets to look through, just the click of a button once an employee leaves and all of their access rights are shut down immediately. Intelligence in IAM also allows you to see into your system at any time with real-time monitoring tools. What your system looks like now versus five minutes from now will be completely different, and you have to be able to see into your system to ensure that no one is abusing their access.

You can’t fix what you can’t see. If you can’t see zombie accounts staggering through your network then how will you know they are there? Or if they are being controlled by a hacker who is quietly siphoning off data to use against you. You need an intelligent IAM solution to help stop zombie attacks and any other insider threat your system may face.

Have you had success in ridding your network of zombies? Let us know in the comments!

Ready to start your own Zombie Preparedness Kit? With a quick scan of your system we can show you:

  • Where your zombie accounts may be lurking
  • How you can improve operational efficiencies 
  • How you can reduce the threat of zombie accounts  
  • How to drive your IT costs down.

Start My Quick-Scan


Tags: cybersecurity, IAM, IAM in the cloud, Zombie Accounts, intelligent IAM, Cyberattack