Guarding Against Common Criptocurrency & Other Cyber Crime Threats

The National Cyber Awareness System (NIST) today is urging Americans and American businesses engaging in cryptocurrency dealings to guard against common cybercrime hazards.

Security Tip (ST18-002) on Defending Against Illicit Cryptocurrency Mining Activity warns that many riding the rising popularity tide of cryptocurrency, a form of digital currency, such as Bitcoin, Litecoin, Monero, Ethereum, and Ripple people lack a basic understanding of cryptocurrency and the risks associated with it.

NIST warns this lack of awareness is contributing to the rise of individuals and organizations falling victim to illicit cryptocurrency mining activity. NIST shares the following tips to help guard against these risks.

What is cryptocurrency?

Cryptocurrency is a digital currency used as a medium of exchange, similar to other currencies. However, unlike other currencies, cryptocurrency operates independently of a central bank and uses encryption techniques and blockchain technology to secure and verify transactions.

What is cryptomining?

Cryptocurrency mining, or cryptomining, is simply the way in which cryptocurrency is earned. Individuals mine cryptocurrency by using cryptomining software to solve complex mathematical problems involved in validating transactions. Each solved equation verifies a transaction and earns a reward paid out in the cryptocurrency. Solving cryptographic calculations to mine cryptocurrency requires a massive amount of processing power.

What is cryptojacking?

Cryptojacking occurs when malicious cyber actors exploit vulnerabilities—in webpages, software, and operating systems—to illicitly install cryptomining software on victim devices and systems. With the cryptomining software installed, the malicious cyber actors effectively hijack the processing power of the victim devices and systems to earn cryptocurrency. Additionally, malicious cyber actors may infect a website with cryptomining JavaScript code, which leverages a visitor’s processing power via their browser to mine cryptocurrency.

Cryptojacking may result in the following consequences to victim devices, systems, and networks and  their operators:

  • Degraded system and network performance because bandwidth and central processing unit (CPU) resources are monopolized by cryptomining activity;
  • Increased power consumption, system crashes, and potential physical damage from component failure due to the extreme temperatures caused by cryptomining;
  • Disruption of regular operations;
  • Investigation, reporting, disclosure, and other post-event regulatory, public relations and other dealings; and
  • Financial loss due to system downtime caused by component failure, the cost of restoring systems and files to full operation and the increased power consumption and liabilities to customers, business partners or others connected to your operations disrupted or damaged by the event or its fallout.

Cryptojacking involves maliciously installed programs that are persistent or non-persistent. Non-persistent cryptojacking usually occurs only while a user is visiting a particular webpage or has an internet browser open. Persistent cryptojacking continues to occur even after a user has stopped visiting the source that originally caused their system to perform mining activity.

Malicious actors distribute cryptojacking malware through weaponized mobile applications, botnets, and social media platforms by exploiting flaws in applications and servers, and by hijacking Wi-Fi hotspots.

What types of systems and devices are at risk for cryptojacking?

Any internet-connected device with a CPU is susceptible to cryptojacking. The following are commonly targeted devices:

  • Computer systems and network devices – including those connected to information technology and Industrial Control System networks;
  • Mobile devices – devices are subject to the same vulnerabilities as computers; and
  • Internet of Things devices – internet-enabled devices (e.g., printers, video cameras, and smart TVs).

How do you defend against cryptojacking?

NIST recommends the  following cybersecurity best practices to help protect  internet-connected systems and devices against cryptojacking and other cybersecurity threats:

  • Use and maintain antivirus software. Antivirus software recognizes and protects a computer against malware, allowing the owner or operator to detect and remove a potentially unwanted program before it can do any damage. (See Understanding Anti-Virus Software.)
  • Keep software and operating systems up-to-date. Install software updates so that attackers cannot take advantage of known problems or vulnerabilities. (See Understanding Patches.)
  • Use strong passwords. Select passwords that will be difficult for attackers to guess, and use different passwords for different programs and devices. It is best to use long, strong passphrases or passwords that consist of at least 16 characters. (See Choosing and Protecting Passwords.)
  • Change default usernames and passwords. Default usernames and passwords are readily available to malicious actors. Change default passwords, as soon as possible, to a sufficiently strong and unique password.
  • Check system privilege policies. Review user accounts and verify that users with administrative rights have a need for those privileges. Restrict general user accounts from performing administrative functions.
  • Apply application whitelisting. Consider using application whitelists to prevent unknown executables from launching autonomously.
  • Be wary of downloading files from websites. Avoid downloading files from untrusted websites. Look for an authentic website certificate when downloading files from a secure site. (See Understanding Web Site Certificates.)
  • Recognize normal CPU activity and monitor for abnormal activity. Network administrators should continuously monitor systems and educate their employees to recognize any above-normal sustained CPU activity on computer workstations, mobile devices, and network servers. Any noticeable degradation in processing speed requires investigation.
  • Disable unnecessary services. Review all running services and disable those that are unnecessary for operations. Disabling or blocking some services may create problems by obstructing access to files, data, or devices.
  • Uninstall unused software. Review installed software applications and remove those not needed for operations. Many retail computer systems with pre-loaded operating systems come with toolbars, games, and adware installed, all of which can use excessive disk space and memory. These unnecessary applications can provide avenues for attackers to exploit a system.
  • Validate input. Perform input validation on internet-facing web server and web applications to mitigate injection attacks. On web browsers, disable JavaScript execution. For Microsoft Internet Explorer, enable the cross-site scripting filter.
  • Install a firewall. Firewalls may be able to prevent some types of attack vectors by blocking malicious traffic before it can enter a computer system, and by restricting unnecessary outbound communications. Some device operating systems include a firewall. Enable and properly configure the firewall as specified in the device or system owner’s manual. (See Understanding Firewalls.)
  • Create and monitor blacklists. Monitor industry reports of websites that are hosting, distributing, and being used for, malware command and control. Block the internet protocol addresses of known malicious sites to prevent devices from being able to access them.

More Information

We hope you found this information helpful.  If your organization wants to learn more about or needs assistance with understanding or managing its health care, financial security, trade secret or other sensitive information or system related responsibilities or liabilities or about the author, Cynthia Marcotte Stamer or her experiences, check out the many resources and publications addressing these topics written by the author available here or contact Ms. Stamer via e-mail here or telephone her at 214.452.8297.

If you or some that you know would like to register to receive these updates and other helpful information on HIPAA and other health care and human resources risk management matters, please be sure that we have your current contact information including your preferred e-mail by registering at and/or sign up to receive the Solutions Law Press Health Care & IT Updates at https://solutionslaw.wordpress.com.   For important information concerning this communication and the access or use of this resource, see the Terms & Conditions Page.

Advertisements

June 26, 2018 at 9:06 pm

NIST Urges Network Cyber Hardening

The National Cyber Awareness System (NIST) today issued an alert urging healthcare, financial services, retail, telecommunications and other business network operators to tighten security to defend their network infrastructure devices against cyber threats.

Maintaining appropriate security and responses for the increasing way of malware, ran somewhere, hacking and other cyber security threat is a significant and growing source of responsibility and liability for US and international businesses.

Department of Health and Human Services Office of Civil Rights has identified Monitoring and appropriately reacting to NIST cyber threat alerts and directivesas one of the security practices that healthcare, health plan, healthcare clearinghouse and their business associates should follow as part of their security effort under the Health Insurance Portability and Accountability Act. Financial services and other entities subject to some of the requirements under federal law also are expected or encouraged to follow these alerts and react accordingly.

The following is the Contents of today’s NIST alert re-printed in its entirety.

ST18-001: Securing Network Infrastructure Devices

06/21/2018 03:46 PM EDT

Original release date: June 21, 2018

Network infrastructure devices are ideal targets for malicious cyber actors. Most or all organizational and customer traffic must traverse these critical devices.

• An attacker with presence on an organization’s gateway router can monitor, modify, and deny traffic to and from the organization.

• An attacker with presence on an organization’s internal routing and switching infrastructure can monitor, modify, and deny traffic to and from key hosts inside the network and leverage trust relationships to conduct lateral movement to other hosts.

Organizations and individuals that use legacy, unencrypted protocols to manage hosts and services, make successful credential harvesting easy for these malicious cyber actors. Whoever controls the routing infrastructure of a network essentially controls the data flowing through the network.

What are network infrastructure devices?

Network infrastructure devices are the physical components of a network that transport communications needed for data, applications, services, and multi-media. These devices include routers, firewalls, switches, servers, load-balancers, intrusion detection systems, domain name systems, and storage area networks.

What security threats are associated with network infrastructure devices?

Network infrastructure devices are often easy targets for attackers. Once installed, many network devices are not maintained at the same security level as general-purpose desktops and servers. The following factors can also contribute to the vulnerability of network devices:

• Few network devices—especially small office/home office and residential-class routers—run antivirus, integrity-maintenance, and other security tools that help protect general-purpose hosts.

• Manufacturers build and distribute these network devices with exploitable services, which are enabled for ease of installation, operation, and maintenance.

• Owners and operators of network devices often don’t change vendor default settings, harden them for operations, or perform regular patching.

• Internet service providers may not replace equipment on a customer’s property once the equipment is no longer supported by the manufacturer or vendor.

• Owners and operators often overlook network devices when they investigate, look for intruders, and restore general-purpose hosts after cyber intrusions.

How can you improve the security of network infrastructure devices?

NCCIC encourages users and network administrators to implement the following recommendations to better secure their network infrastructure:

• Segment and segregate networks and functions.

• Limit unnecessary lateral communications.

• Harden network devices.

• Secure access to infrastructure devices.

• Perform Out-of-Band network management.

• Validate integrity of hardware and software.

Segment and Segregate Networks and Functions

Security architects must consider the overall infrastructure layout, including segmentation and segregation. Proper network segmentation is an effective security mechanism to prevent an intruder from propagating exploits or laterally moving around an internal network. On a poorly segmented network, intruders are able to extend their impact to control critical devices or gain access to sensitive data and intellectual property. Segregation separates network segments based on role and functionality. A securely segregated network can contain malicious occurrences, reducing the impact from intruders in the event that they have gained a foothold somewhere inside the network.

Physical Separation of Sensitive Information

Traditional network devices, such as routers, can separate local area network (LAN) segments. Organizations can place routers between networks to create boundaries, increase the number of broadcast domains, and effectively filter users’ broadcast traffic. Organizations can use these boundaries to contain security breaches by restricting traffic to separate segments and can even shut down segments of the network during an intrusion, restricting adversary access.

Recommendations

• Implement principles of least privilege and need-to-know when designing network segments.

• Separate sensitive information and security requirements into network segments.

• Apply security recommendations and secure configurations to all network segments and network layers.

Virtual Separation of Sensitive Information

As technologies change, new strategies are developed to improve information technology efficiencies and network security controls. Virtual separation is the logical isolation of networks on the same physical network. Virtual segmentation uses the same design principles as physical segmentation but requires no additional hardware. Existing technologies can be used to prevent an intruder from breaching other internal network segments.

Recommendations

• Use private virtual LANs to isolate a user from the rest of the broadcast domains.

• Use virtual routing and forwarding (VRF) technology to segment network traffic over multiple routing tables simultaneously on a single router.

• Use virtual private networks (VPNs) to securely extend a host/network by tunneling through public or private networks.

Limit Unnecessary Lateral Communications

Allowing unfiltered peer-to-peer communications, including workstation-to-workstation, creates serious vulnerabilities and can allow a network intruder’s access to spread easily to multiple systems. Once an intruder establishes an effective beachhead within the network, unfiltered lateral communications allow the intruder to create backdoors throughout the network. Backdoors help the intruder maintain persistence within the network and hinder defenders’ efforts to contain and eradicate the intruder.

Recommendations

• Restrict communications using host-based firewall rules to deny the flow of packets from other hosts in the network. The firewall rules can be created to filter on a host device, user, program, or internet protocol (IP) address to limit access from services and systems.

• Implement a VLAN Access Control List (VACL), a filter that controls access to and from VLANs. VACL filters should be created to deny packets the ability to flow to other VLANs.

• Logically segregate the network using physical or virtual separation, allowing network administrators to isolate critical devices onto network segments.

Harden Network Devices

A fundamental way to enhance network infrastructure security is to safeguard networking devices with secure configurations. Government agencies, organizations, and vendors supply a wide range of guidance to administrators—including benchmarks and best practices—on how to harden network devices. Administrators should implement the following recommendations in conjunction with laws, regulations, site security policies, standards, and industry best practices.

Recommendations

• Disable unencrypted remote admin protocols used to manage network infrastructure (e.g., Telnet, File Transfer Protocol [FTP]).

• Disable unnecessary services (e.g., discovery protocols, source routing, Hypertext Transfer Protocol, Simple Network Management Protocol [SNMP], Bootstrap Protocol).

• Use SNMPv3 (or subsequent version), but do not use SNMP community strings.

• Secure access to the console, auxiliary, and virtual terminal lines.

• Implement robust password policies, and use the strongest password encryption available.

• Protect routers and switches by controlling access lists for remote administration.

• Restrict physical access to routers and switches.

• Back up configurations and store them offline. Use the latest version of the network device operating system and keep it updated with all patches.

• Periodically test security configurations against security requirements.

• Protect configuration files with encryption or access controls when sending, storing, and backing up files.

Secure Access to Infrastructure Devices

Administrative privileges can be granted to allow users access to resources that are not widely available. Limiting administrative privileges for infrastructure devices is crucial to security because intruders can exploit administrative privileges that are improperly authorized, granted widely, or not closely audited. Adversaries can use these compromised privileges to traverse a network, expand access, and take full control of the infrastructure backbone. Organizations can mitigate unauthorized infrastructure access by implementing secure access policies and procedures.

Recommendations

• Implement multi-factor authentication (MFA). Authentication is a process used to validate a user’s identity. Attackers commonly exploit weak authentication processes. MFA uses at least two identity components to authenticate a user’s identity. Identity components include

◦ something the user knows (e.g., password),

◦ an object the user has possession of (e.g., token), and

◦ a trait unique to the user (e.g., fingerprint).

• Manage privileged access. Use a server that provides authentication, authorization, and accounting (AAA) services to store access information for network device management. An AAA server will enable network administrators to assign different privilege levels to users based on the principle of least privilege. When a user tries to execute an unauthorized command, it will be rejected. If possible, implement a hard-token authentication server in addition to using the AAA server. Using MFA makes it more difficult for intruders to steal and reuse credentials to gain access to network devices.

• Manage administrative credentials. Take these actions if your system cannot meet the MFA best practice:

◦ Change default passwords.

◦ Recommend passwords to be at least 8 characters long, and allow passwords as long as 64 characters (or greater), in accordance with the National Institute of Standards and Technology’s SP 800-63B Digital Identity Guidelines and Canada’s User Authentication Guidance for Information Technology Systems ITSP.30.031 V3.

◦ Check passwords against blacklists of unacceptable values, such as commonly used, expected, or compromised passwords.

◦ Ensure all stored passwords are salted and hashed.

◦ Keep passwords stored for emergency access in a protected off-network location, such as a safe.

Perform Out-of-Band Management

Out-of-Band (OoB) management uses alternate communication paths to remotely manage network infrastructure devices. These dedicated communication paths can vary in configuration to include anything from virtual tunneling to physical separation. Using OoB access to manage the network infrastructure will strengthen security by limiting access and separating user traffic from network management traffic. OoB management provides security monitoring and can perform corrective actions without allowing the adversary (even one who has already compromised a portion of the network) to observe these changes.

OoB management can be implemented physically, virtually, or through a hybrid of the two. Although additional physical network infrastructure additional infrastructure can be very expensive to implement and maintain, it is the most secure option for network managers to adopt. Virtual implementation is less costly but still requires significant configuration changes and administration. In some situations, such as access to remote locations, virtual encrypted tunnels may be the only viable option.

Recommendations

• Segregate standard network traffic from management traffic.

• Ensure that management traffic on devices comes only from OoB.

• Apply encryption to all management channels.

• Encrypt all remote access to infrastructure devices such as terminal or dial-in servers.

• Manage all administrative functions from a dedicated, fully patched host over a secure channel, preferably on OoB.

• Harden network management devices by testing patches, turning off unnecessary services on routers and switches, and enforcing strong password policies. Monitor the network and review logs. Implement access controls that only permit required administrative or management services (e.g., SNMP, Network Time Protocol, Secure Shell, FTP, Trivial File Transfer Protocol, RDP, SMB).

Validate Integrity of Hardware and Software

Products purchased through unauthorized channels are often counterfeit, secondary, or grey market devices. Numerous media reports have described the introduction of grey market hardware and software into the marketplace. Illegitimate hardware and software present a serious risk to users’ information and the overall integrity of the network environment. Grey market products can introduce risks to the network because they have not been thoroughly tested to meet quality standards. Purchasing products from the secondary market carries the risk of acquiring counterfeit, stolen, or second-hand devices because of supply chain breaches. Furthermore, breaches in the supply chain provide an opportunity for malicious software and hardware to be installed on the equipment. Compromised hardware and software can affect network performance and compromise the confidentiality, integrity, or availability of network assets. Finally, unauthorized or malicious software can be loaded onto a device after it is in operational use, so organizations should regularly check the integrity of software.

Recommendations

• Maintain strict control of the supply chain and purchase only from authorized resellers.

• Require resellers to enforce integrity checks of the supply chain to validate hardware and software authenticity.

• Upon installation, inspect all devices for signs of tampering.

• Validate serial numbers from multiple sources.

• Download software, updates, patches, and upgrades from validated sources.

• Perform hash verification, and compare values against the vendor’s database to detect unauthorized modification to the firmware.

• Monitor and log devices—verifying network configurations of devices—on a regular schedule.

• Train network owners, administrators, and procurement personnel to increase awareness of grey market devices.

June 22, 2018 at 12:28 am

Petya Ransomware Alert Issued

Tighten up your cyber security shield against the latest ransomware attack!

 US-CERT reports Petya ransomware infection outbreak is occurring in networks in many countries around the world. 

Ransomware is a type of malicious software that infects a computer and restricts users’ access to the infected machine until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware. 

Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. Open-source reports indicate that the ransomware exploits vulnerabilities in Server Message Block (SMB). US-CERT encourages users and administrators to review the US-CERT article on the Microsoft SMBv1 Vulnerability and the Microsoft Security Bulletin MS17-010 (link is external). 

For general advice on how to best protect against ransomware infections,US-CERT recommends that you review US-CERT Alert TA16-091A. Please report any ransomware incidents to the Internet Crime Complaint Center (IC3).

June 27, 2017 at 10:00 pm

Vote

November 8, 2016 at 2:20 pm

Encrypt Mobile Devices & Clean Up Management Documentation Key HIPAA Compliance Messages In New HIPAA Settlements

Encrypt your laptops and other mobile devices” is only one of the key lessons leaders of health plans, health care providers, health care clearinghouses (“Covered Entities”) and their business associates should take away from  the Department of Health and Human Services Office for Civil Rights (OCR)’s April 22 announcement that Concentra Health Services (Concentra) and QCA Health Plan, Inc. of Arkansas (QCA) collectively are paying $1,975,220 under separate Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule resolution agreements resulting from thefts of unencrypted laptops. Along with the importance of encryption, however, these Resolution Agreements also contain equally significant, more broadly applicable lessons to Covered Entities, business associates and their leaders about some of the specific processes, actions and documentation that OCR them to implement and be prepared to defend the adequacy of their HIPAA “culture of compliance” if they file a breach report or otherwise face a HIPAA audit or investigation from OCR.

Consequently, while confirming the adequacy of their organization’s existing encryption of laptops and mobile…

View original post 2,838 more words

April 29, 2014 at 9:08 pm

ACA Won’t Provide Much Relief For Americans Struggling With Medical Debt

PROJECT COPE: COALITION ON PATIENT EMPOWERMENT

ACA Does Little To Improve Factors Leading to Medical Debt Among People With Insurance 

While helping underinsured Americans struggling to pay medical bills of family members facing serious or chronic illness was one of the goals touted by many supporters of the Patient Protection & Affordable Care Act (ACA), information about the sources of these struggles revealed in a new the findings of the new Kaiser Family Foundation report on Medical Debt Among People With Health Insurance (Report) suggests little will change for Americans that choose to enroll in health coverage through the ACA-created federal or state Health Insurance Exchanges

The Report explores the reasons that one in three Americans continue to report difficulty paying their medical bills. even when they have insurance, by drawing insights from the experiences of nearly two dozen people who recently experienced such problems.  According to the Report, cost-sharing provisions like those incorporated into the…

View original post 1,602 more words

January 7, 2014 at 7:54 pm

Hear Former White House Cybercrime Coordinator, Stamer, Other Leaders On HIPAA & Other Cybersecurity 5/21

SLP Readers Get Discount:  Go to://securitysummitla.eventbrite.com/ and enter Promotional Code: Health_Summit_125

Former White House Cybersecurity Coordinator Howard Schmidt and Solutions Law Press, Inc. editor attorney Cynthia Marcotte Stamer are two of an impressive lineup of leaders scheduled to share key HIPAA & other privacy and data security compliance and risk management strategies at the Healthcare HITECH Privacy and Security Summit at the Fifth Annual Information Security Summit on May 21 in Los Angeles. The program offers essential insights for hospitals, physicians, and other health care providers, health plans and insurers, employers and other health plan sponsors, fiduciaries and administrators, their business associates and other business partners and others on what their organizations should do to cope with the rapidly changing and expanding privacy and data security obligations of HIPAA and other federal and state laws.

With the rapidly approaching and privacy and data breach penalties and enforcement rising, health care providers, health plans, health care clearinghouses and their business associates must get moving to update business associate contracts, policies and notices and processes to meet changing HIPAA rules while managing ongoing compliance and risks.

Former Cybersecurity Coordinator Schmidt Keynotes

The Healthcare HITECH Privacy and Security Summit will bring together leaders in Privacy and Security within government and private industry for a day of collaboration, networking and presentations by leading Privacy and Security professionals sharing who HIPAA covered entities and business associates need to know to comply with new HITECH rules and OCR investigations.

Stamer Speaks On Latest HIPAA Rules & Developments

Solutions Law Press, Inc. editor attorney Cynthia Marcotte Stamer will help lay the foundation for the workshop by briefing participants on changes made to HIPAA rules by the new Omnibus HIPAA Rulemaking changes that the Office of Civil Rights (OCR) plans to start enforcing in September, 2013.

Armed with the latest insights from serving as the scribe for the ABA JCEB annual agency meeting with the Office of Civil Rights (OCR), Ms. Stamer, a practicing attorney and widely published author and speaker, will discuss required changes and other recommended steps and strategies that covered entities and their business associates should take to maintain HIPAA compliance and manage HIPAA and other related risks in light of the Omnibus HIPAA Rulemaking changes, new OCR guidance for health care providers about disclosures to avert threats to health or safety, recent audit and enforcement activities and other changing risks and responsibilities including:

  • The latest on OCR’s regulatory guidance, audit and investigation and enforcement rules, actions and strategies and their implications on covered entities and business associates;
  • Changes to breach notification rules and their implications on covered entities and their business associates;
  • Practical implications of new rules on who is covered and their responsibilities;
  • Required and recommended updates to policies, business associate and other agreements, privacy notices and other HIPAA compliance arrangements;
  • Effective training and other risk management strategies;
  • Planning for, investigating and mitigating PHI privacy breaches and other compliance concerns under new rules other selected events; and
  • Other selected strategies for coordinating HIPAA and other privacy and data breach responsibilities and risk management; and
  • Participant questions.

For a complete agenda, to register, to get details on sponsorship or for other information, see here.

For More Information Or Assistance

If you need assistance reviewing or responding to these or other health care related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer, may be able to help. Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years experience advising health industry clients about these and other matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experience with health plan privacy and data security matters, Ms. Stamer serves as the scribe for the ABA JCEB Annual Technical Session meeting with OCR each May and has worked, spoken and published extensively on these and other privacy and data security concerns and controls. Extensively published and a popular speaker on HIPAA and other data security matters, Ms. Stamer works extensively with health care providers, health plans, employers, insurance and financial services, technology and other clients on privacy, data seurity and other privacy and cybercrime concerns. She also serves as the Scribe for the ABA JCEB Agency Techical Sessions Meetings with the Office of Civil Rights which occur each May in Washington, D.C.

Ms. Stamer has extensive experience advising and assisting health care providers and other health industry clients to establish and administer compliance and risk management policies and to respond to DEA and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns including a number of programs and publications on OCR Civil Rights rules and enforcement actions. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. You can get more information about her health industry experience here. If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

About Solutions Law Press

Solutions Law Pressâ„¢ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. 

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.   ©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.

May 3, 2013 at 3:35 pm

Older Posts


September 2018
S M T W T F S
« Jun    
 1
2345678
9101112131415
16171819202122
23242526272829
30  

Recent Posts

Share this blog

Bookmark and Share
September 2018
S M T W T F S
« Jun    
 1
2345678
9101112131415
16171819202122
23242526272829
30