Employers
HHS Signals Continued Focus on Health Plan Privacy and Cybersecurity
Privacy and security are enforcement priorities for government regulators following HHS's restructuring of its Office for Civil Rights.
Security
Cybersecurity Alert: Rising Social Engineering Threats to IT Help Desks
Organizations are increasingly facing cybersecurity threats where attackers use social engineering tactics to bypass security controls.
Organizations are increasingly facing cybersecurity threats where attackers use social engineering tactics to bypass security controls. A current trend involves targeting IT help desks and call centers with techniques like voice-altering technology and publicly available information to impersonate employees. These attackers aim to trick support personnel into resetting passwords and redirecting multi-factor authentication (MFA) codes to unauthorized devices, gaining access to sensitive systems.
To counteract this threat, organizations should be vigilant about all requests, especially those made over the phone, and ensure secure protocols are in place to prevent unauthorized changes to passwords and MFA credentials. IT and help desk personnel are encouraged to remain cautious and to double-check the identity of any individual requesting authentication modifications, as these may be attempts to exploit internal systems.
Raising awareness among all staff, especially those handling support requests, and emphasizing thorough identity verification can significantly reduce the risk of unauthorized access. For best practices and further information on preventing social engineering and phishing attacks, refer to resources provided by the U.S. Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA).
Benefit Allocation Systems (BAS) provides online solutions for: Employee Benefits Enrollment; COBRA; Flexible Spending Accounts (FSAs); Health Reimbursement Accounts (HRAs); Leave of Absence Premium Billing (LOA); Affordable Care Act Record Keeping, Compliance & IRS Reporting (ACA); Group Insurance Premium Billing; Property & Casualty Premium Billing; and Payroll Integration.
MyEnroll360 integrates with major insurance carriers for enrollment eligibility management (e.g., Blue Cross, Blue Shield, Aetna, United Health Care, Kaiser, CIGNA and others), and with leading payroll platforms for enrollment deduction management (e.g., Workday, ADP, Paylocity, PayCor, UKG, and others).
This article is for informational purposes only and is not intended as legal, tax, or benefits advice. Readers should not rely on this information for taking (or not taking) any action relating to employment, compliance, or benefits. Always consult with a qualified professional before making decisions based on this content.
Topics
Employers
Risk Assessments Are Only the Beginning: The Importance of Following Through
Federal regulators continue to emphasize that an effective security program requires more than documenting vulnerabilities.
Security
Risk Assessments Are Only the Beginning: The Importance of Following Through
Identifying security vulnerabilities is only the first step — organizations must implement remediation plans and maintain documentation that safeguards are actively in place.