508-909-5961 [email protected]

Is being responsible for electronic medical records a daily source of trepidation for you or your business? While the sentiment is understandable, it often results from a lack of understanding about what HIPAA compliance actually means. As industry-wide penalties continue to rise every year, it’s essential to take a closer look at who is being […]

2016September5_HealthcareArticles_BIs being responsible for electronic medical records a daily source of trepidation for you or your business? While the sentiment is understandable, it often results from a lack of understanding about what HIPAA compliance actually means. As industry-wide penalties continue to rise every year, it’s essential to take a closer look at who is being fined, and why. Keep reading for more details on the most recent case.

As the largest fully integrated healthcare system in Illinois, Advocate Health Care Network’s mismanagement of electronic medical records (EMR) came as quite a shock. Regardless of your feelings on such a sizable provider being unable to maintain secure EMRs, what can’t be argued is the precedent set by last month’s $5.5-million settlement.

How exactly did it come to such a historic penalty? The answer is threefold. Firstly, Advocate failed to perform the risk assessments mandated by HIPAA regulations -- an oversight that could have potentially prevented the other two infractions. Secondly, Chicago’s premier healthcare network failed to obtain proper written agreements with each of the business partners who had access to its data, which may have gone unnoticed if one of its associates had not been the subject of a security breach.

The final infraction, and arguably the most directly relevant to Advocate’s internal security policies, was the unsatisfactory safeguards in place on two stolen laptops with confidential medical information. While the breach of its business partner’s network only put 2,000 EMRs at risk, the stolen computers had access to almost 4 million.

So, if you’re tired of vague platitudes about ‘penalties for lax data compliance’ or the ‘liability risks of mediocre security,’ this is your answer: inadequate preventative measures, unfit business partners, and poor internal security protocols can spell millions in damages. Unfortunately, this isn’t just an aberrant case -- the total punitive damages for HIPAA noncompliance in 2015 totaled $6.2 million; after just over eight months into 2016, they currently stand at $20.3 million.

Keep your company’s name off the growing list of companies that didn’t have suitable systems in place when it mattered most. Our EMR management practices provide a full suite of care for your data records; from prevention to end-point security, your information is safe with us. Our proficiency in the healthcare IT industry spans a wide variety of experiences and know-how. Contact us today. We’d love to tell you all about it.

Published with permission from TechAdvisory.org. Source.

Read More

In 2012, cloud storage firm Dropbox was hacked with over two-thirds of its users’ details dumped all over the internet. While the company initially thought a collection of email addresses was the only thing stolen, it was wrong -- passwords had been compromised as well. This new information came to light when the database was […]

2016September2_Security_BIn 2012, cloud storage firm Dropbox was hacked with over two-thirds of its users’ details dumped all over the internet. While the company initially thought a collection of email addresses was the only thing stolen, it was wrong -- passwords had been compromised as well. This new information came to light when the database was picked up by a security notification service. So if you were using Dropbox before the incident and haven’t changed your password since, you should do so right away.

Despite the unfortunate incident, Dropbox has implemented a thorough threat-monitoring analysis and investigation, and has found no indication that user accounts were improperly accessed. However, this doesn’t mean you’re 100 percent in the clear.

What you need to do

As a precaution, Dropbox has emailed all users believed to have been affected by the security breach, and completed a password-reset for them. This ensures that even if these passwords had been cracked, they couldn’t be used to access Dropbox accounts. However, if you signed up for the platform prior to mid-2012 and haven’t updated your password since, you’ll be prompted to do so the next time you sign in. All you have to do is choose a new password that meets Dropbox's minimum security requirements, a task assisted by their “strength meter.” The company also recommends using its two-step authentication feature when you reset your password.

Apart from that, if you used your Dropbox password on other sites before mid-2012 -- whether for Facebook, YouTube or any other online platform -- you should change your password on those services as well. Since most of us reuse passwords, the first thing any hacker does after acquiring stolen passwords is try them on the most popular account-based sites.

Dropbox’s ongoing security practices

Dropbox’s security team is working to improve its monitoring process for compromises, abuses, and suspicious activities. It has also implemented a broad set of controls, including independent security audits and certifications, threat intelligence, and bug bounties for white hat hackers. Bug bounties is a program whereby Dropbox provides monetary rewards, from $216 up to $10,000, to people who report vulnerabilities before malicious hackers can exploit them. Not only that, but the company has also built open-source tools such as zxcvbn, a password strength estimator, and bcrypt, a password hashing function to ensure that a similar breach doesn’t happen again.

To learn more about keeping your online accounts secure, or about how you can protect your business from today’s increasing cyber threats, give us a call and we’ll be happy to help.

Published with permission from TechAdvisory.org. Source.

Read More

It’s hard to deny how reliable Skype is as a VoIP telephony system. Having something good doesn’t mean you should stop at that; for the sake of your small- or medium-sized business, you should always be on the lookout for the next best thing that helps facilitate your company’s growth. Enter Skype for Business. We’ve […]

2016August31_VoIP_BIt’s hard to deny how reliable Skype is as a VoIP telephony system. Having something good doesn’t mean you should stop at that; for the sake of your small- or medium-sized business, you should always be on the lookout for the next best thing that helps facilitate your company’s growth. Enter Skype for Business. We’ve compiled three main reasons why you should consider utilizing this tool as opposed to relying on its predecessor.

Cloud PBX

Skype for Business is designed for simple management, with Cloud PBX (public exchange servers) allowing you to store and transfer data via the Internet as opposed to a computer or other hardware that the end-user owns. With Skype for Business, you are able to easily record and store any audio or video conversation history. You can also store instant messages for future reference in a separate email folder.

In order for a cloud PBX system to work, it requires an IP connection or Internet phone for the necessary Internet connection. From there, you can access it through a personalized account from any Internet-enabled device capable of running the Cloud PBX’s interface. Your cloud PBX service provider is in charge of storing and managing all the data, meaning that your calls are connected to their recipients via the Internet. Your service provides “redundancy,” which backs up all your data in the event they were to get lost or corrupted because your computer crashed.

Expanded Capability

Over the past decade, webinars have become quite popular, mainly due to the fact that they allow important meetings to be held without having to converge at the same location. It’s like having a video chat with your friends. Whereas Skype allows up to 25 participants, Skype for Business accommodates up to 250. Other nifty features include:
    • Skype Meeting Broadcast - broadcast meetings for up to 10,000 people in large webinars.
    • PSTN Conference (or Dial-in conference) - allows attendees to join a meeting via landlines or cellphones.
On top of all that, Skype for Business is fully integrated with a host of other useful office applications. You have access to Microsoft Office (e.g., Excel, PowerPoint, Word, etc.), and you can share files with other participants throughout the meeting.

Enhanced Security Control

With Skype for Business, users have better security control through the authentication and encryption of private communications. So you have better access to guest accounts, and you can enable or disable certain call features to enhance communication.

Knowing which tools to utilize is vital to help you get the upper hand. By utilizing what’s best for you and your business, you won’t have to search for success; it’ll come looking for you instead. For any questions regarding Skype for Business and its functions, feel free to give us a call or send us a message. We’re more than happy to help you any way we can.

Published with permission from TechAdvisory.org. Source.

Read More

As the spectacle and competitive atmosphere of the Rio Olympic Games have drawn the world’s attention, hackers who use social engineering are inching closer to our private information. Although our systems may be prepared for the likes of malware and worms, social engineering is a different beast of its own. If used effectively, hackers can […]

2016August18_Security_BAs the spectacle and competitive atmosphere of the Rio Olympic Games have drawn the world’s attention, hackers who use social engineering are inching closer to our private information. Although our systems may be prepared for the likes of malware and worms, social engineering is a different beast of its own. If used effectively, hackers can manipulate people into disclosing personal information, rendering security systems useless. So how exactly do they go about doing this? Below are five of the most utilized social engineering tactics you should be aware of.

Phishing Phishing scams are perhaps the most common type of social engineering attack. Usually seen as links embedded in email messages, these scams lead potential victims into seemingly trustworthy web pages, where they are prompted to fill in their name, address, login information, social security number, and credit card number.

Phishing emails often appear to come from reputable sources, which makes the embedded link even more compelling to click on. Sometimes phishing emails masquerade as government agencies urging you to fill up a personal survey, and other times phishing scams pose as false banking sites. In fact earlier this year, fraudulent Olympics-themed emails redirected potential victims to fake ticketing services, where they would eventually input their personal and financial information. This led to several cases of stolen identities.

Tailgating

What’s the best way to infiltrate your business? Through your office’s front door, of course! Scam artists can simply befriend an employee near the entrance of the building and ask them to hold the door, thereby gaining access into a restricted area. From here, they can steal valuable company secrets and wreak havoc on your IT infrastructure. Though larger enterprises with sophisticated surveillance systems are prepared for these attacks, small- to mid-sized companies are less so.

Quid pro quo

Similar to phishing, quid pro quo attacks offer appealing services or goods in exchange for highly sensitive information. For example, an attacker may offer potential targets free tickets to attend the Olympic games in exchange for their login credentials. Chances are if the offer sounds too good to be true, it probably is.

Pretexting

Pretexting is another form of social engineering whereby an attacker fabricates a scenario to convince a potential victim into providing access to sensitive data and systems. These types of attacks involve scammers who request personal information from their targets in order to verify their identity. Attackers will usually impersonate co-workers, police, tax authorities, or IT auditors in order to gain their targets’ trust and trick them into divulging company secrets.

The unfortunate reality is that fraudsters and their social engineering tactics are becoming more sophisticated. And with the Olympics underway, individuals and businesses alike should prepare for the oncoming wave of social engineering attacks that threaten our sensitive information. Nevertheless, the best way to avoid these scams is knowing what they are and being critical of every email, pop-up ad, and embedded link that you encounter in the internet.

To find out how you can further protect your business from social engineering attacks, contact us today.

Published with permission from TechAdvisory.org. Source.

Read More