508-909-5961 [email protected]

A recent initiative to give healthcare patients access to the notes their doctor or clinician writes about their visit is continuing its meteoric rise across the country. OpenNotes began a few years ago by researching the benefits of allowing patients to have access to their doctor’s notes. Since that initial study, the number of healthcare […]

18 May, 2016 / by Complete Technology Resources / in Security category

2016May18_HealthcareArticles_AA recent initiative to give healthcare patients access to the notes their doctor or clinician writes about their visit is continuing its meteoric rise across the country. OpenNotes began a few years ago by researching the benefits of allowing patients to have access to their doctor’s notes. Since that initial study, the number of healthcare providers who have agreed to sign on has steadily risen. What is this service and how does it work? Let’s find out.

What is OpenNotes?

OpenNotes allows patients to view their nurse’s and doctor’s notes via online portals that can be accessed from home computers, tablets, or smart phones. Patients receive notifications whenever their doctor adds or modifies a note, a prescription refill is needed, or a follow up appointment is requested. Under the initial study performed by OpenNotes, 99 percent of patients opted to continue using the service, and 100 percent of doctors agreed to continue providing their notes to the patients.

Advocates believe that increasing communication, in this case electronically, results in patients who are “active partners in their care”. Over the years, reaching outside of the doctor’s office and into a patient’s smartphone or computer has resulted in improved medication adherence and reduced the number of note errors. Currently the service claims 7 million patients are in their network.

Is it secure?

All of that sounds great, but how safe is the information that’s being sent back and forth? A recent study by Carestream about patient perceptions of online portals found that, of the respondents who reported an aversion to using the service, the biggest concern (by a very large margin) was security and privacy. The OpenNotes website and press releases try to assuage these concerns by pledging their support during onboarding, but unfortunately threats come in all shapes and sizes nowadays. Often software that requires a lot of security is only as good as the hardware and the protocols you assign to it, and those may be outside of the scope of OpenNotes support staff. Additionally, there is a push for multiple providers to share a single online portal so patients only need one login. With all of this in mind, and the recent string of ransomware attacks on healthcare data, the possibility of an attack is greater than ever before.

Should your practice adopt OpenNotes?

Currently, that decision still depends on the dynamics specific to your practice. However, with more and more providers signing on to OpenNotes, and the government inching toward mandating healthcare information sharing, your network needs to be ready for integration. The healthcare sector has been at the forefront of data collection, and implementing online patient portals of any kind, OpenNotes or otherwise, means a massive increase in online exposure.

OpenNotes has stated that their goal is for 50 million patients to be a part of their network within the next three years. Regardless of whether your practice decides to help them reach that goal, or not, protecting your data needs to be a top priority. For questions and concerns about data security and implementing online patient portals, give us a call.

Published with permission from TechAdvisory.org. Source.

Read More

Unfortunately, we’re confronted with new web security threats every day, and today is no different. Experts have exposed a flaw in ImageMagick, one of the internet’s most commonly used image processors, that could put your site in harm’s way. By learning more about this vulnerability you’ll take the first step toward better protecting your content. […]

17 May, 2016 / by Complete Technology Resources / in Security category

2016May17_Security_BUnfortunately, we’re confronted with new web security threats every day, and today is no different. Experts have exposed a flaw in ImageMagick, one of the internet’s most commonly used image processors, that could put your site in harm’s way. By learning more about this vulnerability you’ll take the first step toward better protecting your content.

What is ImageMagick?

ImageMagick is a tool that allows sites to easily crop, resize, and store images uploaded by third parties. Vendors continue to improve user interfaces and experiences by consolidating functions into all-in-one packages, which means administrators are becoming increasingly unaware of what specific services they are actually utilizing. ImageMagick is deeply integrated into countless web services and many webmasters may not even be aware they are using this unsafe software.

How can an image make my site vulnerable?

Recently, it was discovered that images can be uploaded that force ImageMagick into executing commands and permitting attackers to remotely insert harmful code into vulnerable sites. Images are actually made up of complex code that is translated into photos, icons, etc. Different file extensions use what are called “Magic Numbers” to define their file types. Manipulating these numbers allows attackers to exploit a flaw in ImageMagick. The service scans the uploaded file, and attempts to decode the source information whenever it detects the file is not what it claims to be. Scanning that code and attempting to rectify the file misappropriation can then trigger whatever was hidden inside the image and result in remote command of your site.

How should I protect my site?

ImageMagick has admitted knowledge of the security flaw and promised to release a patch very soon. Until then, experts advise implementing multiple workarounds to keep your systems safe. However, if you're not well acquainted with your web server and its code, then it's wise to consult an expert instead of attempting these changes on your own.

For those who are familiar, follow these steps. The first is to temporarily incorporate lines of code that preemptively block attackers from exploiting these holes. Those lines of code, and where to insert them, can be found here.

The next step is double checking that any image files utilizing the ImageMagick service aren’t hiding any harmful information. This can be accomplished by opening an image file with a text editor, and checking for a specific set of letters and numbers at the beginning of the text that define what type it is. The list of these “Magic Numbers” can be found here, and will reveal if an image is hiding its true purpose.

Ideally, administrators will halt all image processing via ImageMagick until a patch is released from the developers.

Data security is one of the most crucial aspects of any SMB, however, keeping up with the constant flow of security exploits and patches can be overwhelming for administrators of any ability level. Why not contact us to learn more about keeping your network secure and protected from exploits like this one?

Published with permission from TechAdvisory.org. Source.

Read More

SMBs see a lot of benefits to utilizing browser-based software, but generally avoid implementation for privacy and security concerns. Microsoft has finally addressed these issues by allowing businesses to host Microsoft Office locally. Popular pieces of software that usually take up a lot of space can now be securely accessed through a private cloud. Read […]

16 May, 2016 / by Complete Technology Resources / in Microsoft Office, Windows category

2016May16_MicrosoftWindowsNewsAndTips_BSMBs see a lot of benefits to utilizing browser-based software, but generally avoid implementation for privacy and security concerns. Microsoft has finally addressed these issues by allowing businesses to host Microsoft Office locally. Popular pieces of software that usually take up a lot of space can now be securely accessed through a private cloud. Read on to learn more about this service and its viability in your office.

Released in 2013, Office Web Apps offered access to powerhouse software packages like Word, Excel and PowerPoint without cumbersome installation procedures and storage requirements. Earlier this month however, Microsoft updated and renamed Office Web Apps to Office Online Server (OOS), and allowed delivery of these services via local SharePoint servers.

The update to OOS will include a number of collaborative features, like allowing multiple users to view and edit documents simultaneously. This will allow everyone’s changes to be visible the moment they make them -- thereby eliminating the necessity for drawn-out workflows. In addition to editing, OOS can also be used to easily facilitate meetings and presentations by utilizing real-time co-authoring in programs like PowerPoint, OneNote and Word.

The announcement elaborated that, “By integrating OOS with Exchange Server, you can view and edit Office file attachments in Outlook on the web and send back a reply without ever leaving your browser.”

But most importantly, we understand that many small and medium-sized business owners still have security concerns about the public cloud -- no matter what assurances they get from software providers. Many SMBs didn’t feel safe sending their company documents outside of their network and Microsoft’s OOS update aims at addressing those concerns by allowing OOS to be hosted locally. Contact us about how to move your Microsoft Office suite to the cloud without compromising your privacy.

Published with permission from TechAdvisory.org. Source.

Read More

SMBs see a lot of benefits to utilizing browser-based software, but generally avoid implementation for privacy and security concerns. Microsoft has finally addressed these issues by allowing businesses to host Microsoft Office locally. Popular pieces of software that usually take up a lot of space can now be securely accessed through a private cloud. Read […]

16 May, 2016 / by Complete Technology Resources / in Microsoft Office, Windows category

2016May16_MicrosoftWindowsNewsAndTips_BSMBs see a lot of benefits to utilizing browser-based software, but generally avoid implementation for privacy and security concerns. Microsoft has finally addressed these issues by allowing businesses to host Microsoft Office locally. Popular pieces of software that usually take up a lot of space can now be securely accessed through a private cloud. Read on to learn more about this service and its viability in your office.

Released in 2013, Office Web Apps offered access to powerhouse software packages like Word, Excel and PowerPoint without cumbersome installation procedures and storage requirements. Earlier this month however, Microsoft updated and renamed Office Web Apps to Office Online Server (OOS), and allowed delivery of these services via local SharePoint servers.

The update to OOS will include a number of collaborative features, like allowing multiple users to view and edit documents simultaneously. This will allow everyone’s changes to be visible the moment they make them -- thereby eliminating the necessity for drawn-out workflows. In addition to editing, OOS can also be used to easily facilitate meetings and presentations by utilizing real-time co-authoring in programs like PowerPoint, OneNote and Word.

The announcement elaborated that, “By integrating OOS with Exchange Server, you can view and edit Office file attachments in Outlook on the web and send back a reply without ever leaving your browser.”

But most importantly, we understand that many small and medium-sized business owners still have security concerns about the public cloud -- no matter what assurances they get from software providers. Many SMBs didn’t feel safe sending their company documents outside of their network and Microsoft’s OOS update aims at addressing those concerns by allowing OOS to be hosted locally. Contact us about how to move your Microsoft Office suite to the cloud without compromising your privacy.

Published with permission from TechAdvisory.org. Source.

Read More