508-909-5961 [email protected]

MR to be removed from Google search

Google has recently made changes to its personal information policy, including a major one for the healthcare industry. The search giant has begun removing private medical records from its search results, preventing cybercriminals from taking advantage of these resources that were previously available after only a few keystrokes.

The post MR to be removed from Google search appeared first on Complete Technology Resources, Inc..

MR to be removed from Google search

Google has recently made changes to its personal information policy, including a major one for the healthcare industry. The search giant has begun removing private medical records from its search results, preventing cybercriminals from taking advantage of these resources that were previously available after only a few keystrokes.

If an individual's medical records were leaked, that could be both emotionally and financially damaging. For example, hackers that use ransomware to extort money from hospitals can gain access to private medical data and hold it for ransom. Whether the ransom is paid or not, they could still release it online, where Google’s search engine would pick it up.

Traditionally, Google had a hands-off policy to search results and rely on its algorithm to do the work instead. In the past, this policy was heavily scrutinized for releasing fake news and other forms of false information. All of this changed when Google combed through the search results and removed private medical information.

Before making potentially sensitive information available on search results, Google now assesses their level of sensitivity using this series of questions:

  • Is it a government-issued identification number?
  • Is it confidential, or is it publicly available information?
  • Can it be used for common financial transactions?
  • Can it be used to obtain more information about an individual that would result in financial harm or identity theft?
  • Is it a personally identifiable nude or sexually explicit photo or video shared without consent?

Ensuring the security of private data is paramount to the success of businesses operating in every industry. Whether it be on-site or online, if data were to fall into the wrong hands, not only could that cause financial and reputational ruin, it could even close down your business for good. If you want to know more about how to keep your data safe, feel free to call or email us!

Published with permission from TechAdvisory.org. Source.

The post MR to be removed from Google search appeared first on Complete Technology Resources, Inc..

Read More

4 HIPAA protections against ransomware

Keeping up with HIPAA regulations may be a pain for most healthcare institutions, but it does provide guidelines on how to protect your organization from devastating cyberattacks. That said, following HIPAA rules may be your best shot in fending off ransomware like WannaCry.

The post 4 HIPAA protections against ransomware appeared first on Complete Technology Resources, Inc..

4 HIPAA protections against ransomware

Keeping up with HIPAA regulations may be a pain for most healthcare institutions, but it does provide guidelines on how to protect your organization from devastating cyberattacks. That said, following HIPAA rules may be your best shot in fending off ransomware like WannaCry.

For those who don’t know, WannaCry was first discovered in the UK. It affected over 20% of the UK’s National Health Service and created bottlenecks in hospital administration and treatment. Many healthcare institutions claimed that the privacy of patient data was not compromised, but the success of the attack shows how vulnerable these industries are to new, emerging threats.

Within 24 hours, the ransomware eventually spread and infected hundreds of thousands of machines in 150 countries. But despite WannaCry’s success rate with healthcare institutions in Europe, the malware was less effective in the US -- thanks to companies that strictly followed these HIPAA guidelines:

Malware protection
Securing your endpoints with advanced antivirus software, firewalls, and intrusion prevention systems can help detect and block attacks targeting your patient data. In fact, most antivirus software has been able to prevent WannaCry since early April; with that in mind, you should keep your security systems patched and running full system scans on a weekly, if not, daily basis.

Up-to-date software
Just like your security products, your business applications, operating system, and other software should always be up to date. WannaCry was able to spread only due to vulnerabilities in outdated Windows operating systems (which were actually fixed back in March). Simply taking a few minutes to check for updates and install them will save you lots of financial and legal trouble in the future.

Incident response plans
Should a malware attack occur, HIPAA requires that companies have strategies in place to mitigate the damage. When dealing with highly sensitive patient data, encryption systems are a must. And in cases when ransomware strikes, companies should have cloud backup and disaster recovery plans to restore files in a clean computer to keep operations running.

Security tests and risk analyses
Once you’ve established a security framework and incident response policy, risk analysis and security tests are crucial last steps. Hiring IT staff to perform a risk analysis will help you identify and isolate system vulnerabilities to prevent cyberattacks. Also, security tests are important in finding out whether your defenses are capable of preventing different types of attacks from exploiting any weaknesses.

Employee awareness
Of course, none of this can substitute for good security training. Staff who understand security best-practices like setting strong passwords and critically double-checking download links can ensure your firm’s safety.

Experts anticipate that this attack will spur on copycats, so complying with these security tips and best practices (even if your company is not under HIPAA regulations) is key to survival. And if you need guidance with security or healthcare compliance, we’re the ones to talk with. Call us today if you need help keeping WannaCry and other malware at bay.

Published with permission from TechAdvisory.org. Source.

The post 4 HIPAA protections against ransomware appeared first on Complete Technology Resources, Inc..

Read More

21st century challenges to patient privacy

A few generations ago, healthcare workers had far fewer opportunities to gossip about patients. But with social media and instant messaging, healthcare employees have plenty of opportunities to breach information before realizing what they’ve done.

The post 21st century challenges to patient privacy appeared first on Complete Technology Resources, Inc..

21st century challenges to patient privacy

A few generations ago, healthcare workers had far fewer opportunities to gossip about patients. But with social media and instant messaging, healthcare employees have plenty of opportunities to breach information before realizing what they’ve done. Consider some of these IT solutions to avoid a breach at your practice.

Celebrity hospital visits

Under HIPAA’s privacy rule, a breach has occurred whenever patient information is accessed and shared by an employee unauthorized to access it and/or has no job-related reason to do so. So in addition to the hundreds of computer-based data security policies you need to design and implement, you also have to prevent employees from snooping on files inappropriately.

Most of the time there aren’t many reasons for an employee to go looking through medical files. But a great example of what these types of breaches look like involves Kanye West’s recent stay at the UCLA Medical Center. As an international superstar, more information on why Mr. West was admitted to the facility was in high demand.

Several employees ended up sneaking a look at his medical history and talking about it on social media, forcing the medical center to launch a breach investigation and eventually fire a number of individuals. It’s a great example of how HIPAA can affect our everyday lives, but what impact does it have on the average small- or medium-sized business?

Smalltown disclosures

Just mentioning someone has been admitted is enough to constitute a breach. For a more likely scenario, imagine you ran a clinic in a small town. You employed a high school senior as your receptionist and he or she helped a former teacher schedule a doctor’s appointment.

If the receptionist were to post about it on social media -- or even just text a couple of his or her friends -- that would constitute a data breach. Think about it, if that teacher’s appointment was for something embarrassing, students and fellow faculty knowing about it could result in quite a bit of “harm” to him.

IT solutions to avoid breaches

In addition to conducting multiple employee trainings per year, any HIPAA-compliant office should also implement:

  • Exhaustive URL filtering to keep employees with company-provided workstations from accessing social media sites, messaging platforms, and anything that could lead to a breach.
    Thorough mobile device management solutions to keep employees from using their phones to disclose protected information while at work.

As HIPAA experts, we know the most efficient route to reliable compliance. HHS audits are on the rise, and you need an IT consultant that leaves you feeling confident in your ability to weather whatever comes your way. For more information about our compliance services, call us today.

Published with permission from TechAdvisory.org. Source.

The post 21st century challenges to patient privacy appeared first on Complete Technology Resources, Inc..

Read More