Security and Compliance Audit Failure Notice

I know, I know, the subject is ominous, but I had to get you to read this! We really are here to help you avoid the complications of a failed HIPAA Audit! As healthcare providers, you understand your patients want frank “give it to me straight” talk when discussing their care. When discussing Privacy, Security and Compliance, I’m hoping you want “give it to me straight” talk! So here it…

Read More

Top 5 Threats to the Privacy & Security of your Client & Patient Data

The NSA recently published a document confirming what we’ve known about computer networks for years, “The question is not IF a system will be compromised, but WHEN”. This document’s basic premise is that Computer Security Professionals are well aware of the basic practices to prevent attacks, but does the business owner know? Do you? Top 5 Threats Internal Threats – Intentional and Accidental information breaches Spear Phishing Server security configuration…

Read More

Lincare Inc. ordered to Pay almost $240K HIPAA Violation

Headlines From HHS.gov “Administrative Law Judge rules in favor of OCR enforcement, requiring Lincare, Inc. to pay $239,800” Dental and Medical – IT Security – IT MATTERS US Department of Health and Human Services (HHS), Office of Civil Rights (OCR) Administrative Law Judge ruled that Lincare Inc. violated HIPAA rules, and is required to pay $239,800! This is serious! The investigation began after someone complained to HHS that a Lincare…

Read More

Why use Password Managers

Passwords are a pain in the neck. Worse, re-using passwords on multiple accounts is a really BAD idea. It most certainly leads to a breach at some point. Here’s how. Let’s say your email is ‘imspecial@ g*mail.com’, and your password is ‘SpecialMe1‘. I think we can all agree tht this scenario is not good – but for argument’s sake, let’s keep it simple. Let’s pretend you’re traveling for work.  Your…

Read More

Sharing your password is worse than sharing a toothbrush

I’ll bet that you disagree with the title of this post.  My guess is that 99% of Dentists, Medical Doctors and their staff members would much sooner share their password than their toothbrush! In fact, I bet another lunch at nice restaurant that 90% of you out there regularly share passwords!  BAM!  Guess what?  You’re toast. Someone just compromised your system and has harvested your Protected Health Information (Practice Management…

Read More

Phish or be Phished, that is the question

Are you and your staff being Phished on a regular basis? It’s almost a forgone conclusion that you are, have or will be Phished.  What’s Phishing? The number one attack vector or method into your network exposing Protected Health Information is through Phishing and Spear-Phishing attacks. These attacks can allow the hacker to infiltrate your systems, and install Advanced Persistent Threat malware (APT). This type of malware can give remote…

Read More

How to Stop Phishing Attacks

There is no silver bullet, no panacea when it comes to thwarting Phishing and Spear Phishing! There are many strategies, methods, tools, techniques, policies and procedures that can create an effective layered defense protocol to prevent most Phishing attacks. It’s takes time, patience, persistence, training and proper execution. Morphing your computing systems environment into a more secure posture, will require you investing a reasonable amount of time and some money.…

Read More

What is an Advanced Persistent Threat (APT)?

And, why should I care about Advanced Persistent Threats (APT’s)? Phishing campaigns typically have a single purpose. Get the user to click a link contained in an email message (Phish), or open an attachment. DON’T CLICK IT! Advanced Persistent Threats are malware designed to lurk undetected within a computer network over a long period of time, surreptitiously monitoring,  gathering and ex-filtrating information for the purposes of stealing money, gaining control…

Read More

Trojan Horse – Back Door

A Trojan Horse or back door is a computer program that appears to be useful, but also has a hidden and usually malicious function that evades security mechanisms, typically by exploiting the user’s information, credential etc. It is typically delivered through an attachment to an email message or a link from within the email message. The purpose of the Trojan is to steal information, credentials, and identities for evil purposes…

Read More

Creating strong passwords

“Three may keep a secret, if two of them are dead.” – Benjamin Franklin, Poor Richard’s Almanack Remembering all the passwords you use alone can be tough. Remembering secure passwords can be even tougher though. Thankfully, there are ways to create an easy-to-remember password without sacrificing the level of security it provides. Part 1– Making a Strong Password  First, we’ll review the guidelines for a strong password A strong password…

Read More