Cybersecurity: Make It Your Top Priority for 2017

Cesar Cerrudo wrote a great article, Why Cybersecurity Should Be The Biggest Concern Of 2017, that everyone who owns any connected device should read.  As our Chief Compliance Officer, Ed Jones, keeps stating, it is the "Internet of Threats".  Steve Sarnecki wrote a good article, The Internet of Things or the Internet of  Threats?, discussing the value of the IoThings and the threats of IoThreats. Everyone needs to take a few minutes to read about the IoT and Cybersecurity, then invest the time to m ...

Why Physicians should never use public Wi-Fi

We all enjoy the convenience of being somewhere, like a coffee shop, airport, hotel room, or lobby of a building waiting, and hopping on the free Wi-Fi to catch up on some work. Unfortunately, all healthcare workers should avoid free Wi-Fi at all costs.  It is very important to realize that if you can access the free Wi-Fi, so can anyone else. They can even leave devices behind that stay on the Wi-Fi, breach other systems and transmit the data back to their "home" base.  If you share a local Wi-Fi net ...

Why using Gmail, Yahoo Mail, or Hotmail in healthcare is bad

Time and time again we see healthcare organizations using free email accounts. While convenient, it is an extremely dangerous decision in a world where HIPAA fines are increasing in cost and occurrence. If you or your employees have access to or use the free email services from you organization’s network, either officially for business and/or for personal use, you are at an extreme risk of being breached! Why? Think about what can be sent via email. Whether you are using email to send patients r ...

The IoT, Little “Things” with Big Implications

You may have experienced the first coordinated cyber attack using “Internet of Things”, IoT. I bet you are wondering how did it affect me? How did it happen?  Did you notice on October 21st that Facebook and LinkedIn were not available?  Maybe you noticed that Amazon couldn’t take your order, and email was really slow? This was the result of a DDoS attack, Distributed Denial of Service, which have been going on for years, but this one was different. Typically, DDoS attacks are the result of ...

Experian predicts more pain and suffering for healthcare industry

Experian released their fourth annual 2017 DATA BREACH INDUSTRY FORECAST. It covers several industry specific predictions, including Healthcare.  If you haven't heard, healthcare is under attack and it's going to be full on war in 2017.  The cyber attackers are expected to re-invest funds to create more sophisticated software and better targeting of data to steal. A few points made in the report: Protected Healthcare Information (PHI) or patient records are one of the most valuable sources of data ...

Drug Lords versus Cyber Criminals

While sipping my morning coffee and watching the news, CBS reported that the cyber crime industry annual revenues now exceed that of the illicit drug industry.  The estimate provided was ONE TRILLION dollars! Wow! I don’t get to use the “trillion” number very often in my work.  In fact, I don’t ever remember using it before, but we are a small business.  The drug lords (even their nick name means rich) seem to have an endless supply of money.  These guys can afford to fabricate a fleet of ...

Value Proposition of HIPAA Compliance (1 of 2)

If you've been reading our blog very long you know we've discussed Is HIPAA worth it?, What's the ROI?, etc, etc.  This article is really another way to think about why you need to start working on your HIPAA compliance today. What is the Value Proposition of HIPAA Compliance? Identifies weaknesses that make your business vulnerable and liable Improves protection of your patients’ valuable PHI Protects your business from disruptive events – natural and man-made Fortifies your cyber ...

PHI – Who Really Owns It?

Let's just start off this blog by saying, we're not going to solve the legal question here or today.  However, it is a very important topic to understand.  Here's my feeble attempt to help covered entities (CEs) and business associates (BAs) think about PHI in a new way. PHI at its core is the patient's data. It is to be used to provide healthcare services to the patient and keep them healthy and prevent medical injury or death. The Healthcare industry is supposed to make it readily avail ...

Protect your patients, protect your practice, protect yourself.

The healthcare industry is beginning to realize that HIPAA is here to stay and they are probably going to be audited sooner or later.  What physicians and all healthcare providers need to understand is that if you don't protect your patients' PHI/ePHI the following can happen to your patients as a result of their identity being stolen and used. NOT Protecting Your Patients' (PHI/ePHI): You can cause them financial difficulties or even financial ruin. You can cause them undue stress, even a str ...

Focus on Technology: HIPAA Quick Fixes

While meeting all the HIPAA requirements for your technology (computer, network, etc.) requires some planning, there are some quick fixes that can greatly reduce the odds of your organization being breached while at the same time starting you on your path to compliance. Below are some common issues that we see at all sizes of organizations. How you go about correcting some of them is determined by the size and resources of your organization. Quick Fix #1 Issue: The operating system (i.e. Windows) on ...

1 2 3 4 5