Too Many Passwords and Too Little “Personal” Memory!

I began my morning by starting up my PC and getting the message “Your password has expired. You must change it now!” Temporarily frozen at my keyboard, my mind is churning to think up a new password that I have a decent chance of remembering.  Should I tweak the old password by a digit or create a new one?  Luckily NIST has phased out the requirement to regularly change passwords.  But every website seems to require a password.  I have about 200 passwords to manage, what a pain!  I can’t begin to ...

HIPAA Compliance is a Business Decision

A couple of weeks ago, I was talking with a technology vendor who is starting to move into the healthcare space. Their technology isn’t used in the creation or manipulation of patients’ protected health information (PHI), but they do store information on behalf of healthcare organizations that could potentially include PHI. They wanted to know, “Are we required to comply with HIPAA?” Technically – yes. On the other hand, there are hundreds of healthcare organizations and healthcare vendors who act ...

The Most Common Mistakes in Cybersecurity are Preventable

Many of the issues we see in cybersecurity, whether you are in healthcare, retail, finance, etc., are by and large preventable. It is not about having a big budget or a large team of experts. No, some of it is just common sense. It is not unlike driving a car. When driving a car you take several basic, yet important, steps to try and lower your risk of an accident. You look both ways at a stop sign, you drive safely to avoid losing control, you keep your car in working condition, and just in case you are in ...

Don’t Click the Download Button!

I thought about naming this blog "Would the Real Download Link Expose Yourself."  But, a few people said that wasn't a great title.  Go figure!I'm sure you've visited a website to download something, maybe an image or install software or maybe some template to design a cool new flyer.  You've probably also clicked on a large green or teal or blue or some other lovely color button that said, "Download", only to find out it was an ad to some trash item you're not interested in nor do you want.  It ...

It is Time for Us to Take Control of Our Data!

The EquiFax breach really has me angry.  Mostly because I have no control over any aspect of this mess.  EquiFax scoops up data on all of us without our consent.  They seem unaccountable and untouchable.   With a last name like mine, I’ve had many opportunities to dispute incorrect data on my credit reports, which is always time consuming and irritating.  They make it known how unimportant you are and assume you are “guilty” unless you prove otherwise.  They collect data on all the people in th ...

PHISHING ALERT – DocuSign – Don’t click!

Heads up, everyone – our team has gotten phishing emails like this one posing as messages from DocuSign.DON’T CLICK unless (a) the message is from someone you know and (b) is a message and document you were expecting.If you receive too many documents via DocuSign to remember if you were expecting the message/document or not, take these precautions: ·         Hover your mouse over the Download link. ·         Carefully read the url that appears. ·         If the ...

Thank Goodness! NIST says, “No more difficult passwords!”

Just when you thought all hope was lost of remembering your 16 character password with upper and lower case letters, numbers, and special characters; NIST comes to the rescue. That's right!  The National Institute of Standards and Technology wrote a brief addendum to SP 800-53 which simplifies Strength of Memorized Secrets.  You and I refer to those "secrets" as passwords.  It's a light read, only 50 or 60 pages.  I don't really know because I didn't want to print it and kill four trees.  Anyway, the ...

Congress Addresses Medical Device Vulnerabilities

The Medical Device Cybersecurity Act of 2017 was introduced on August 1, 2017 by Senator Richard Blumenthal (D-CT).  The new bill is intended to improve the security of medical devices and increase transparency. If passed, it would make healthcare organizations aware of the cyber capabilities of devices and the extent to which those devices have been tested.  Is this another law adding burden to a strained healthcare industry or a vital piece of legislation designed to protect the public?  Let’s se ...

World War III via Pacemakers

We're all smart enough to know the U.S. and the American way of life is under continuous threat by terrorist and underdog countries.  What we probably don't think about is ways those countries are fighting us on a regular basis.  It's not with bullets and bombs; it's with cyber crimes!  They have already stolen Federal employee information, including those employees' health records.  Foreign governments have incriminating evidence on many of these people's private lives. Do you remember the Allison ...

Healthy Skepticism – Your Best Cyber Defense

It's no longer news that most of us are uber-connected. We use phone apps for weather, meditation, mapping, games, travel, texting, and more.  Online management of home devices, including thermostats, coffee makers, and alarm systems make it possible for us to remotely control many aspects of our lives. These technologies offer previously unthinkable convenience – and a great deal of risk to their owner's physical and information security.Healthcare, too, is becoming more connected for all the s ...

1 2 3