Call Us Today! 877-659-2467 contactus@arismedicalsolutions.com

Author: Suze Shaffer

Suze Shaffer is the owner and president of Aris Medical Solutions. She specializes in HIPAA compliance, risk management, and cyber security. She believes that by educating her clients in understanding why and what needs to be done to protect their practice they have a better outcome. Suze has been instrumental in helping clients nationwide with risk management, implementing privacy and security rule policies and procedures, and ultimately protecting patient data. She includes state and federal regulatory requirements to ensure clients are protected in all areas. She has spoken at numerous conferences and functions. She continues to educate organizations how to minimize the risks of data breaches. HIPAA compliance is not an option, it is mandatory for every organization that comes in contact with protected health information to have reasonable and appropriate security measures in place. Unfortunately, most organizations don’t realize they are not compliant until they suffer a data breach or they are faced with an audit or investigation. Did you know that the Office for Civil Rights (OCR) is the agency that investigates data breaches? Have you seen the heavy fines that have been imposed for non-compliance? All 50 states now have their own set of privacy laws and the State's Attorney General may also investigate privacy violations!

Phishing & Piracy Reminders

Posted bySuze Shaffer

 

By Aris Medical Solutions

 

Most people try to do their best to avoid phishing scams but sometimes we do not even know it is happening!

For instance, criminals could be reading your emails to find out who you are, who you talk to, but more importantly… who you do NOT talk to.

This recently happened to a business I know. One of the corporate partners had his email infected with malware and was being “watched”. Once the criminals figured out who talked to who and who they did not talk to, they made the “phone” call. It went something like this:

Hi Sally, it’s Fred at ABC company. Frank, your CEO, asked me to call you to let you know that the $50K transfer has been approved. Here is the routing information you need.
Thanks! Have a nice day!

Sally had never actually talked to Fred and didn’t know his voice. Frank and Fred are known business associates. They knew who Sally was and what was her job function. They also knew that Frank commonly gave Sally financial instructions. She trusted him and never questioned his requests.

Make sure you have appropriate procedures in place. Had this company had a protocol in place, that required Frank to sign off on any wire transfers or distributions, this would not have happened.

At your next staff meeting, discuss your procedures and make sure this doesn’t happen to you!

Contact Aris Medical Solutions at 877.659.2467 or click here to find out how we can protect your organization.

“Protecting Organizations through Partnership, Education, and Support”

Small Medical Practices are Huge Targets!

Posted bySuze Shaffer

 

By Aris Medical Solutions

 

Many organizations have the attitude that they are too small to be a target for a data breach. Just because you don’t hear about small and medium sized practices being targeted doesn’t mean it is not happening.

Most medical practices are busy treating patients and are not aware of the severity behind this type of threat. Since small and even medium sized practices do not have the infrastructure in place to protect their data, they are a larger target than think. Data breaches can go undetected for months, if not years since they are not watching for it. For instance, if a Pediatric Practice is hacked, those social security numbers can be used for years before it will be discovered.

Many business associates are also targeted because they have access to medical records in different manner. Again, small and midsized organizations that do not have appropriate safeguards in place can wreak havoc in a medical environment. So what can you do?

First of all, conduct a Security Risk Analysis to understand what are your vulnerabilities. This is critical in order to mitigate risks.
Next, have a network security audit performed. Even if you access your data in the cloud and not through an onsite server, you can still be hacked.
Invest in monitoring your network. Know who is accessing your data.
TRAINING IS A MUST! Your employees can be your best asset or your largest liability.

Not only is this required under HIPAA, it is considered best practice in protecting patient data.

Contact Aris Medical Solutions at 877.659.2467 or click here to find out how we can protect your organization.

“Protecting Organizations through Partnership, Education, and Support”

©2025 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC