Call Us Today! 877-659-2467 contactus@arismedicalsolutions.com

Tag: HIPAA compliance

Healthcare is a huge target!

Posted bySuze Shaffer

 

By Aris Medical Solutions

 

Things may seem wonderful since a new year is beginning; please don’t forget that many things remain the same.

For instance…
Healthcare is targeted in many ways. Do your employees know how to spot a phishing email or a potential virus? Most phishing expeditions and viruses are delivered right to your inbox! Did you know that nearly 90% of all ransomware attacks were on healthcare? A new report by Check Point software’s researchers states that Ransomware plague earns $2 million, while only 0.3% victims pay up. With this much money that is being made, more and more criminals are creating Ransomware. What would you do if one of your employees clicked on a link and downloaded a virus or your system was encrypted by ransomware?

Today, we are extremely busy and the criminals know this. It is so easy to spoof another company’s logo and create a phishing email or worse; a ransomware infection. What can you do? First and foremost you must continually educate your staff on what to look for and how to avoid making costly mistakes.

Here are some things to watch out for:

  1. Emails that claim your account has been compromised and you need to call a toll free number immediately. Lookup the number for the company and call them on that number and not the number supplied in the email. If you call the number that is supplied, either you will to talk to a real criminal and they try to get information from you or your credit card number. The other way is you get stuck in a voicemail holding pattern and then your number is programmed in and they call you back and try the same scam.
  2. Emails that claim your package (FEDEx / UPS / USPS) or payment (IRS / Bank / Credit Card) was not delivered, and you need to click on an attachment or a link.Open your browser and go directly to the company’s website, do not click on anything in the email.
  3. Phone call that advises you there is new software upgrade or virus and offers a free scan on your computer. Do not permit anyone access to your computer unless they have been verified by the company they work for and you know who they are.
  4. Fake apps that look like the real stores. Watch for apps that do not have a lot of reviews or bad reviews. Do not click on a link to download an app, go to the app store. Even then be careful, although Apple and Google use algorithms to detect, some have slipped through! Do not give out too much information and try to avoid adding any credit card numbers to apps. Read the permissions on all apps before downloading. If it is asking for more than is needed, do not download even though it sounds like a great app. Many apps contain malware to steal your information. If you connect your portable device to your office network, it can steal information from there as well.

Remember, most scams have a sense of urgency to prevent a negative consequence. Also, as the old saying goes… if it sounds too good to be true, it probably is. Always think before you react!
For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

It’s not just HIPAA, think about the FTC!

Posted bySuze Shaffer

By Aris Medical Solutions

Federal Trade Commission Logo

All of you know and follow the HIPAA regulations, but you also need to make sure you follow the Federal Trade Commission (FTC) guidelines as well. The Department of Health and Human Services (HHS) released an article explaining about the requirements.
HIPAA involves the Privacy of an individual and FTC Act prohibits companies from engaging in deceptive or unfair acts or practices in or affecting commerce. Keep in mind if you use a third party, you also need a business associate agreement in place. Anytime you share patient information outside of treatment, payment, or healthcare operations (TPO), you must have a written authorization from the patient. Organizations can not mislead patients about what is happening with their health information. The manner in which you share their information must be clear, concise, and written in plain language so they understand.

To read the entire article: https://www.hhs.gov/hipaa/for-professionals/special-topics/HIPAA-ftc-act

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

October is National Cyber Security Month

Posted bySuze Shaffer

 

By Aris Medical Solutions

magnifying glass laptop scam

This annual campaign is to raise awareness about cyber security. We live in a world that is more connected than ever before. The Internet touches almost all aspects of everyone’s daily life, whether we realize it or not. National Cyber Security Awareness Month (NCSAM) is designed to engage and educate public and private sector partners through events and initiatives to raise awareness about cyber security, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident.

https://www.dhs.gov/national-cyber-security-awareness-month

Did you know… that 2 out of 3 people have experienced a tech scam within the last 12 months?

Did you know… nearly 1 in 10 people have paid money to a scam?

Do not let anyone you do not know gain access to your computer… Scammers call people and either offer them a free scan or tell them there is a new virus out and they are probably infected. These scammers almost always have the sense of urgency and try to pressure you to “Do-it-Now”.
Don’t do it! Most of us are the ones that allow the scammers in. Either by answering the phone or clicking on a link in an email. Social engineering is at an all time high and WE are the ones that are giving OUR money away!

Add security to your login… passwords are the most common authentication tools used today, and they are the easier to hack. Always use a two-step authentication process whenever it is offered. There are many solutions available. Biometrics, security keys, and one time use codes that are text to your cell phone.

Did you know… you can pick up malware by merely visiting a website? Covered Entities and Business Associates have to be especially diligent in keeping their network systems clean and protect patient data. HIPAA Compliance begins with solid HIPAA Policies and Procedures but it also includes Technical Safeguards that are needed.
Here are some suggestions to help keep your network clean and safe:

  • Limit administrative privileges to those who really need it and only sign in as the administrator when needed
  • Limit users to specific work hours and block after hours usage if possible
  • Perform a network security audit at a minimum annually
  • Perform routine physical inventory and ensure unauthorized devices are not connected to your network or computers
  • Keep anti-virus and anti-malware software up to date
  • Web surfing should not be permitted with any device that accesses or stores Protected Health Information (PHI)
  • Change default passwords on all technology devices

This excerpt was taken from the Office for Civil Rights (OCR):

Did you know that your file transfer protocols may be particularly vulnerable to cyber-attacks?
FTP (file transfer protocol) is a standard network protocol used to transfer computer files on a computer network. A type of data storage device, called a network-attached storage (NAS) device, started becoming victim to a serious type of malware which exploited the FTP service available on FTP servers, including FTP services available on NAS devices, beginning this year. NAS devices connect to a computer network and provide a way to access data for a group of persons or entities.

According to a recent report by Softpedia, Sophos, a computer security firm, gathered telemetry data that indicated 70 percent of a certain vendor’s NAS devices connected to the internet were infected with a malware variant called Mal/Miner-C (also known as PhotMiner). Sophos researchers claim that out of 7,000 of these NAS devices connected to the internet, 5,000 were infected with this malware by cybercriminals who also collected $86,000, in cryptocurrency like bitcoin and monero, from cryptocurrency mining related to this attack.

Allegedly, the malware variant appeared in the beginning of June 2016. A report revealed that the malware was targeting FTP services, such as those available on NAS devices, and spreading to new machines by attempting to conduct brute-force attacks using a list of default credentials. Also, the researchers claim that a design flaw regarding the use of public folders on certain NAS devices permitted the Miner-C malware to more easily copy itself to the public folders.

The Mine-C or PhotoMiner (the malware) tricks users by copying files to the public folders that resemble a standard Microsoft folder icon. Once the user clicks on the folder, s/he activates the malware variant, and it installs the malware on the victim’s laptop, desktop, or other computing device. The malware allows cybercriminals to generate cryptocurrency (i.e., bitcoins, monero) by “mining”. Cryptocurrency mining exploits computer processing power to solve difficult math problems. Essentially, attackers are rewarded with cryptocurrency for the amount of math problems they solve.

This type of malware can affect an information system’s performance by eating up a system’s computing power, and slowing down other system processes.
For more information on how Aris Medical Solutions can help your organization call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

HIPAA investigations to include breaches fewer that 500 patient records

Posted bySuze Shaffer

By Aris Medical Solutions

The Office for Civil Rights announced in August they would be working with their Regional Offices to more widely investigate the causes of breaches that affects less than 500 patient records. The Regional Offices will use their own discretion to prioritize which breaches to investigate.

Some of the factors they will be considering include:

  1. The number of records affected
  2. Intrusions of the IT systems
  3. The sensitivity of the data
  4. Whether the data was unencrypted or disposed of improperly
  5. Number of breaches from the same entity including business associates
  6. The lack of reported breaches when comparing similar situations with specific covered entities and business associates

Here are some helpful tips to avoid data breaches:

  • Confirm fax numbers and email address BEFORE sending.
  • Do not permit ANYONE access to your systems without confirming their identity and verifying they are still employed with that particular company.
  • Do not click on links in emails, instead, open your browser and go to the website.
  • Make sure all accesses to ePHI utilizes strong passwords, preferably passphrases.
  • Change your passwords/phrases at least every 90 days. This includes your EHR, PM software, workstation operating system, and email access.
  • If a two-step authentication is available, make sure it is engaged.
  • Use encryption whenever possible, depending on the operating system you use, it may be FREE!
  • Request a network security audit to be performed that includes remediation.
  • Do not retain records longer than necessary, why have that exposure if it is not required!
  • Make sure everyone involved with Patient Data is HIPAA Compliant.

As we mentioned last month, enforcement of HIPAA is here and you must ensure that if you are audited or investigated you have all of the appropriate documentation in place. Remember… if it is not documented, it doesn’t exist!

If you are one of the many organizations that simply do not have the time to do this, you are not alone. We offer a full range of services from a Do-It-Yourself HIPAA program to a Full HIPAA Implementation package. Call Aris at 877.659.2467 or click here to schedule a demo.

HIPAA Enforcement is HERE!

Posted bySuze Shaffer

 

By Aris Medical Solutions

I am sure you have seen the recent HIPAA fines from the Office for Civil Rights (OCR). HIPAA enforcement is like never before and the fines are fierce. We knew this day would come and it has.

We are encouraging all medical practices and business associates to make sure you have all of your HIPAA compliance policies, procedures, and documentation implemented. When you are audited is not the time to discover you forgot something. The OCR is not being very kind.

When you are reviewing your HIPAA policies and procedures and deciding whether or not to implement the “Addressable” standards, be careful. Addressable is NOT optional; you must have reasonable and appropriate safeguards in place. Since there is not enough case law on record, this is a gray area. Just be careful you do not fall into the big black hole! Also, do not skip over any “Required” standards. These are required no matter what size your organization is.

We are seeing fines like $750K for neglecting to have a Business Associate Agreement (BAA) in place before data was released and a $650K fine for a lost IPhone that was not encrypted. Make sure you not only have BAAs in place but the business associate is in fact HIPAA compliant. This the responsibility of each practice. HIPAA enforcement is here and it is not going away anytime soon.

If you are one of the many organizations that simply do not have the time to do this, you are not alone. We offer a full range of services from a Do-It-Yourself HIPAA program to a Full HIPAA Implementation package. Call Aris at 877.659.2467 or click here to schedule a demo.

“Protecting Organizations through Partnership, Education, and Support”

©2024 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC