Two factor vs Two Step Authentications

By Aris Medical Solutions

HIPAA Username and Password

Sometimes these terms are interchanged which is is not exactly correct. Let us explain the difference!

Two factor authentication is typically a username AND a password. This can also be explained as who you are and something you know.

Two step is using two different types of authentication like a username and password PLUS a one time code that is text to your phone. Some providers permit the use of a fingerprint to authorize the second step.

The use of a security word is also used as a second step type of authentication so you need to be very careful about posting any type of personal information on social media. Aris suggests when the security question asks for your mother’s maiden name, make up a name! Just don’t forget what name you used!

No matter what type of the second step authentication that is offered, it is best to select whatever is offered because although a username and password is the most common type of authentication, it is also easily compromised.

People who work within the Health Care sector are heavily targeted since the type of data they access is very valuable on the dark web. Anyone who works with patient information or for a company that provides services to a medical facility can be targeted. Again, special care must be taken to ensure that patient information is not compromised.

First step in protecting patient data is conducting a HIPAA Security Risk Analysis. Know where your data is and understand how to protect it. Secondly, make sure you have a full set of Privacy and Security Policies and Procedures. Members of your staff need to know how important protecting patient data is and understand what they need to do to accomplish this.

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

DynA-Crypt Ransomware is worse than the others!

 

By Aris Medical Solutions

 

Karsten Hahn who is a GData malware analyst discovered this ransomware called DynA-Crypt. Larry Abrams at Bleepingcomputer alerted the world about this new type of ransomware. Thanks to them, we know about this and must be diligent in protecting our information.

This new strain is even more dangerous and destructive than the others. This malware not only encrypts your data, but also takes screenshots of your active desktop, login commands that you type, and even records system sounds from your computer. It will even steal information from Skype and Chrome. While this vicious attack is encrypting your computer, stealing your information, it is also deleting your files.

This would be considered a major HIPAA data breach and not only will you lose everything, you will have to report this to your State and Federal authorities under the Breach Notification Laws.

Make sure your anti-virus and anti-malware is up to date and verify it is an enterprise version. Although this is not specifically stated under HIPAA, it is considered reasonable and appropriate. If you never have this happen to you, the HIPAA Police is not going to penalize you. However, if this does affect your practice or organization and you do not have reasonable and appropriate safeguards in place, you will be fined and penalized.

Everyone in your organization should be made aware of this new attack and remind them NOT open any file attachments OR click on any links in ANY email unless you are absolutely sure it is safe. Best practices is to open your browser and go directly to the company’s website to check on anything you receive in an email. Also be VERY careful trusting emails from friends. If YOUR email is hacked, they will spoof a name in your contact list and send an email back to YOU. They hope that since you know this person you will open the email. If you receive an email that asks you to click on a link or open a file, look carefully at the FULL email address, more than likely is NOT your friends email. Keep in mind, it still could come from their actual email address. Always call or text them and ask if they sent this to you.

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting Patient Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

Default passwords- why you need to change them!

 

By Aris Medical Solutions

 

Home security cameras and baby monitors are making the news again about being hacked. This is nothing new, we have been telling people for years to change the default passwords on ALL your technology devices. Anyone can Google your device or IP address and they can get your default password. HIPAA requires that you have reasonable and appropriate safeguards in place to protect patient data. This includes updating and changing technology as needed.

For example all I had to type in Google was “Default password for Netgear”, and this is what I found:

For most NETGEAR devices (except ReadyNAS/ReadyDATA products and Fully Managed Switches), the default username and password are: Username (all models) = admin. Password (current models) = password. Password (very old models) = 1234. Aug 9, 2015

If you use any security cameras, Google “IP Camera Default Usernames Password and IP Addresses”. I found a website that lists ALL CAMERAS!

I highly recommend that you walk around your home and office and make a list of all your technology devices and Google them. If you can find a default password on the internet; so can everyone else. If you do not know how to change the password, we suggest hiring someone to do this for you. Otherwise you could simply remove the password all together!

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting Patient Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

Background Check Requirements

 


By Aris Medical Solutions

 

The state of Indiana expanded the requirements for background checks to include national criminal history checks on employees and owners of home healthcare and personal services facilities.

The previous law required only a limited criminal history check. A limited criminal history contains only felonies and class A misdemeanor arrests within the state of Indiana. The expanded criminal history check includes history of all counties and states where the person lived. The national criminal history check contains information from all state and federal jurisdictions.

Employers must request a national criminal history check within three days of a new employee’s commencement of work, and owners cannot employ someone to provide services in a patient’s residence for more than 21 days without receipt of the results of the check. Employers must complete a national criminal history check on all new hires, and no employee without the check can serve patients in their residences. Owners, officers, and managers are also subject to the criminal history check. Convictions of rape, certain exploitations, or criminal deviate prohibits anyone from owning a facility or working in patient care. This history check must cover the person’s lifetime and it not limited to a certain time frame or number of years. This exclusion also applies to anyone that failed to report the crime or was convicted of theft within the last 10 years.

Although this law does not include “medical practices”; Aris still recommends a background check on all staff members. More than likely we will see more states amend their laws and they may include all of healthcare. If you are not doing so, it is time to review your Workforce Clearance Procedures.
Here are some websites to assist you:
https://www.intellicorp.net/marketing/home.aspx

https://www.fadv.com/healthcare

https://www.backgroundchecks.com/

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting Patient Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

Small Medical Practices are Huge Targets!

 

By Aris Medical Solutions

 

Many organizations have the attitude that they are too small to be a target for a data breach. Just because you don’t hear about small and medium sized practices being targeted doesn’t mean it is not happening.

Most medical practices are busy treating patients and are not aware of the severity behind this type of threat. Since small and even medium sized practices do not have the infrastructure in place to protect their data, they are a larger target than think. Data breaches can go undetected for months, if not years since they are not watching for it. For instance, if a Pediatric Practice is hacked, those social security numbers can be used for years before it will be discovered.

Many business associates are also targeted because they have access to medical records in different manner. Again, small and midsized organizations that do not have appropriate safeguards in place can wreak havoc in a medical environment. So what can you do?

First of all, conduct a Security Risk Analysis to understand what are your vulnerabilities. This is critical in order to mitigate risks.
Next, have a network security audit performed. Even if you access your data in the cloud and not through an onsite server, you can still be hacked.
Invest in monitoring your network. Know who is accessing your data.
TRAINING IS A MUST! Your employees can be your best asset or your largest liability.

Not only is this required under HIPAA, it is considered best practice in protecting patient data.

Contact Aris Medical Solutions at 877.659.2467 or click here to find out how we can protect your organization.

“Protecting Organizations through Partnership, Education, and Support”

©2022 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC