LuxSciLuxSci
be Smart.
be Secure.
Phone: 800-441-6612
sales@luxsci.com
support@luxsci.com

Your Guide to a HIPAA-Compliant Website

Published: July 25th, 2016

The digitally savvy Internet user knows to check and see whether a website is secure before passing along any personal information like credit card numbers. TLS (SSL) certificates and encryption help keep hackers at bay by adding an extra layer of security to the typical website, preventing prying eyes from seeing information transmitted to and from the website. The need for website security also applies to HIPAA compliance when it comes to healthcare websites. Many doctors’ offices and healthcare companies want to keep up with the digital trend—and for good reason. Having a place online where individuals can apply for prescriptions, schedule appointments, and even get consultations is invaluable for both the patient and doctor. It saves everyone time, and it’s easier and more convenient than making a trip to the doctor’s office. But if there’s a breach of HIPAA regulations, even an unexpected or unintentional one, the cost and penalties can add up fast.

HIPAA-compliant website

Whether you’re building a new website for your healthcare company or seeking to make an existing site fully compliant with HIPAA standards, there are plenty of straightforward ways to ensure you have your bases covered. Here’s a quick overview of what makes a website HIPAA-compliant today, what to watch out for, and what best practices to maintain.

Read the rest of this post »

Your Guide to HIPAA-Compliant Email

Published: July 21st, 2016

Questions surrounding HIPAA-compliant email and how to email safely are pervasive. As the healthcare sector becomes more technologically savvy, both patients and medical staff are becoming comfortable with conferring over email. Patients are looking to receive their health information quickly and directly to their email inboxes, which they can then access from anywhere. There’s also a huge time-saving benefit to emailing a physician to ask about a medication prescription refill, or to email a doctor’s office to inquire about an appointment. Likewise, staff rely on email systems amongst themselves to exchange patient information or to simply communicate. There are even some insurance companies that are recognizing and covering online consultations as “telemedicine.” It’s all a part of keeping healthcare more convenient and effective for everyone.

However, as convenient as email may be, it raises a number of red flags when it comes to HIPAA-compliance. Before you engage in healthcare-focused emails from patient to healthcare clinic or vice versa, find out how to ensure your email correspondence remains HIPAA-compliant.

HIPAA-compliant email

Read the rest of this post »

SSL versus TLS – What’s the difference?

Published: July 19th, 2016

SSL versus TLS

SSL TLSTLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications and servers in scenarios where that data is being sent across an insecure network, such as checking your email (How does the Secure Socket Layer work?). The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1. With this said though, is there actually a practical difference between the two?

See also our Infographic which summarizes these differences.

Read the rest of this post »

HIPAA-compliant Dropbox: Secure File Sharing at LuxSci

Published: July 13th, 2016

Want to set up a public dropbox for sharing sensitive files but still remain HIPAA-compliant?  This is now a snap for anyone with a HIPAA-compliant LuxSci account.

LuxSci has long provided online cloud-based secure file storage and sharing via its Documents WebAide service, which is included with all accounts as part of our suite of collaboration tools (calendars, tasks, address books, files, notes, links, password libraries, and user groups).  Now, in addition to being able to share files internally with other users, groups, and accounts, LuxSci customers can securely share files with anyone on the Internet.

How to Share

There are many ways to access the dialog box used for sharing WebAides with others.  Here is one:

Read the rest of this post »

SMS is Broken and Hackers can Read Text Messages. Never use Regular Texting for ePHI.

Published: June 23rd, 2016

Security firm Positive Technologies has published a report (see their overview of attack on one time passwords and PDF of the SS7 security problems) that explains how attackers can easily attack the protocols underlying the mobile text messaging networks (i.e. the Signaling System 7 or “SS7” protocol).  In their report, they indicate how this makes it easy to attack the two-factor login methods and password recovery schemes where a one-time security code is sent via an insecure text message.

Devices and applications send SMS messages via the SS7 network to verify identity, and an attacker can easily intercept these and assume identity of the legitimate user.

SMS is Insecure due to SS7 protocol

Read the rest of this post »

Email Archival is Better than Ever: Migration Plan for Old Customers

Published: June 16th, 2016

For the past five months, new customers who have purchased email archival from LuxSci have been getting the excellent archival services of our new partner, Sonian.  LuxSci changed archival partners after it was announced that McAfee’s email filtering and archival services were at their “end of life.”

The new Sonain service has turned out to be vastly superior to that which was available through McAfee. In the end, everyone will be able to take advantage of a superior archival solution.  This article discusses some of the benefits of Sonian Archival, as well as how we are migrating old customers from McAfee to Sonian and what they should expect.

Read the rest of this post »

How to breach your HIPAA-compliant email in 5 minutes while getting coffee

Published: June 9th, 2016

Who knew that a quick cup of coffee could lead to the report of a HIPAA beach to the Secretary of Health and Human Services … and a bad day, overall.

Here is what happened:

Read the rest of this post »

Dedicated Server Management Interface

Published: June 1st, 2016

LuxSci has just introduced a new user interface for dedicated server customers.   The dedicated server management interface allows customers to view real-time and historical information about their server performance and capacity, enables iptables firewall management, and places certain system management commands in the hands of account administrators.

Insight into server health and metrics is important for capacity planning and for diagnosing and resolving performance issues.  The system metrics and reports exposed in the dedicated server management interface were previously only available to LuxSci support staff.  Now, account administrators can access this same information on demand and perform tasks such as server reboots, apache restarts, and firewall edits when needed without the assistance of technical support.

Read the rest of this post »

Anti-virus scanning for files uploaded through your Web forms with SecureForm

Published: April 22nd, 2016

If you have a web form that allows end users to upload files, then you may be placing yourself at risk.  End users can upload virus-laden files or malware through these forms.  Opening such files can place your computer at risk — especially if your computer does not itself have real-time anti-virus scanning enabled, that scanning software is old or not well designed, or it is not updating itself frequently.

LuxSci SecureForm form data processing now automatically scans all uploaded files for viruses in real time.  If a virus or malware is detected, the form submission will be automatically blocked.  Current SecureForm users are automatically protected by this service.

Defense in depth is an important security measure.  Multiple barriers, multiple scans, and multiple checks all help to protect your systems.  If you are accepting arbitrary files over the Internet, have them scanned immediately on upload.  Have them scanned again when you access them using your own computer’s anti-virus system.  We are in the days where viruses do not just slow down your computer, they encrypt and lock away all of your data and/or put your identity up for sale.  You need to take as many precautions as possible to minimize your possible exposure to threats and the risk to your business.

How do I fix the reputation of my IP address?

Published: April 19th, 2016

It happens — you’re sending email messages without issue, and then suddenly they’re not being delivered, or they’re being tagged as spam.  A little digging reveals that the problem is that your “IP reputation” is now poor, and you need to fix it somehow.

This is our latest “Ask Erik” question, from Angelo Correa or Living Legacy, Inc.

How do I fix the reputation of my IP address?

What is IP Reputation?

Email service providers (e.g. AOL, Gmail, LuxSci) and email filtering systems (e.g. Barracuda, McAfee, Proofpoint, SenderScore) collaborate on and track the sending of unwanted email in order to reduce the blight of email spam that continues to plague the Internet.  Some of the significant factors that they track include:

  1. Quantity of email sent from your IP address
  2. The spam-like characteristics of these messages (based on spam filter analysis)
  3. The number of spam complaints by recipients of these messages
  4. The number of messages sent to invalid recipients or honey pots. Honey pots are email addresses that do not belong to real people and only exist as traps for senders who have acquired these email addresses via web site scraping or some other illegitimate manner.

Put together, these factors end up determining the reputation of that IP address with respect to the sending of email messages.  If the reputation becomes poor, then spam filters will start to quarantine or reject your messages, resulting in poor deliverability.

Read the rest of this post »

• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 BlackBerry
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries