The digitally savvy Internet user knows to check and see whether a website is secure before passing along any personal information like credit card numbers. TLS (SSL) certificates and encryption help keep hackers at bay by adding an extra layer of security to the typical website, preventing prying eyes from seeing information transmitted to and from the website. The need for website security also applies to HIPAA compliance when it comes to healthcare websites. Many doctors’ offices and healthcare companies want to keep up with the digital trend—and for good reason. Having a place online where individuals can apply for prescriptions, schedule appointments, and even get consultations is invaluable for both the patient and doctor. It saves everyone time, and it’s easier and more convenient than making a trip to the doctor’s office. But if there’s a breach of HIPAA regulations, even an unexpected or unintentional one, the cost and penalties can add up fast.

Whether you’re building a new website for your healthcare company or seeking to make an existing site fully compliant with HIPAA standards, there are plenty of straightforward ways to ensure you have your bases covered. Here’s a quick overview of what makes a website HIPAA-compliant today, what to watch out for, and what best practices to maintain.

Read the rest of this post »

Questions surrounding HIPAA-compliant email and how to email safely are pervasive. As the healthcare sector becomes more technologically savvy, both patients and medical staff are becoming comfortable with conferring over email. Patients are looking to receive their health information quickly and directly to their email inboxes, which they can then access from anywhere. There’s also a huge time-saving benefit to emailing a physician to ask about a medication prescription refill, or to email a doctor’s office to inquire about an appointment. Likewise, staff rely on email systems amongst themselves to exchange patient information or to simply communicate. There are even some insurance companies that are recognizing and covering online consultations as “telemedicine.” It’s all a part of keeping healthcare more convenient and effective for everyone.

However, as convenient as email may be, it raises a number of red flags when it comes to HIPAA-compliance. Before you engage in healthcare-focused emails from patient to healthcare clinic or vice versa, find out how to ensure your email correspondence remains HIPAA-compliant.

Read the rest of this post »

SSL versus TLS

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications and servers in scenarios where that data is being sent across an insecure network, such as checking your email (How does the Secure Socket Layer work?). The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1. With this said though, is there actually a practical difference between the two?

See also our Infographic which summarizes these differences.

Read the rest of this post »

Want to set up a public dropbox for sharing sensitive files but still remain HIPAA-compliant?  This is now a snap for anyone with a HIPAA-compliant LuxSci account.

LuxSci has long provided online cloud-based secure file storage and sharing via its Documents WebAide service, which is included with all accounts as part of our suite of collaboration tools (calendars, tasks, address books, files, notes, links, password libraries, and user groups).  Now, in addition to being able to share files internally with other users, groups, and accounts, LuxSci customers can securely share files with anyone on the Internet.

How to Share

There are many ways to access the dialog box used for sharing WebAides with others.  Here is one:

Read the rest of this post »

Security firm Positive Technologies has published a report (see their overview of attack on one time passwords and PDF of the SS7 security problems) that explains how attackers can easily attack the protocols underlying the mobile text messaging networks (i.e. the Signaling System 7 or “SS7” protocol).  In their report, they indicate how this makes it easy to attack the two-factor login methods and password recovery schemes where a one-time security code is sent via an insecure text message.

Devices and applications send SMS messages via the SS7 network to verify identity, and an attacker can easily intercept these and assume identity of the legitimate user.

Read the rest of this post »

For the past five months, new customers who have purchased email archival from LuxSci have been getting the excellent archival services of our new partner, Sonian.  LuxSci changed archival partners after it was announced that McAfee’s email filtering and archival services were at their “end of life.”

The new Sonain service has turned out to be vastly superior to that which was available through McAfee. In the end, everyone will be able to take advantage of a superior archival solution.  This article discusses some of the benefits of Sonian Archival, as well as how we are migrating old customers from McAfee to Sonian and what they should expect.

Read the rest of this post »

Who knew that a quick cup of coffee could lead to the report of a HIPAA beach to the Secretary of Health and Human Services … and a bad day, overall.

Here is what happened:

Read the rest of this post »

LuxSci has just introduced a new user interface for dedicated server customers.   The dedicated server management interface allows customers to view real-time and historical information about their server performance and capacity, enables iptables firewall management, and places certain system management commands in the hands of account administrators.

Insight into server health and metrics is important for capacity planning and for diagnosing and resolving performance issues.  The system metrics and reports exposed in the dedicated server management interface were previously only available to LuxSci support staff.  Now, account administrators can access this same information on demand and perform tasks such as server reboots, apache restarts, and firewall edits when needed without the assistance of technical support.

Read the rest of this post »

If you have a web form that allows end users to upload files, then you may be placing yourself at risk.  End users can upload virus-laden files or malware through these forms.  Opening such files can place your computer at risk — especially if your computer does not itself have real-time anti-virus scanning enabled, that scanning software is old or not well designed, or it is not updating itself frequently.

LuxSci SecureForm form data processing now automatically scans all uploaded files for viruses in real time.  If a virus or malware is detected, the form submission will be automatically blocked.  Current SecureForm users are automatically protected by this service.

Defense in depth is an important security measure.  Multiple barriers, multiple scans, and multiple checks all help to protect your systems.  If you are accepting arbitrary files over the Internet, have them scanned immediately on upload.  Have them scanned again when you access them using your own computer’s anti-virus system.  We are in the days where viruses do not just slow down your computer, they encrypt and lock away all of your data and/or put your identity up for sale.  You need to take as many precautions as possible to minimize your possible exposure to threats and the risk to your business.

It happens — you’re sending email messages without issue, and then suddenly they’re not being delivered, or they’re being tagged as spam.  A little digging reveals that the problem is that your “IP reputation” is now poor, and you need to fix it somehow.

This is our latest “Ask Erik” question, from Angelo Correa or Living Legacy, Inc.

How do I fix the reputation of my IP address?

What is IP Reputation?

Email service providers (e.g. AOL, Gmail, LuxSci) and email filtering systems (e.g. Barracuda, McAfee, Proofpoint, SenderScore) collaborate on and track the sending of unwanted email in order to reduce the blight of email spam that continues to plague the Internet.  Some of the significant factors that they track include:

1. Quantity of email sent from your IP address
2. The spam-like characteristics of these messages (based on spam filter analysis)
3. The number of spam complaints by recipients of these messages
4. The number of messages sent to invalid recipients or honey pots. Honey pots are email addresses that do not belong to real people and only exist as traps for senders who have acquired these email addresses via web site scraping or some other illegitimate manner.

Put together, these factors end up determining the reputation of that IP address with respect to the sending of email messages.  If the reputation becomes poor, then spam filters will start to quarantine or reject your messages, resulting in poor deliverability.

Read the rest of this post »