Understanding Blockchains (and Bitcoin) – Part 1: Concepts

Published: November 3rd, 2017

It is the rare person these days who has not heard of blockchains, if only vaguely and very likely in connection with its implementation in that sensational crypto-currency Bitcoin.  While Bitcoin has been around since 2009, its recent valuations and the speculative market around it have motivated many to try and better understand its inner workings and possibly mimic those to create alternative crypto-currencies. Having missed the Bitcoin boat, entrepreneurs and speculators hope they can get an early start on the next big thing.

The Bitcoin market momentum has led, in recent years, to a great deal of interest in the underlying technology – the distributed ledger called a blockchain, and the eco-system of peer entities that verify, maintain and grow it. Leading companies from different industries as diverse as banking, entertainment, transportation, education, government and many others have started to find in blockchains something that they can use to improve operational efficiency while cutting intermediary costs.

Bitcoin and blockchain

Recent news on the use of blockchains in the medical domain have caught our attention. We suspect many readers of the LuxSci FYI blog have also had their interest similarly piqued. However, such news items are almost always high level and offer very little insight into what is actually being done. To probe further requires understanding something about blockchains through its recent manifestations, particularly the version used in a system called Ethereum. (Ethereum, as we shall see in a later post, is an advance over the Bitcoin ecosystem, borrowing many of its architectural principles while expanding on the usage scenarios.)

To help our readers make sense of such news, particularly those related to the use of blockchain technology in a medical setting, we are providing a multi-part series of blog posts describing the blockchain, using examples of crypto-currencies such as Bitcoin and Ethereum to illustrate how it maintains an immutable record of the states of a system over time, and how new applications can be built on top of such systems.

At the end of this series of posts, having exposed the basic technical foundation, we will describe how blockchains are being used in various industry scenarios, especially medical ones as well as related areas such as identity management, auditable record keeping and data sharing. We hope that after reading these posts, our readers will be able to make better sense of news articles of the sort we referred to earlier.

This first post will describe the concepts behind a blockchain, using Bitcoin as the example. We will explain at a conceptual level, avoiding detailed technical descriptions in this post unless absolutely essential. The next post will fill in all the technical details. Read the rest of this post.

Should I click on this crazy looking URL?

Published: November 2nd, 2017

Read the rest of this post.

A Comparison of Email Backup Policy of Popular Email Services

Published: November 1st, 2017

Do you use email backup in your practice? Make a smart choice by comparing the backup policies of popular email solution providers.

Privacy concerns are constantly rising especially following the revelations by Edward Snowden. Now, the big question is “Do the popular email services in the US retain your data forever?” In order to find an appropriate answer, we examined the email backup policies of 7 popular providers.

Data breaches and privacy concerns make headlines for they have a direct impact on an individual’s private life. Going by the news of mass surveillance by government authorities, it is natural for you to be extra cautious about protecting your privacy. After all, nobody wants to get exposed although a bit of exhibitionism resides in each of us.

Email backup and restore solutions

The US government is pressing technology giants to reveal what they have in their “box” (or your inbox). Apple reported that it received the highest number of security requests for data from the US government this year.

Considering the “attacks” from both the government and hackers, it is imperative for you to learn how these email services ensure that your data remain safe. Read the rest of this post.

How to Enhance EHR Security for Small Businesses

Published: October 30th, 2017

Using a few added security services, small and medium businesses can run affordable EHR systems without worry. Find your options. 

Whether your practice uses a thousand-dollar EHR (Electronic Health Record) or free software, security should be your primary concern. Small and medium businesses (SMBs) are not financially equipped to pay a large sum for expensive EHR systems. Moreover, the software from large vendors may not exactly meet the requirements of SMBs. For these reasons, SMBs often rely on less expensive options.

This is arguably a smart move from an economic point of view. But what about security of health information in electronic health records? Do these systems fully comply with regulatory requirements including HIPAA? Is there a way to enhance the security of EHR using other means?

EHR Security for Small Business

No doubt, the government requires every EHR vendor to follow basic security measures like encryption (during storage) and access control. However, these might not be enough to prevent a sophisticated attack. Moreover, a number of processes during the use of an EHR can still be open to an attack. For example, texting, videoconferencing (video telehealth), sending or receiving email etc.

As per HIPAA, EHR vendors become business associates only when they have access to the health information. Simply put, if they host your data, they have to comply with all the requirements just like the covered entities. However, those vendors who merely sell software do not need to sign a business associate agreement (BAA).

Read the rest of this post.

Don’t Make Me Change My Passwords!

Published: October 27th, 2017

2017 NIST changes affect the need to require period periodic password changes…yay!

Read the rest of this post.

WordPress & HIPAA – can these coexist?

Published: October 23rd, 2017
For a deep dive, see our white paper: Securing WordPress

As we discussed in an earlier post, WordPress, despite its vulnerabilities, is the world’s most popular content management system for both blogging and creating web sites.  It is popular because it is quick to set up, easy to administer, with a very large choice of plugins for add-on functionality, and themes for making the sites look good.  As a result, many LuxSci customers use WordPress in one fashion or another for their web sites hosted at LuxSci.

As LuxSci caters to a large segment of customers who have specific compliance needs, specifically HIPAA compliance, we are frequently asked about using WordPress in a medical provider setting. Given the information about WordPress vulnerabilities, the question usually asked is whether a site created using WordPress can secure access to electronic protected health information (ePHI) in a way that meets the requirements of the HIPAA-HITECH regulations.

WordPress for HIPAA-compliant sites?

Such questions are reasonable because although WordPress has many great features that make it quick and easy to get a web site running, it is still a third-party tool which is not specifically designed to conform to HIPAA standards. When using any third-party software, you should be aware of the associated risks that are out of your control. Vulnerabilities in WordPress can disrupt your site’s availability, perhaps even lead to a breach of protected and private information. Even if it is the WordPress software that’s at fault, the responsibility for any security lapses still falls on the site owner.

However, it is not all doom and gloom. The short answer to the question posed in the title of this post is “yes”. It is possible with care to build a site with WordPress (including plugins and themes) that is secured in a way that meets the requirements of the HIPAA security rules. The remainder of this post will discuss how this might be achieved. Read the rest of this post.

Encrypted Messaging App: A Comparison of the Top 7 Apps

Published: October 20th, 2017

An encrypted messaging app ensures that real-time communication is secure. Compare the security features of top apps and know your alternatives.

The need for encrypted messaging apps continues to climb, especially after the shocking revelations by Edward Snowden. Instant messaging (IM) offers a more convenient and more real-time mode of communication compared to email. Moreover, IM is better than SMS (regular texting) when it comes to security.

Encrypted Messaging Apps: How Secure Are They?

However, not all the messaging apps are created equal. In fact, the level of security varies significantly among the available apps. You ned to be able to differentiate a great encrypted messaging app from a merely good one. If you are looking for an encrypted messaging app for health information exchange, HIPAA-compliance should be your first priority.

This article compares the features, particularly the degree of security, among the top encrypted messaging apps. Also, you will learn what other options are available. Read the rest of this post.

Securing WordPress sites

Published: October 17th, 2017
For a deep dive, see our white paper: Securing WordPress

We have written posts describing WordPress vulnerabilities and the methods hackers use to exploit these. In this post, we describe steps by which a web site owner can mitigate the risks of using WordPress as a content management system. After all, it cannot be denied that WordPress remains the most user-friendly tool for creating and managing both large and small websites, as shown by its enormous adoption rate.

Making WordPress Secure

There is a very rich literature describing WordPress vulnerabilities and ways to harden a system against exploits. Here we distill some of these learnings into a practical guide for WordPress-based web site owners. We specifically have in mind small to medium-sized medical practices that wish to use WordPress to create (or maintain) their online portal for patients. In a future post, we’ll describe how such steps can meet HIPAA-HITECH guidelines for safeguarding electronic protected health information (ePHI).

We describe these steps in a layered way – starting at the bottom with the hosting server infrastructure, before moving to the WordPress platform itself and other applications. Read the rest of this post.

Demo of LuxSci SecureText

Published: October 16th, 2017


See how LuxSci SecureText works from the sender and recipient perspectives.

Free Trial

Encrypted Flash Drive: Why You Need One and What Are Your Options

Published: October 13th, 2017

Encrypted flash drives offer a convenient way to carry digital information. What are your options if you don’t want to carry one? 

A small portable storage device that fits your pocket and budget is surely a treat. But what about security threats? How would you ensure the data is safe? These are a few critical questions that you should answer before you decide to carry sensitive information on the flash drives. One good (not great!) way to safeguard your data is to use an encrypted flash drive.

Are encrypted Flash Drives safe?

The reason why use of an encrypted flash drive (also called encrypted USB drive) is not a really great security measure is that no single measure is enough to prevent increasingly sophisticated cyber attacks.

In this article, you will learn the risks of non-encrypted drives, how you can encrypt a drive and what are the other security alternatives are available. Read the rest of this post.