If my web site is very simple, do I have to worry about HIPAA compliance?

Published: March 24th, 2017

We received this questions via Ask Erik from a Physicians’ Association:

“Our company website does not contain any patient information.  As a healthcare group, do we need to worry about HIPAA compliance for our site? It contains forms, news and some company polices and procedures but no patient information whatsoever. Thank you.”

Thank you for your question!  Here, we delve into how you can answer this for your site.


Read the rest of this post »

Think you know how to protect yourself from phishing? Think again.

Published: March 22nd, 2017

This year kicked off with a sophisticated phishing scam that fooled users and cybersecurity experts alike. Users were giving away their passwords to scammers through a seemingly legit Gmail login page. The scam had all the markers of a legitimate email, including the appearance that it was sent from a known sender.

There are many articles out there about the warning signs of phishing scams. We know the rules: Don’t click on URLs you don’t know, beware of emails that sound urgent or feel pressuring, etc. The reality is that many of these tips aimed to protect against phishing attacks would not have worked in the case of the Gmail attack.


Gmail’s spam filters already capture many emails that display common signs of scamming (formal language, unknown senders, etc.). However, phishing scammers and hackers, in general, are becoming more sophisticated in their techniques. A greater understanding of security will help you keep up with hackers in 2017. Here we’ll dive into the details of what made the Gmail scam so unique and address some sophisticated phishing scam avoidance tips you can start trying out today.

Read the rest of this post »

How To Encourage Patient Consent To Email Marketing Without Feeling Slimy

Published: March 20th, 2017

If email marketing is known to produce results across a variety of industries, why do some professionals feel uncomfortable with it?  Why do they feel “slimy”?  It is not uncommon for people to feel hesitant to engage in email marketing because it somehow feels “wrong” to them.    There are several factors at play in this limiting belief; in this article, we shall shed light on them to help dispel this feeling so that you can confidently get to work and grow your business, knowing that you are actually helping others.

Email Marketing

Read the rest of this post »

What Do the CIA Vault 7 Leaks Mean for Your Business?

Published: March 17th, 2017

Vault 7, the WikiLeaks release of CIA cyber intelligence documents, has been one of the biggest news stories of the past month. Now that the dust has settled and the media hype has died down, we can finally go through the leaks in a rational way and understand their real world implications.

Vault 7 CIA Leaks

Read the rest of this post »

Should your web site database have its own dedicated server?

Published: March 15th, 2017

It comes down to security and reliability.  Should your web site be on one server (or a cluster of servers) and your database be on its own dedicated server (or servers)?  What are the pros and cons?  Is it worth the expense?  We shall delve into these business-critical questions in this article.

Dedicated Databases for Secure Web hosting

Lets look at the security and reliability impact of the various common configuration choices.

Shared Hosting

In a shared hosting environment, generally, your web site and database are hosted on the same server as the web sites and databases of many other businesses (and hackers…?) unknown to you and outside of your control.

Read the rest of this post »

WordPress Security Overview: Can WordPress be HIPAA-compliant?

Published: March 13th, 2017

WordPress is a content management system that dominates the internet, powering more than 24% of the web. Although it has many great features that make it quick and easy to set up, the complications associated with HIPAA standards can make it difficult to achieve compliance. WordPress has recovered from a checkered past as far as security is concerned, but it is still a third party tool which is not specifically designed to conform to HIPAA standards.

WordPress Security

Read the rest of this post »

17 Questions To Ask Yourself Before You Send A HIPAA-Compliant Marketing Email

Published: March 10th, 2017

You’ve just been told that you need to rethink your entire email marketing system. Your attorney and compliance specialist are both telling that you need implement HIPAA-compliant email marketing.

Your starting point is to break down that goal into two components: business goals and HIPAA compliance. Your email marketing has to achieve your business goals like providing fast customer service and generating more appointments. Next, you need to put HIPAA compliant systems and processes in place.

Use these 17 questions to review your email marketing aligns with your business goals and HIPPA.

HIPAA-compliant email marketing

Read the rest of this post »

iOS vs Android in the Battle of Bring Your Own Device to Work Security

Published: March 6th, 2017

Bring Your Own Device (BYOD) policies are on the upswing, with many organizations embracing them for the perceived cost savings and productivity gains. Allowing employees to bring and use their own devices for work purposes generally means that they are more comfortable and efficient at using them. It also saves businesses from purchasing and replacing devices as technology progresses.

BYOD policies aren’t exactly a win-win situation for enterprises, as these benefits come with a range of security complications. One of the biggest questions is which operating system is better, Android or iOS?

iOS or Android?

Despite Android dominating the rest of the market, in a 2015 survey (the latest reliable data) iOS dominated the enterprise scene with 66% of devices. Although there aren’t any more recent figures that can be trusted, Android’s security issues over the last few years may have acted as a deterrent for uptake in the business environment.

Android is open source in nature, while iOS is closed source. While there are benefits to each of these approaches, Android’s nature has seen it develop more significant security issues than its rival OS.

Another key issue that Android faces is its fragmentation across the market. Six months out from its release, Android’s latest version, Nougat, has seen little more than a 1% adoption rate. About 31% of users are still using the previous version, Marshmallow, while about the same number again are using the version before that, Lollipop. iOS 10 was released at a similar time, however it is already used on 76% of devices.

This is largely due to Android being used across devices from a wide range of manufacturers, including many budget models. Each manufacturer can add their own software to their Android devices, which results in security complications that Apple doesn’t have to deal with. Apple only has to worry about its own devices, which makes it much easier to deploy the latest versions of their operating system.

Read the rest of this post »

Why Are Hackers Targeting Your Medical Records?

Published: March 2nd, 2017

Medical record theft is booming. Over the past few years, large scale breaches have become more common and increasingly severe. Last year in June, a hacker named thedarkoverlord was selling 650,000 US healthcare records as part of a long-running crime spree. The collection was listed on a deep web marketplace called the Real Deal for over $700,000 worth of Bitcoin.

A cancer treatment provider called 21st Century Oncology had 2.2 million patients records compromised in late 2015. The stolen data included patient names, the names of their doctors, social security numbers, insurance information, diagnoses and treatments. The company was required to notify all of the affected patients and they have also offered free credit protection for one year as partial compensation. 

This is just the tip of the iceberg. According to Bitglass, 113 million Americans were affected by healthcare data breaches in 2015. This is almost 10 times more than the previous year. The IDC’s Health Insights group predicted that one in three patients would be the victim of a breach in 2016. This trend is likely to continue or even intensify over the coming years.

Read the rest of this post »

eBook: HIPAA-compliant Website Basics

Published: February 27th, 2017

What healthcare organizations need to know about HIPAA-compliant web sites

Book 2 in the LuxSci Internet Security Series.

Created by Erik Kangas, PhD

This LuxSci eBook is your well-researched guide to both a critical understanding of the specific issues and concepts of HIPAA as it applies to web sites, so that you stay compliant with these government standards. This document will provide a framework for your health care organization to keep the privacy of patient information front and center while still having an engaging web presence. Providers will have the necessary tools to meet all requirements established by HIPAA for access to, storage of, and transmission of protected health information (PHI) through web sites.

This eBook includes sections on:

  1. Introduction
  2. What are HIPAA-compliant web sites?
  3. HIPAA-compliance for WordPress
  4. What is HIPAA-compliant web site hosting?
  5. Components of a solid web site hosting infrastructure
  6. Finding a HIPAA-compliant provider
  7. What are HIPAA-compliant web forms?
  8. Informing developers of HIPAA requirements
  9. Conclusion

Download the eBook