" email Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci

Posts Tagged ‘email’

Are you Prepared for Disaster? Business Continuity Planning for Email Outages

Friday, February 9th, 2018

It happens to everyone who uses any email service: suddenly your email is no longer working.  If it’s just for a few minutes or some scheduled time at night, it’s usually no big deal.  However, if it’s in the middle of your work day and you rely on email, you may have a big problem.

Email can go down. Are you prepared?

What do you do if your email stays offline for 5 minutes … 10 minutes … an hour … and you don’t know when it is coming back?

Read the rest of this post »

Ask Erik: Is this email fake? How can I tell?

Thursday, December 28th, 2017

In a recent “Ask Erik” question, Eve asked:

“I received a copy of an email that someone claims they sent to me. They did not forward this apparent email they claim they sent to me. Rather they copied and pasted it into a current email.

However, I did not receive this email, and in all honesty this apparent copy of this email looks fake. I believe I could easily create this type of fake email myself. So, is there a way of telling whether someone has faked an email which they claim they sent to you? And, should I insist that the original email they claim they sent to be is forwarded to me and not copied and pasted?”

Read the rest of this post »

Cybersecurity: How To Keep Your Business Secure in 2018

Thursday, December 21st, 2017

Interview with Erik Kangas, CEO of LuxSci

December 21st, 2017.


Stacey: Welcome to today’s episode of Technology Security Insight Series. I’m Stacey Riska, marketing director at LuxSci. Today we’re gonna be talking about cyber security and what your business can do to keep your data and communications secure. Now, there have been a lot of stories about malware, ransomware, cyber threats, phishing, cyber security, and no one is better able to address those topics than our guest today, CEO of LuxSci, Erik Kangas. Welcome, Erik. How are you?

Erik: Hi, Stacey. It’s great to be here today.

Read the rest of this post »

Ask Erik: Is misaddressed email a HIPAA breach?

Friday, December 8th, 2017

Read the rest of this post »

Should I click on this crazy looking URL?

Thursday, November 2nd, 2017

Read the rest of this post »

A Comparison of Email Backup Policy of Popular Email Services

Wednesday, November 1st, 2017

Do you use email backup in your practice? Make a smart choice by comparing the backup policies of popular email solution providers.

Privacy concerns are constantly rising especially following the revelations by Edward Snowden. Now, the big question is “Do the popular email services in the US retain your data forever?” In order to find an appropriate answer, we examined the email backup policies of 7 popular providers.

Data breaches and privacy concerns make headlines for they have a direct impact on an individual’s private life. Going by the news of mass surveillance by government authorities, it is natural for you to be extra cautious about protecting your privacy. After all, nobody wants to get exposed although a bit of exhibitionism resides in each of us.

Email backup and restore solutions

The US government is pressing technology giants to reveal what they have in their “box” (or your inbox). Apple reported that it received the highest number of security requests for data from the US government this year.

Considering the “attacks” from both the government and hackers, it is imperative for you to learn how these email services ensure that your data remain safe.

Read the rest of this post »

What exactly is ePHI? Who has to worry about it? Where can it be safely located?

Friday, September 15th, 2017

There is often a great deal of confusion and misinformation about what, exactly, constitutes ePHI (electronic protected health information) which must be protected due to HIPAA requirements.  Even once you have a grasp of ePHI and how it applies to you, the next question becomes … where can I put ePHI and where not?  What is secure and what is not?

We will answer the “what is ePHI” question in general, and the “where can I put it” question in the context of web and email hosting, and SecureForm processing at LuxSci.

Read the rest of this post »

DMARC: The State of Domain-based Email Authentication – Part 2

Monday, September 11th, 2017

Building a safer email ecosystem with DMARC

In our previous post, we described two techniques for authenticating an email sender:

  • Sender Policy Framework (SPF), IETF RFC 7208, which verifies if the sending MTA is indeed authorized to send mail on behalf of a domain; and
  • DomainKeys Identified Mail (DKIM), IETF RFC 6376, where a domain shows “ownership” of a mail it sends by signing portions of it so that critical aspects cannot be forged by intermediaries.

Like most technologies, these are just individual weapons in the arsenal for fighting phishing and spam. Weapons, like all tools, need to be properly used if they are to be effective. Unfortunately, as we described in the earlier post, both SPF and DKIM are deployed in a manner that reduces their usefulness. With SPF, the validation policy set by the sender is often chosen in a manner that leaves handling authentication failures at the discretion of the recipient. DKIM, on the other hand, does not even have an explicit policy directive set by the sender. Moreover, in a heterogeneous mail environment, some perfectly legitimate MTAs might not be capable of signing messages.

Building a safer email system with DMARC

Thus, receivers in actual deployments tend to “soft fail” any SPF and/or DKIM validation failures as there are reasonable situations when legitimate mail can fail such checks. A common example is forwarded mail (which fails SPF), or mail sent via a mailing list (which fails DKIM). Mail providers consider it better to deliver most mail (even if some are fake or spammy) rather than risk dropping legitimate mail. Thus, neither of these techniques individually or combined provide clear guidance to receivers, and the resulting actions can be inconsistent.

Read the rest of this post »

Is email message transport over MAPI or HTTPS secure?

Tuesday, September 5th, 2017

Our latest “Ask Erik” question involves understanding what email headers save about secure message transport … especially when they list MAPI or HTTPS instead of TLS.

Read the rest of this post »

HIPAA Compliance and Emails: A View from the Trenches

Monday, August 28th, 2017

We have scoured the internet for real-life examples on the use of emails in medical scenarios, the better to be able to convince our readers of the points we have made in past posts about the perils and pitfalls of using unsecured emails for communications. Email is one of the oldest (some even refer to it as “legacy”) tools in our always-connected, digital world. However, its use between patients and their medical providers and amongst doctors and their business associates can be fraught with issues that may violate the provisions of the Health Insurance Portability and Accountability Act (HIPAA).

The HIPAA privacy rules require covered entities and their business associates to protect patients’ health information from unauthorized disclosure. The HIPAA security rules do not mandate specific technologies or prohibit others. In fact, HIPAA

“…allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply reasonable safeguards when doing so.

An imperfect understanding of patients’ privacy concerns, lack of proficiency in using computers or access to them, misguided policies on usage – all these play a part in HIPAA privacy breaches. The consequences of such breaches can be quite burdensome for the medical provider.

HIPAA-compliant email

In a previous post, we provided some data on HIPAA-related complaints filed with the US Health and Human Services’ (HHS) Office of Civil Rights (OCR). There were 350 breaches of unprotected health information involving 500 or more individuals reported in the last two years to the HHS and under investigation by OCR. 75 of these had their origin in email, with half this number involved in unauthorized access or disclosure.

Medical providers often forget (or might even be unaware of) “reasonable safeguardsthat can easily be implemented to prevent emails from leaking information that patients might consider as compromising their privacy. By analyzing some real life examples of how email is used (well, actually misused) in practice, we hope this post can convince you of reasonable safeguards that can make email a useful and efficient part of your workflow while conforming to HIPAA.

Read the rest of this post »