" email Archives - Page 4 of 9 - LuxSci

Posts Tagged ‘email’

Email Data Breaches Are the Most Common Incident Location According to OCR Data

Monday, November 4th, 2019

Email data breaches were the most common incident location listed in breach notification data from the Office of Civil Rights, a subbranch of the Department of Health and Human Services. From the first of June, 2019 until the time of writing, 178 different breaches had been reported to the authorities.

Of these breaches, 69 involved email as their “Location of Breached Information”. In total, these email-related breaches affected almost 850,000 individuals – that’s almost a million people who had their data exposed or stolen due to either hacking or improper use. All in just six months.

Email data breaches were the clear frontrunner, with network servers following a reasonable distance behind them as the second most common location of breached information. Network servers were involved in 54 of the cases.

So what do these figures tell us?

Email Is Still the Weakest Link in Security & Data Breaches

If the OCR data reveals that email is the most common location of data breaches in recent times, then it insinuates that we have major issues in our approach to using email.

The data doesn’t necessarily mean that email technology is inherently less secure than network servers or the other incident locations – the results may be caused by how ubiquitous email is for communication, how easy it is for hackers to trick us over email, or how cavalier our attitudes are towards it.

However, the data does indicate that email is still a major source of problems, and we need to take the necessary steps to minimize its role in the cavalcade of data breaches we seem to experience.

Preventing Email Data Breaches

Data breaches are a concern for all businesses, because they can result in business disruption, damage a brand’s reputation, and result in huge compensation costs as well as fines.

This is especially true for organizations in the health sector and their business associates who deal with ePHI. Not only is the data they possess valuable and attractive to hackers, but they are also governed by strict HIPAA laws and the harsh penalties that come alongside them.

This makes email data breach prevention incredibly important for those both inside and outside of the health sector. The good news is that there are several things businesses can do to reduce the risks they face.

One of the first steps should be to adopt a secure email service like LuxSci’s HIPAA-compliant email hosting. Our solution offers a high degree of security configuration options that help organizations protect their data according to their own unique needs. These include support for PGP, S/MIME, portal pickup and TLS, providing protection for email both in transit and in storage.

LuxSci’s premium email filtering also helps to stop attackers from ever making their way into employee inboxes, preventing them from gaining footholds that they can use to cause email data breaches.

Although the OCR’s notification data doesn’t go into depth, it’s likely that many of the affected businesses either weren’t using secure email software, or were using it inappropriately. Our HIPAA-compliant service can help to cut down on the risks that organizations face, reducing the likelihood of them ending up on the OCR’s list in the future.

While the majority of email data breach incidents in the OCR figures were due to hacking, some were the result of unauthorized access or disclosure. These acts are often overlooked, but they still contribute to costly and disruptive breaches.

LuxSci’s email hosting can help to cut down on accidental email data breaches because we offer features like opt-out encryption. When our clients enable it, it means that their employees have to actively opt-out when they don’t want encryption to protect a message.

This almost completely eliminates incidents where employees simply forget to encrypt sensitive data. They would have to go out of their way to do so, which makes opt-out encryption a simple way for organizations to reduce the risks they face.

Email data breaches are one of the huge risks that businesses face in our internet age. Thankfully, there are straightforward steps that organizations can take to minimize them, which helps to save money in the long run. LuxSci’s email service is just one of them. We also offer a wide range of other secure services such as hosting and forms.

Tags: data breach, email
Posted in Email data breach, HIPAA Email Compliance, LuxSci Library: HIPAA
No comments »

Do Healthcare Marketing Emails Have to Be HIPAA-Compliant?

Friday, July 26th, 2019

Healthcare is a competitive business! A well-thought-out marketing strategy can help you outshine your competition, but providers must keep compliance in mind when considering email marketing for healthcare.

Many organizations have substantial email lists of their clients and wonder how they can utilize them to increase patient engagement. Marketing professionals may strongly suggest email communications, but it is essential to understand the HIPAA restrictions around email marketing for healthcare before starting a campaign.

So, do healthcare marketing emails have to be HIPAA-compliant? It’s an important question to ask and one that’s not precisely clear-cut because the answer is dependent on the context.

Does the Marketing Email Contain Protected Health Information?

Email marketing for healthcare is subject to HIPAA regulations if the emails contain “protected health information” that is “individually identifiable.” The term “protected health information” refers to any data relating to a person’s health, treatment, or payment information, whether in the past, present, or future.

Under this definition, some examples of PHI may include:

Is the Information Individually Identifiable?

If information is individually identifiable, it can somehow be linked to the individual. There is a long list of identifiers that include:

  • Names
  • Addresses
  • Birthdays
  • Contact details (like email addresses)
  • Insurance details
  • Biometrics

The final entry in the official list of possible identifiers is “Any other characteristic that could uniquely identify the individual,” so this concept is all-encompassing.

Do Your Marketing Emails Need to Comply?

If both conditions are met, then the email needs to be sent in a HIPAA-compliant manner. If it doesn’t, your organization may be safe. Before you rush to start an email campaign, you need to be careful. The edges of HIPAA can be blurry, and it is best to proceed cautiously.

Let’s take this example. A clinic comes across a study that recommends new dietary supplementation for expectant mothers. It decides that it could use this information not just to help mothers-to-be but also to bring in new business. The clinic then sends out an email to all expectant mothers with details from the new study, asking them to make an appointment if they have any further questions.

Everything should be above board, right? Well, maybe not. Because the email was only sent to expectant mothers, it infers that everyone in the group is an expectant mother, which means that it could be considered protected health information. Each email address is also considered individually identifiable information.

With both of these characteristics in place, it’s easy to see how this kind of email could violate HIPAA regulations. If the email had been sent to every member of the clinic, then it might not be viewed as violating HIPAA. This approach wouldn’t single out the women who were pregnant (though it might single you out as a former patient of that clinic and could also imply things about past/present/future medical treatments). It might seem unlikely, but these situations occur all the time. 

Even if most of your organization’s emails don’t include PHI, sending them in a HIPAA-compliant manner is wise. It is easy to make a mistake and accidentally include ePHI in a marketing email. When you consider the high penalties of these violations, ensuring that all of your emails are sent securely is a worthwhile investment.

How Can You Make Email Marketing for Healthcare HIPAA-Compliant?

If your healthcare organization sends out marketing emails, it is crucial to ensure that they are sent in a HIPAA-compliant manner. The best approach is to use an email marketing platform designed specifically for health care, such as LuxSci’s HIPAA-Compliant Secure Marketing platform.

Your organization must sign a HIPAA Business Associate Agreement with any service provider you work with. Using the appropriate encryption, access controls, and other security mechanisms is essential to protect ePHI. Be sure to vet your email provider thoroughly, and remember signing a BAA is not enough to ensure compliance. 

Tags: email, email marketing, email security, ePHI, hipaa, hipaa compliance
Posted in HIPAA Marketing, LuxSci Library: HIPAA
No comments »

Email Delivery Status Tracking …. for successes, failures, and bounces of all kinds

Tuesday, July 10th, 2018

LuxSci automatically tracks the delivery status for all email messages sent via SMTP, WebMail, and the LuxSci API. This report indicates whether or not the messages were successfully delivered to each recipient’s email servers, if they failed to be accepted there for some reason, or they are still queued at LuxSci. For many purposes, this automatic delivery status tracking is more than sufficient.

A standard automatic delivery tracking process has one limitation. For the case where an email message is successfully delivered to the recipient’s servers but then later it bounces back to the sender, the message will show as “delivered” (because it was) and there will be no indication of the subsequent bounce.

The optional “Automatic SMTP Bounce Processing” feature takes care of this situation.

Read the rest of this post »

Tags: bounce, email, hard bounce, soft bounce
Posted in HIPAA Marketing
No comments »

GDPR & Email: 10 Critical Questions & Answers for Compliance

Thursday, May 24th, 2018

GDPR, the General Data Protection Regulation which asserts and enforces protections on the personal information of EU citizens is on everyone’s minds these days. This is because it impacts any company anywhere in the world that interacts with citizens of the European Union (EU), even if that only means sending email messages to them. The kicker … if you are found to be in non-compliance you could earn yourself a fine of 20 million euros or 4% of your gross annual revenue, whichever is higher.

As an email security company, we receive a lot of questions around the intersection of email and GDPR. There is a whole lot of confusion out there and ambiguity in the regulations. In this post, we answer 10 of the most prominent and important questions on GDPR and email that we have seen. The answers are at times surprising and even enlightening.  However, if you are unaware of the answers to these questions, you are almost certainly out of compliance with GDPR.

Read the rest of this post »

Tags: compliance, email, EU, GDPR
Posted in LuxSci Library: Security and Privacy
No comments »

Are you Prepared for Disaster? Business Continuity Planning for Email Outages

Friday, February 9th, 2018

Unexpected email outages happen to every email user. It is not a big deal if it is just for a few minutes or some scheduled time at night. However, if it is in the middle of a workday and employees rely on email, it may be a big problem.

planning for email outages

What do you do if your email stays offline for five minutes, ten minutes, or an hour, and you don’t know when it is coming back?

Read the rest of this post »

Tags: backup, business continuity, email, email archival, high availability, load balancing, message continuity, server, zero trust
Posted in Business Solutions, Email Archival
No comments »

« Older Entries
Newer Entries »