" secure text Archives - LuxSci

Posts Tagged ‘secure text’

Engage Patients with Educational Messaging

Tuesday, March 15th, 2022

Educating patients about their upcoming medical procedures is an important part of building trust and increasing retention. Using digital technologies to educate patients is just one way to reinforce messaging and improve patient compliance. This article provides some examples of how to digitally engage with patients both before and after undergoing a medical procedure.

patient education

Read the rest of this post »

Are Prescription Notifications HIPAA-Compliant?

Tuesday, December 14th, 2021

It is common to receive calls and text messages from pharmacies reminding us that it is time to pick up or renew our prescriptions for drugs or other medical items. Have you ever wondered if these prescription notifications are HIPAA-compliant?

Just because every pharmacy seems to send them, it doesn’t mean they are aware of the compliance requirements. Let’s look into the context and learn how to remind patients of prescription refills and appointments securely.

prescription notifications hipaa compliant

Read the rest of this post »

Omnichannel Marketing For Healthcare

Tuesday, November 23rd, 2021

Omnichannel marketing is a relatively new strategy that can help healthcare marketers achieve success. Marketers need to leverage a variety of marketing tactics to reach and communicate with their patients. Omnichannel marketing involves the integration of digital channels and traditional media to provide a consistent and personalized experience across all channels to drive marketing success.

omnichannel marketing

Read the rest of this post »

What Is Smishing And How Can You Avoid It?

Tuesday, March 9th, 2021

You are probably familiar with smishing, even if you aren’t quite sure what it’s called or the underlying details. We’ve all received strange SMS messages along the lines of:

  • We’ve noticed suspicious activity on your account. Visit scamsiteabc.com/kkjdkjh if you did not make any recent purchases.
  • Congratulations! You’ve won a $500 Best Buy gift card. Click the link to redeem your prize scamsitexyz.com/ljhkjsfds

Of course, both of these messages are really just scams. They are a type of phishing conducted over SMS, hence the name Smishing. These smishing messages can look real—that’s the point. They are designed to trick the recipients into thinking that they are legitimate. They lead the recipients through a number of steps that ultimately result in them handing over sensitive details, such as their login details or banking information.

smishing title card

How Does Smishing Work?

Scammers collect a bunch of phone numbers and send out smishing messages in bulk to unwitting victims. These messages often appear to come from respected organizations, such as the recipient’s bank, or a major retailer. The exact details of the messages vary, but they generally try to elicit a quick response before the recipient has a chance to question it.

Common examples include offering prizes that may excite recipients or a warning that someone has attacked their account. The message prompts the recipient to take some immediate action. These actions can include:

  • Clicking a link – This is probably the most common example. These links will take you to a website that looks legitimate, but the details will be slightly wrong. For example, instead of the real URL, yourbank.com, the scam site may actually be yourbamk.com. At a glance it looks the same, but the scam site has no relation to your bank.
  • Contact an email address – Much like in the above example, the address can seem real, but it may have subtle differences, such as customerservice@yourbamk.com, instead of customerservice@yourbank.com.
  • Call a phone number – The number will not actually belong to the company, but a scammer impersonating the organization’s call center.

When these messages succeed and trick the recipients into taking the next step, they will be funneled deeper along in the attack. The recipient may be pushed to download malware onto their device, which can end up spying on them and stealing their sensitive information.

The other main tactic is to manipulate recipients into handing over their login details or banking information. One technique is to fake a security breach and have users re-enter their password on a fake login page. Just like that, scammers can take control of your account.

Other tactics include asking the recipient to update their account details, or to confirm their security questions and answers. This can ultimately give attackers the information they need to take control of the account.

Smishing is used to directly target individuals, or as an attack vector for penetrating deeper into an organization. If a smishing attack fools an employee, it can give these scammers access to the company’s systems. From this foothold, they can escalate their privileges until they reach their ultimate goal. This could be stealing valuable data or even accessing the company’s finances.

How Can You Avoid Smishing?

Individuals can avoid smishing by always being skeptical of text messages that ask them to visit a link, to email someone, or to call a number. They should use caution if they do not know the sender, or if the message sounds too good to be true.

Recipients should always double check the URLs, email addresses, and phone numbers to make sure that they belong to the company. You can check your prior correspondence with the company, or do a web search of the details alongside the company name to confirm. Compare the details in the smishing message against the official ones from the company, making sure to look closely for misspellings.

You can also check potential phishing sites against this database to see if it has already been reported. If you can confirm it is a smishing message, all you have to do is ignore it to stay safe. Do not even click the link, because it could infect your device. If you aren’t sure, contact the company via its official channels to check whether or not it is a scam.

Many companies have a blanket policy that they will never contact you by text asking you to update your account. If this is the case and you receive such a message, you can easily disregard it as a scam.

How Can You Defend Your Customers From Smishing?

If your company would like to be able to send URLs in its text messages without also opening the door to scammers, you can use a service like LuxSci’s SecureText. You can alert your customers that the only text messages you send will take them to the SecureText portal. As long as they check that the URL for the portal is correct, they will be safe to click the link. They can disregard any other messages purporting to be from your organization, because these will be scams.

From the SecureText portal, the recipient can enter their details to gain access to the message. The protective features of LuxSci’s SecureText allow organizations to send sensitive information via SMS, all in a HIPAA-compliant manner. With SecureText and a proper warning strategy, you can help protect your recipients from being tricked by smishing scams that seem to come from your organization.

Secure Texting: Communication’s Unicorn

Tuesday, March 5th, 2019

Does secure texting exist, or is it as elusive as a clear photo of bigfoot? To answer that question, we have to take a look at the main SMS (short message service) protocols.

The majority of the world’s texting is done using either the Global System for Mobile Communications (GSM), High Speed Packet Access (HSPA) or Long Term Evolution (LTE) standards. Under these systems, text messages are transmitted from devices to a short message service center. This center stores the messages and attempts to send them on to the recipients. If it cannot reach them, the messages are queued to be tried again later.

The Issues with SMS

The main problems with SMS messaging are that it is both unreliable and insecure.

The Reliability of SMS

Unfortunately, SMS messages are inherently unreliable. The sender does not know whether their message has been delivered, nor whether it has arrived on time. On top of this, messages can be completely lost, while others may only be received long after the were needed.

SMS Security Problems

SMS messages have issues with confidentiality and authentication, as well as a number of widely known security vulnerabilities.

Messages sent with GSM are only optionally encrypted between the mobile station and the base transceiver station. If they are encrypted, they use the A5/1 cipher, which is known to be vulnerable. This makes it possible for anyone with enough motivation to read the messages.

If that isn’t bad enough, the authentication process is also flawed. Users are authenticated by the network, but the user does not authenticate the network in return. This makes the user vulnerable to man-in-the-middle attacks.

You may think that you are safer if you use LTE, but renegotiation attacks can be used to force your phone to use GSM instead.

On top of this, there are also the dangers of SMS spoofing, sim swapping, and a variety of other security vulnerabilities. Since we can’t trust the encryption or authentication processes in SMS, it’s best to assume that any SMS you send can be intercepted and accessed.

As you can see, secure SMS is like a unicorn. It doesn’t exist, and you should never use the medium to transmit any sensitive or valuable information. Because of this, SMS messages should either be avoided or strictly controlled, particularly in tightly regulated fields like healthcare. All it takes is one message that accidentally contains ePHI, and your organization could be feeling the heavy hand of HIPAA penalties.

But I hear the term secure texting all the time…

That’s true, lots of providers refer to their offerings as secure texting. But the majority of these services aren’t using SMS. If they are, then they certainly aren’t secure and you should steer clear of anything to do with the company.

How Can Messages Be Sent Securely?

Although the standards used for SMS are lost causes, that doesn’t mean that you can’t securely exchange short written messages.

The answer? LuxSci’s SecureText.

LuxSci’s solution doesn’t send sensitive information over the standard protocols used for SMS, so you don’t have to worry about any of the security issues that surround SMS messaging.

SecureText transmits its data with TLS protection, stores its information with 256-bit AES, and data is never kept on the recipient’s device. Recipients use password-based authentication to access the information and messages are securely stored in LuxSci’s databases. Every step is safe and completely HIPAA compliant.

The best part? No one has to download yet another app to send or receive secure messages.

How Does SecureText Work?

The sender uses LuxSci’s SecureLine encryption service:

  1. They write their message in either LuxSci’s WebMail or their preferred email program.
  2. In the address field, the sender enter a special email address that is based the recipient’s phone number. For example an address of 2114367789@secure.text would send the message to a US recipient whose number is 211-436-7789. Once the sender is finished, they hit the send button.
  3. The recipient will receive a normal SMS that tells them a secure message is waiting for them. The message contains a link, which opens up their phone’s web browser:
  • If they have recently viewed another SecureText message, the new message will immediately be displayed.
  • If the recipient has used SecureText to view messages at an earlier date, they will need to enter their password before they can view the message.
  • If this is the recipient’s first SecureText message, they will need to set up a password before they can view the message.

The protected and HIPAA-compliant design of LuxSci’s SecureText makes it useful for sending ePHI in a range of different situations. It’s a great option for messaging without email.

It can be used to send appointment reminders, for general communication with patients, and to send real-time alerts that include sensitive information. All with none of the risk that comes from SMS messaging.

Want to discuss how LuxSci’s HIPAA-Compliant Texting Solutions can help your organization?  Contact Us