" security Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘security’

Protecting Your Account from Social Engineering

Tuesday, November 14th, 2017

LuxSci adds new technologies to protect your account from social engineering during support phone calls and chats.

Transcript

One of the biggest threats to your company’s security, its human error. Phishing attacks where people send email messages reporting to be from trusted sites that users click on and give away information. That’s the biggest threat. But what about social engineering?

Read the rest of this post »

WordPress & HIPAA – can these coexist?

Monday, October 23rd, 2017
For a deep dive, see our white paper: Securing WordPress

As we discussed in an earlier post, WordPress, despite its vulnerabilities, is the world’s most popular content management system for both blogging and creating web sites.  It is popular because it is quick to set up, easy to administer, with a very large choice of plugins for add-on functionality, and themes for making the sites look good.  As a result, many LuxSci customers use WordPress in one fashion or another for their web sites hosted at LuxSci.

As LuxSci caters to a large segment of customers who have specific compliance needs, specifically HIPAA compliance, we are frequently asked about using WordPress in a medical provider setting. Given the information about WordPress vulnerabilities, the question usually asked is whether a site created using WordPress can secure access to electronic protected health information (ePHI) in a way that meets the requirements of the HIPAA-HITECH regulations.

WordPress for HIPAA-compliant sites?

Such questions are reasonable because although WordPress has many great features that make it quick and easy to get a web site running, it is still a third-party tool which is not specifically designed to conform to HIPAA standards. When using any third-party software, you should be aware of the associated risks that are out of your control. Vulnerabilities in WordPress can disrupt your site’s availability, perhaps even lead to a breach of protected and private information. Even if it is the WordPress software that’s at fault, the responsibility for any security lapses still falls on the site owner.

However, it is not all doom and gloom. The short answer to the question posed in the title of this post is “yes”. It is possible with care to build a site with WordPress (including plugins and themes) that is secured in a way that meets the requirements of the HIPAA security rules. The remainder of this post will discuss how this might be achieved.

Read the rest of this post »

Securing WordPress sites

Tuesday, October 17th, 2017
For a deep dive, see our white paper: Securing WordPress

We have written posts describing WordPress vulnerabilities and the methods hackers use to exploit these. In this post, we describe steps by which a web site owner can mitigate the risks of using WordPress as a content management system. After all, it cannot be denied that WordPress remains the most user-friendly tool for creating and managing both large and small websites, as shown by its enormous adoption rate.

Making WordPress Secure

There is a very rich literature describing WordPress vulnerabilities and ways to harden a system against exploits. Here we distill some of these learnings into a practical guide for WordPress-based web site owners. We specifically have in mind small to medium-sized medical practices that wish to use WordPress to create (or maintain) their online portal for patients. In a future post, we’ll describe how such steps can meet HIPAA-HITECH guidelines for safeguarding electronic protected health information (ePHI).

We describe these steps in a layered way – starting at the bottom with the hosting server infrastructure, before moving to the WordPress platform itself and other applications.

Read the rest of this post »

WordPress: Massively Popular and a Big Target for Attackers

Wednesday, September 27th, 2017
For a deep dive, see our white paper: Securing WordPress

WordPress is the world’s most popular publishing platform, with a strong emphasis on usability and support of open web standards. It powers most of the largest content providers as well as millions of personal blogs. Its open source software, available at WordPress.org, can be downloaded to a suitable server and run as a standalone publishing platform, while ordinary users can quickly create personal sites as sub-domains of WordPress.com.

There’s no doubt that the statistics about WordPress are impressive: ~30% of the million most visited sites on the Internet run WordPress; at 52%, it far surpasses its nearest competitor (at a measly 6.3%) for the largest market share of content management systems; it powers 96% of blogging websites worldwide – we could go on and on, but we refer the reader to other sources for more numbers.

Wordpress is a massive target for hackers

But with such numbers come vulnerabilities. Its popularity makes it a conspicuous target for hackers. Not all hacking is in search of personal data or immediate financial gain. WordPress attacks serve as a fertile finishing school for hackers-to-be as well as provide access to resources that can be used for launching other types of attacks, such as search engine optimizations, ad injections, affiliate links, botnet attacks, etc. Consider some examples:

Read the rest of this post »

6 Essentials For Privacy and Security in Telehealth

Thursday, September 21st, 2017

HIPAA covers Telehealth but does this make it safe? Learn the measures that ensure patient safety and privacy while using a virtual doctor visit program. 

The rise of telehealth in healthcare has transformed patient-doctor interaction. Nonetheless, the privacy and security of protected health information (PHI) still remain a big question. These concerns make sense because a new technology, usually, comes with new challenges.

What is Telehealth?

Luckily, every problem comes with a solution. Thus, making a few smart choices can work wonders to keep the patient data protected.

Read the rest of this post »

SSL versus TLS – What’s the difference?

Wednesday, September 20th, 2017

SSL versus TLS

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are protocols that provide data encryption and authentication between applications and servers in scenarios where that data is being sent across an insecure network, such as checking your email (How does the Secure Socket Layer work?). The terms SSL and TLS are often used interchangeably or in conjunction with each other (TLS/SSL), but one is in fact the predecessor of the other — SSL 3.0 served as the basis for TLS 1.0 which, as a result, is sometimes referred to as SSL 3.1. With this said though, is there actually a practical difference between the two?

SSL versus TLS: What is the differenc?

See also our Infographic which summarizes these differences.

 

Read the rest of this post »

iPhoneX: How secure is facial recognition?

Thursday, September 14th, 2017

Read the rest of this post »

Technology Security: The Game Changer for All Business

Thursday, September 7th, 2017

In today’s reality, nation-states and their criminal partners can disrupt commerce and defenses in the free world from the safety and comfort of their computer desks. Their prime targets are not top-secret space weapons but everyday businesses and business systems, and healthcare organizations are just as vulnerable as any other industry. Hospitals, smaller providers, health plans, and business associates can all become targets of cyber-espionage, so it is up to every business decision-maker to understand the threats.

Cyber warriors target small and mid-sized businesses

Cyber-espionage against businesses is safer, easier and often more effective than targeting governments. Industrialized nations compete for world dominance in economic markets, so cyber-espionage is being used against businesses to gain competitive advantage.

Read the rest of this post »

How Come You Can Buy Groceries from Your Fridge, but You Can’t Vote on Your Computer?

Friday, June 30th, 2017

Technology sure has come a long way. The rise of computers and the internet has meant that we can conduct so much of our lives online. With Wi-Fi or mobile data, you can work on your laptop by the beach, do the weekly shopping on your phone and even find the life partner of your dreams through an app. One task that is notably absent is voting.

It seems like online voting would be a great idea. You could participate in democracy from the comfort of your couch, rather than having to march all the way down to the polling booth. Many believe that it would increase voter turnout as well, resulting in a more engaged democracy.

Some countries have dipped their toes in the waters of online voting and Estonia has cannonballed  in, but why don’t we do it in the US? While it may seem like a relatively straightforward process, online voting presents a range of technological and security challenges that the US isn’t quite ready to deal with.Online Voting

When you consider how important elections are, as well as how willing other nations are to influence elections, it is best to tread cautiously with online voting. After last years attacks on our election, it has become evident just how vulnerable the voting process is. While online voting may certainly be viable in the future, there are several obstacles that we need to traverse beforehand.

Read the rest of this post »

3 Things You Can Do Now to Protect Against the Latest Hacker Attacks

Tuesday, June 13th, 2017

It seems like major hacks are always in the news. Whether it is the vicious WannaCry ransomware that swept across the world or the constant stories about Russian hacks, we are being bombarded by increasingly devastating online threats. If you want to help prevent your organization from becoming the next in a long line of victims, you really need to start paying attention to your cyber security efforts.

A solid defense requires a comprehensive security policy that measures your assets against their risks and adapts as these things change. While an overall plan is important, there are several things you can do right now to bolster your security and help prevent the latest attacks:

Hacking Protection

Read the rest of this post »