" sms Archives - HIPAA News, Web & Email Security Tips & News - Plus More | LuxSci
LuxSci

Posts Tagged ‘sms’

Demo of LuxSci SecureText

Monday, October 16th, 2017

 

See how LuxSci SecureText works from the sender and recipient perspectives.

Free Trial

Secure Text Message Marketing: Step By Step

Friday, March 31st, 2017

Many marketers are engaged in a mad scramble to make the most of social media platforms. Unfortunately, these channels have some major drawbacks. Unlike email and text messaging, social media communications generally lack the security and oversight controls required in regulated industries like health care. Secure text message marketing is an excellent addition to boost your marketing results even if you have to operate under heavy regulations.

Text Messaging

Read the rest of this post »

SMS is Broken and Hackers can Read Text Messages. Never use Regular Texting for ePHI.

Thursday, June 23rd, 2016

Security firm Positive Technologies has published a report (see their overview of attack on one time passwords and PDF of the SS7 security problems) that explains how attackers can easily attack the protocols underlying the mobile text messaging networks (i.e. the Signaling System 7 or “SS7” protocol).  In their report, they indicate how this makes it easy to attack the two-factor login methods and password recovery schemes where a one-time security code is sent via an insecure text message.

Devices and applications send SMS messages via the SS7 network to verify identity, and an attacker can easily intercept these and assume identity of the legitimate user.

SMS is Insecure due to SS7 protocol

Read the rest of this post »

Infographic: Texting in healthcare – a not-so-simple exchange

Monday, April 18th, 2016

Sending text messages between health care providers and patients is incredibly common but it is also generally a violation of HIPAA.  See: To Text of Not To Text.  Texting and healthcare.  This infographic covers when texting occurs and where the risk arises.

Texting in healthcare – a not-so-simple exchange

Texting in healthcare - a not-so-simple exchange

Read the rest of this post »

Are you encouraging insecurity via your Web site contact and intake forms?

Friday, April 15th, 2016

Many Web sites have “contact us” pages and other Web forms for receiving requests from existing or potential customers.  This includes “new patient intake” forms on the Web sites of healthcare providers.

 

The garden variety Web form suffers from several serious problems:

  • Spam – Getting unwanted form submissions from Web robots.
  • Privacy – Often, sensitive data is submitted insecurely through these forms.
  • Archival – You may need an archived record and backup of all submissions.
  • Notices – You may need to be alerted of form submissions, even if you are not online.

Proactive privacy vs. neglect of privacy

When your Web forms transmit data insecurely, store or send data insecurely, or otherwise to do not treat the data submitted with the level protection that it deserves, you are putting the users of your forms at risk.

The typical argument is that “it is up to the user of the forms to decide if they want to submit sensitive information.” In fact, many insecure forms even have disclaimers requesting people to not submit sensitive information if they have concerns … and then the forms go on to ask lots of sensitive questions.   Especially without a disclaimer, but even with one, the form is actively soliciting people to submit their information insecurely and requesting them to take risks with their private data.   This is not good.

In areas such as healthcare, where these forms are often collecting sensitive health data (protected health information – PHI), the fact that an organization solicits the submission of PHI through insecure, non-HIPAA-compliant means is far from a “best practice”.  Why?

Read the rest of this post »

SecureChat: HIPAA-Compliant Chat and Texting at LuxSci

Sunday, February 15th, 2015

LuxSci is pleased to announce the availability of SecureChat, a secure, HIPAA-compliant chat and texting service that works through any modern web browser and though native Apps for iOS and Android devices.

SecureChat enables real-time texting and communications of files in a way that is secure and compliant, unlike regular text messaging and use of apps like Skype.

“Delays in communication no longer represent a delay in care. Our facility did a pilot study and it showed that the average response time from doctors using secure chat is 1-2 minutes, compared to 28 minutes when they used pagers and phones. I oversee a multidisciplinary team of health care professionals. With so many people involved, having fast, secure text messaging is critical to how we relay doctor’s orders and changes in patient status, and get nursing updates and therapy reports.”

— Aaron Salyapongse, MD; Director of Hip and Knee Surgery at Valley Care Hospital

Notably, SecureChat includes:

  1. Messages and files always encrypted — in transit and at rest
  2. Archives of all messages and files sent
    • Administrative access to archived messages for compliance
  3. Compatibility with iOS, Android, and any modern web browser
  4. Read receipts on messages sent
  5. Users can connect using multiple devices, simultaneously
  6. File attachments up to 100MB in size
  7. Real-time, synchronized messaging and conversations
  8. Distribution lists
  9. Unlimited conversations, messages, and archival storage

SecureChat is integrated with LuxSci and provides a fast, clean, and simple interface to communicating on-the-go (and in your seat) with other SecureChat users.

SecureChat licenses are $6/user/month (with discounts for 100+ licenses).  New customers can add SecureChat to their orders using our Order Wizard; existing customers can add SecureChat to their existing accounts using the “Account – Upgrade” tool.

One SecureChat license is needed per individual using the SecureChat system; however, your licenses do not have  correspond to the users in your LuxSci email hosting account.  They could include a subset of these people, as well as licenses for arbitrary external users that you also wish to include.

Please contact Sales if you have questions about SecureChat, or if you would like to try it out for Free.

Protect your LuxSci Account with Two-Factor Authentication and Other Barriers

Thursday, May 23rd, 2013

Two-Factor Authentication (supposedly patented by Kim DotCom)– using a password plus “something else” to gain access to your account and to prevent lost, stolen, or guessed passwords from impacting you — is finally becoming fashionable.

First, it was a cool idea, then some places such as LuxSci started supporting it, but it was rarely used due to people not wanting to bother with an extra step to login to their accounts.  Now, with Twitter adding 2-factor authentication to help stem the tide of account compromises, security is now fashionable.

This turn about is really fantastic as it brings security consciousness much more into the mainstream — so much so that popular Radio hosts are talking on the air about how to secure accounts.  This can only be good for the adoption of better security practices overall and a decrease in compromises due to laziness … and in cases like HIPAA, laziness can be a terrible thing.

In this post, we’ll go over how to secure your LuxSci account against intrusion using Two Factor authentication and other methods.

Read the rest of this post »

DuoSecurity: Advanced Two-Factor Login for LuxSci’s Web Interface

Friday, December 30th, 2011

Two-Factor logins require users to

  1. Enter their username and password properly (the 1st factor)
  2. Authenticate a second way (e.g. by entering a code delivered to their mobile phones).
Use of two-factor authentication ensures that even if a user’s password is discovered, guessed, or captured, a malicious user still cannot gain access to the user’s account … at least not without also having access to the second factor.
Two-factor authentication significantly enhances the security of any system:
  • LuxSci staff use it for all administrative actions both through our web interface and at the server command line.
  • It is required for PCI compliance
  • It is good for HIPAA compliance
LuxSci has long offered a simple and effective Two-factor option for its web interface.  Now, LuxSci also supports DuoSecurity Two-Factor authentication with its web interface.  This option provides many advanced user and administration features and is very cost-effective (usually free) for small organizations.

Text Messages are Faster than Email, but not Instantaneous!

Wednesday, May 4th, 2011

We have discussed how email messages should not be expected to arrive instantly.  This naturally brings to mind “text messages” (aka SMS messages) that people send to their cell phones.  These are commonly expected to be delivered “instantly” — but that is also not always the case.  While text messages are generally very fast, and usually more quickly delivered than email messages, they are not always “instant”.

Read the rest of this post »

SMS / Text Messaging Enhancements

Tuesday, September 28th, 2010

LuxSci is introducing more and more features that support the the sending of text messages (SMS) to users’ mobile devices.  Some of these features include:

  • Send an SMS notification on the receipt of certain email messages of your choice.
  • Send an SMS notification when a web or PDF form posts data though our SecureForm service.
  • Send an SMS notifications as reminders for calendar events and and tasks.
  • Two-factor authentication for logging in to the web interface — a special login Token can be sent via SMS to your mobile device.

Read the rest of this post »