" text message Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more
LUXSCI

Posts Tagged ‘text message’

SMS is Broken and Hackers can Read Text Messages. Never use Regular Texting for ePHI.

Thursday, June 23rd, 2016

Security firm Positive Technologies has published a report (see their overview of attack on one time passwords and PDF of the SS7 security problems) that explains how attackers can easily attack the protocols underlying the mobile text messaging networks (i.e. the Signaling System 7 or “SS7” protocol).  In their report, they indicate how this makes it easy to attack the two-factor login methods and password recovery schemes where a one-time security code is sent via an insecure text message.

Devices and applications send SMS messages via the SS7 network to verify identity, and an attacker can easily intercept these and assume identity of the legitimate user.

SMS is Insecure due to SS7 protocol

Read the rest of this post »

Are you encouraging insecurity via your Web site contact and intake forms?

Friday, April 15th, 2016

Many Web sites have “contact us” pages and other Web forms for receiving requests from existing or potential customers.  This includes “new patient intake” forms on the Web sites of healthcare providers.

 

The garden variety Web form suffers from several serious problems:

  • Spam – Getting unwanted form submissions from Web robots.
  • Privacy – Often, sensitive data is submitted insecurely through these forms.
  • Archival – You may need an archived record and backup of all submissions.
  • Notices – You may need to be alerted of form submissions, even if you are not online.

Proactive privacy vs. neglect of privacy

When your Web forms transmit data insecurely, store or send data insecurely, or otherwise to do not treat the data submitted with the level protection that it deserves, you are putting the users of your forms at risk.

The typical argument is that “it is up to the user of the forms to decide if they want to submit sensitive information.” In fact, many insecure forms even have disclaimers requesting people to not submit sensitive information if they have concerns … and then the forms go on to ask lots of sensitive questions.   Especially without a disclaimer, but even with one, the form is actively soliciting people to submit their information insecurely and requesting them to take risks with their private data.   This is not good.

In areas such as healthcare, where these forms are often collecting sensitive health data (protected health information – PHI), the fact that an organization solicits the submission of PHI through insecure, non-HIPAA-compliant means is far from a “best practice”.  Why?

Read the rest of this post »

Press Release: How To Text and Remain HIPAA-compliant

Tuesday, March 15th, 2016

WESTWOOD, MA, March 15, 2016 — LuxSci® announces the recent launch of SecureText, a unique solution to concerns about HIPAA-compliant text messaging, and an important step to safeguard and secure electronic patient health information (ePHI).

Communicating through text message is a convenience to which we have grown rapidly accustomed. However, sending unsecured texts places healthcare providers and patients at risk in several ways: (1) ePHI-laden messages are not always encrypted during transmission or storage; (2) anyone with access to a recipient’s phone or stored messages can view ePHI-laden messages; (3) and some ePHI-laden text messages travel through organizations which lack required HIPAA Business Associate Agreements. Additionally, since healthcare providers are required to obtain and maintain consent from patients for texting – providers must ensure that patients are adequately educated on the risks associated with sending ePHI via text and presented with secure alternatives to insecure texting.

Read the rest of this post »

SMS / Text Messaging Enhancements

Tuesday, September 28th, 2010

LuxSci is introducing more and more features that support the the sending of text messages (SMS) to users’ mobile devices.  Some of these features include:

  • Send an SMS notification on the receipt of certain email messages of your choice.
  • Send an SMS notification when a web or PDF form posts data though our SecureForm service.
  • Send an SMS notifications as reminders for calendar events and and tasks.
  • Two-factor authentication for logging in to the web interface — a special login Token can be sent via SMS to your mobile device.

Read the rest of this post »

Automatic Calendar and Task Reminders: When, How, and as Often as you want!

Saturday, July 31st, 2010

LuxSci has completely overhauled the automated reminders available with its Calendars and Tasks WebAides.

Previously, you could receive an emailed reminder when a task or event was near; now, LuxSci also supports visual/pop-up reminders and SMS/text message reminders, as well as multiple reminders and recurring reminders.

Read on to discover all of the possibilities available with LuxSci’s new Calendar and Task reminder system!

Read the rest of this post »

LUXSCI