August 6, 2012
One of our employee's mothers is a Department Head for a large medical practice in Georgia. Over a recent weekend one of the locations was burglarized and the thieves were able to get away with three laptops and a little cash, however because of the way the laptops were utililized, and the fact that the thieves were only able to gain access to a small, separate section of the office, no breach of Protected Health Information (PHI) occurred. The laptops were used in the office only and their primary function was accessing the server and the documents and applications contained on it. Everything was password protected and no documents or PHI were saved locally on the laptops. These seemingly small steps that were taken out of precaution when the laptops were initially setup and during use were enough to negate any sort of breach that may have occurred due to the theft of these devices; something that would have cost the practice an exorbitant amount of money and embarrassment.
Aside from not saving PHI and other important documents locally to prevent a breach from the standpoint of HIPAA, it is also not advised to save documents locally on machines that do not get regularly backed up in the event the information becomes corrupted or accidentally deleted. Servers are installed and configured to serve the purpose of centralized data storage for all business operations; however it is possible to place security parameters on certain drives and files to prevent unwanted access from others in the office.
Be smart with where and how information is saved so it is done in a manner to prevent unnecessary headache for you and your patients in the future.
June 1, 2011
Just like ever other piece of popular up-and-coming technology, Google's Android Market has been infected with several malicious pieces of software. By downloading apps from the market and from other sources, you may be exposing your phones and all of your data to would-be hackers.
The new threat is DroidDreamLight. DDL is a code that imbeds itself into the Android OS and collects and sends data to remote servers. Your location, contacts, phone calls, text messages, and even your mobile browsing history, could be broadcast to hackers worldwide. Google announced over the weekend that 34 new apps that were added to the market had been infected with this Trojan. Lookout Mobile Security and AVG discovered the code and alerted Google to take down the apps immediately, but given the popularity of the market, the apps were downloaded by some 34,000 users in a matter of seconds before Google was able to pull them.
Just like standard PC and Apple user guidelines, always be cautious of what you're downloading. Using a mobile security application, like Lookout Mobile, that scans applications as they are downloading to ensure they are safe to be installed. No one wants their hundreds of contacts broadcast over the net to anyone who wants them. Be on the lookout for suspicious SMS activity. For example, if you see that your phone sent a text to a random number and you didn't send it, you may have malware. Also be mindful of the permissions the application requests when it's installed. If a game is asking for access to your contact list and your location, a red flag should be going up.
Just like other methods of information security, be vigilant, use common sense, and you should be safe.
May 19, 2011
We've all had to go through it. Log in here, log in there, this password for that site, and so on. With the need for authentication and information systems security greatly increasing, I find it somewhat challenging having to remember 32 different passwords and when, and if, they're set to expire. The use of usernames and passwords has been around since the inception of the PC itself.
An individual wanting access inputs the username they are assigned and then a password, showing the system they are who they say they are. Most systems require a minimum of 6 alpha-numeric characters. While for some that may seem over the top, a skilled hacker, or computer for that matter, can crack your password in a matter of seconds.
A good authentication system is called "multi-factor." It combines something you know, something you have, something you are, or any combination of the three. A fingerprint reader that also requires an alpha numeric password is a good example, but what if we could simplify the requirement for multi-factor authentication into a simple puzzle. PortSys has developed a unique login interface called "SafeLogin" that uses small pictures that must be selected in a particular order to log users into their systems or certain applications. Instead of typing a word such as P@ssword1, users select a series of small pictures (for example: a duck, a hat, and a car) and BAM!, you're in. No more remembering 32 different passwords, except for the initial setup and configuration, and getting them all confused. I can't tell you how many times I thought my email password was my bank account password and vice versa. And wouldn't you know it, I end up locked out of both every time.
Though this is not a fairly new concept, the idea of using a more user friendly graphic interface is starting to gain popularity. For one, there's no new software of hardware footprint to slow down productivity. And as far as hardware goes, the program costs about 1.3% of what a fingerprint or retina scanner would cost, saving you loads of money. SafeLogin claims to increase the security of a standard 8 character username and password set by 66,000 times. Even though it's not been adopted by the DOD or NSA, it's safe to say this new type of authentication will change the login screen forever.