Need tech support? : helpdesk@fifstarict.com

Talk to an Expert: : 512.693.8743 x 1

 

Author: FIFSTAR

Importance of Thorough Risk Assessment Highlighted by Recent HIPAA Enforcement Action

Last month there were several HIPAA Enforcement Actions taken by the  U.S. Department of Health and Human Services Office for Civil Rights (OCR), one of which was as a result of an inadequate risk assessment. 

 The Office for Civil Rights has imposed a 1.6 million dollar civil money penalty against the Texas Health and Human Services Commission (TX HHSC) for HIPAA violations. TX HHSC operates state supported living centers; provides mental health and substance use services; regulates child care and nursing facilities; and administers hundreds of programs for people who need assistance.

 TX HHSC reported a breach to the OCR in June of 2015, stating that over 6,000 individual’s electronic protected health information (ePHI) had been accessible on the internet. The breach was discovered by a user who was able to access ePHI without entering credentials. This was made possible when a application was moved from a private secure server to a public server. During the OCR’s investigation, they determined that in part the lack of a enterprise wide risk analysis had lead to the breach. 

You can find more information on this breach and other recent HIPAA Enforcement Actions at the links provided below.

 Here is the link to the OCR’s full press release on the enforcement action.

Here is a link to a summary of some of the other HIPAA Enforcement Actions taken recently.

HIPAA debate sparked over Google / Ascension partnership

 With healthcare moving rapidly into the digital world, the way in which health records are stored is drastically changing. The recent announcement that Google would be partnering with Ascension, one of the leading non-profit and Catholic health systems in the U.S., has sparked debate over HIPAA regulations.

 In a report by the Wall Street Journal stated that “Project Nightengale” would allow Google. to acquire the health records of Ascension patients from 21 states without consent from the individuals. Some claim that this would be a violation of HIPAA regulations.

 

Ascension in a recent article on their website claims that Google will not have access to this information. This would also fall under the HIPAA regulation allowing business associates access to data if it is a function of providing care, and the business associate does not use the data for any other purpose.

Google also recently addressed the concerns about the partnership, clarifying what they are doing and speaking to concerns that had been reported previously. Both partners claim that this partnership will protect patients information, while greatly improving the way that it is stored and accessed by medical professionals. 

Read Ascension statement here: Technology that improves patients’ lives, caregivers’ experience

Read Google’s statement here: Tools to help healthcare providers deliver better care

Telemedicine the Future of Healthcare

Telemedicine is revolutionizing healthcare, by allowing patients access to medical professionals and medical advice at any time in any location. At the same time this is allowing practices to increase revenue. 

Telemedicine is the use of technology (primarily video conferencing) that enables remote healthcare. The medical professional will send an invite to the patient, and the patient can join from a computer or smartphone by following a link provided in the invite.

 

We live in an increasingly connected world, and telemedicine allows patients and doctors to connect more frequently. That means patients can ask more questions, doctors can provide more answers, which creates a stronger doctor patient relationship.

Telemedicine solutions also allows for multiple parties to join, like family in another state, or a specialist in a certain field. It also provides the ability to share out content such as test results or x-rays.

When looking to establish telemedicine solutions for patients it is important to ensure that the chosen solution complies with all HIPAA guidelines.

 

 

Tech Travel Tips

As the holidays approach more and more people will be traveling to visit family and friends. We thought that we would provide you with some helpful tips to keep your technology safe and in good working order as you travel.

 

 

USB Charging Stations

We have all seen the USB charging stations popping up everywhere, especially at airports. While these seem to be a much appreciated convenience that rescues our dying devices, it can also be a disastrous trap.

These public USB stations can be compromised by criminals looking to steal your data, or infect your device with malware.  It is best to bring the adaptor and plug your device directly into a power outlet. 

Public WIFI

It seems that now everywhere you go offers free WIFI as a service, but should you really connect? This can be very risky, in that everyone connected to the same WIFI can see all the data going to and from your device. The good news is that if you are using https:// your data is encrypted (the content is encrypted, but sender and receiver are in clear text). 

The best precaution to take while traveling is to us a VPN when connecting your device to public WIFI. There are several VPN’s available and all are relatively easy to use and not to expensive; well worth it to protect your device and data.

 

Smart Speaker Spies

Amazon and Google both offer smart speakers that provide a variety of services based on voice activated commands. They also both allow third party developers to create voice apps utilizing the functionality of these devices. In the past there have been concerns over employees of Amazon or Google utilizing the always on microphone feature to eavesdrop on users. With third party developers being allowed to create and deploy apps for these devices the concern is multiplied by every third party app developed.

While Amazon and Google have vetting protocols in place to ensure that criminals can not publish malicious apps for these devices, recently Security Research Labs found two possible hacking scenarios that apply to Amazon Alexa and Google Home. You can see a full description of both these hacks here https://srlabs.de/bites/smart-spies/

SRL reported these hacks to Amazon and Google before they made them public, so that the companies could work to resolve these issues.  As with all connected devices criminals will attempt to use these smart speakers to gain valuable information. Keep in mind that unless you have muted or unplugged these devices the microphones are always on. These devices should never request your password, and if they do you should log into your account from another device to confirm the request. Also using 2 factor authentication for accounts linked to these devices will help to mitigate security concerns.

 

Pa$$Words

Strong passwords are extremely important to your personal cyber security. The list of accounts and passwords we are required to use is constantly growing. From your bank account to Amazon or Netflix, you have passwords for almost everything you do online.

As security concerns become more prevalent many of these accounts require minimum levels of password strength, and at the very least will inform you when you are using a weak password. Remembering all these complex passwords is very difficult. Especially if you take proper security precautions and use a different password for every account.

With the passwords we use becoming more complex many options have appeared to help you  keep track of the ever increasing list of passwords. Most of the browsers that you use offer the ability to store your passwords for you, and automatically log you in. While some of these are more secure than others, they are not usually the ideal solution from a security perspective.

There is another option, password managers are becoming increasingly popular, and are generally a more secure option. Some charge a monthly fee, but most offer free versions.

Below I have listed a few different password managers. They have free versions, but also offer paid versions with more features.

Bitwarden http://bitwarden.com

Last Pass http://lastpass.com

Dash Lane http://dashlane.com

Public Wi-Fi

One of the greatest in modern amenities, free Wi-Fi is common occurrence in shops, hotels, airports, and even places like libraries and parks.

While free Wi-Fi is amazing, and almost always better than slugging through on your mobile network, anyone connected to the network can see what your sending/receiving (email or website content for example).

You are extremely vulnerable while connected to public Wi-Fi; although if you are using certain apps, or connected using https your data is encrypted.

One way to better insure you are protected is to use a VPN or Virtual Private Network whenever you are connecting to any public network.

What is Net Neutrality?

It’s been a year since the Obama-era net neutrality protections, which ensure all internet traffic is treated equally, were erased.

Although the doom-and-gloom prediction of a broken internet hasn’t yet come to pass, the future of the network is still very much in flux. At stake is who, if anyone, will police the internet to ensure that broadband companies aren’t abusing their power as gatekeepers. The 2015 rules adopted under FCC Chairman Tom Wheeler, a Democrat, prevented broadband providers from blocking or slowing access to the internet, or charging for faster access. The rules also firmly established the FCC’s authority as the “cop on the beat” when it comes to policing potential broadband abuses.

That all changed when FCC Chairman Ajit Pai, a Republican, took charge of the agency in 2017, threw out the old rules and stripped the FCC of its authority. Now, net neutrality supporters, broadband companies and the world await a federal appeals court decision expected this summer that will clarify whether the FCC’s repeal is even legal. Meanwhile, Democrats in Congress and supporters in states vow to keep the fight alive and are pushing for legislation that would reinstate net neutrality.

Even though the Republican-led Federal Communications Commission voted to repeal the rules in December 2017, it wasn’t until six months later on June 11, 2018, that the rules officially came off the books.

The fight continues as net neutrality activists plan protests Tuesday to mark the first anniversary. Senate Democrats are also trying to force a vote on the Save the Internet Act, which the House passed in April. The legislation would restore the FCC’s authority to police the internet and would restore the 2015 rules, including a ban on blocking, throttling and paid prioritization.

House Speaker Nancy Pelosi (center), Senate Majority Leader Chuck Schumer (left of Pelosi) and other Democrats announce legislation to restore net neutrality protections at the US Capitol on March 6, 2019. Mandel Ngan / AFP/Getty Images

FCC Chairman Pai led the fight to repeal, claiming the rules were based on outdated, heavy-handed  regulations, which stifled broadband investment. Since the repeal, Pai claims broadband investment has gone up.

“The latest evidence reaffirms that our policies are working,” he said in a statement the day before the anniversary of the repeal. “Today’s figures show that investment in our nation’s broadband networks rose in 2018 for a second straight year, with an estimated increase of $3 billion.”

But net neutrality supporters argue Pai’s claims are off base and that investment among the largest broadband companies has actually declined since the repeal.

“Verizon, Comcast and Charter invested less in their networks after the net neutrality rules were repealed,” said Gigi Sohn, an adviser to former Chairman Wheeler. “And AT&T recently announced that it would do the same.”

But worse than that, Sohn and other net neutrality supporters say Pai’s repeal effectively stripped the FCC of its role in protecting consumers and competition in the broadband market. And the consequences have been dire.

“As a result, a fire department has no recourse when Verizon throttles its broadband, and AT&TT-Mobile and Sprint can sell precise geolocation information for its customers to data brokers who then sell them to bounty hunters without consequence,” Sohn said, referring to news last year that Verizon slowed the Santa Clara Fire Department’s service to a crawl while first responders were fighting wildfires in California and allegations that major wireless carriers have been selling customer location data.

If you still don’t feel like you understand what all the hubbub is about, have no fear.  We’ve assembled this FAQ to put everything in plain English.

What’s net neutrality again?

Net neutrality is the principle that all traffic on the internet should be treated equally, regardless of whether you’re checking Facebook, posting pictures to Instagram or streaming movies from Netflix or Amazon. It also means companies like AT&T, which bought Time Warner, or Comcast, which owns NBC Universal, can’t favor their own content over a competitor’s.

What were the original Obama-era rules?

The regulation prohibited broadband providers from blocking or slowing traffic and banned them from offering so-called fast lanes to companies willing to pay extra to reach consumers more quickly than competitors. It also established a so-called “general conduct rule” that gave the FCC power to step in when it felt ISPs were doing something that hurt competition or ultimately hurt consumers.

Why has the issue become so divisive?

To make sure the rules stood up to court challenges, the agency also put broadband in the same legal classification as the old-style telephone network, which gave the FCC more power to regulate it.

The stricter definition provoked a backlash from Republicans, who said the move was clumsy and blunt. They claim the Democrats’ bill to restore the rules will give the FCC too much authority to regulate ISPs.

FCC Chairman Ajit Pai, appointed by President Donald Trump, called the old rules “heavy handed” and “a mistake.” He’s also argued the rules deterred innovation because internet service providers had little incentive to improve the broadband network infrastructure. (You can read Pai’s op-ed on CNET here.) Pai claims he took the FCC back to a “light” regulatory approach, pleasing both Republicans and internet service providers.

Supporters of net neutrality say the internet as we know it may not exist much longer without the protections. Big tech companies, such as Google and Facebook, and internet luminaries, including Tim Berners-Lee, fall in that camp.

Were the 2015 rules ever challenged in court?

As a matter of fact, they were. AT&T as well as a couple of industry groups sued the government, arguing the FCC didn’t have the authority to reclassify broadband. But in 2016, the DC Circuit Court of Appeals upheld the rules, dealing the FCC a significant victory. The ruling made it clear the FCC could regulate broadband. AT&T tried to appeal the decision to the US Supreme Court. And Trump’s Department of Justice urged the court to take the case. But ultimately, the high court rejected the appeal. And that 2016 ruling stands.

What happened to the 2015 rules?

The FCC, led by Pai, voted on Dec. 14, 2017, to repeal the 2015 net neutrality regulations. On June 11, 2018, the rules officially came off the books. As a consequence, today there aren’t rules that prevent broadband providers from slowing or blocking your access to the internet. And there’s nothing to stop these companies from favoring their own services over a competitor’s.

One of the most significant changes that’s often overlooked is that the FCC’s “Restoring Internet Freedom” order also stripped away the FCC’s authority to regulate broadband, handing it to the Federal Trade Commission.

Does this mean no one is policing the internet?

The FTC is the new cop on the beat. It can take action against companies that violate contracts with consumers or that participate in anticompetitive and fraudulent activity. But critics, which include consumer advocates and Democrats such as Rep. Mike Doyle of Pennsylvania, complain the FTC doesn’t have the technical expertise to handle net neutrality complaints.  They also claim the FTC lacks the FCC’s rule-making authority and it can take years to investigate complaints.

Are any of the old rules still in place?

The one rule that was spared is the so-called “transparency rule,” which requires broadband providers to disclose how they manage their networks. The FCC now requires service providers to commit to disclosing when and under what circumstances they block or slow traffic, as well as if and when they offer paid priority services.

What about the FCC’s comment system? I’ve heard there were issues. What’s that all about?

More than 22 million comments were filed with the FCC when the agency was considering repealing the 2015 rules. That was a record. But analysis of the comments showed that an overwhelming number of them were duplicates or submitted by automated bots. Roughly 2 million of the 22 million comments submitted used stolen identities. About half a million were sent from Russian email addresses.

Then there was the controversy over a supposed cyberattack on the comment system that temporarily shut down the platform on the same day thousands of net neutrality supporters responded to comedian John Oliver’s call to flood the agency with comments.

That “cyberattack” didn’t happen. The FCC’s inspector general reported in August last year that the FCC had misled Congress and the public when it said the outage in May 2017 was the result of a cyberattack. Instead, the IG suggested the outage occurred because the agency hadn’t prepared its website for a flood of visitors.

What are the states doing?

Attorneys general in 22 states and the District of Columbia have joined pro net neutrality consumer groups and Firefox publisher Mozilla in suing the FCC in federal court to reverse the FCC’s move.

There are also a number of states, such as California and Washington, that have passed their own laws governing an open internet. Several other states, including New York, are considering similar legislation.

California’s law is based on the 2015 protections, but it goes further. It also outlaws some zero-rating offers, such as AT&T’s, which exempts its own streaming services from its wireless customers’ data caps. The law also applies the net neutrality rules to so-called “interconnection” deals between network operators, something the FCC’s 2015 rules didn’t explicitly do.

The FCC and Department of Justice have questioned the states’ right to enact their own net neutrality laws.The FCC actually included a provision in the “Restoring Internet Freedom” order, which pre-empts states from creating their own regulations. The Justice Department has filed lawsuits against some states, including California.

Sarah Tew/CNET

What happened to California’s net neutrality law?

The new law was supposed to take effect Jan. 1. But last fall, the state struck a deal with the Justice Department to temporarily not enforce the new law until a lawsuit challenging the FCC’s repeal of the federal regulations is resolved.

What’s it all mean for me?

The repeal of the FCC’s net neutrality rules was a big change in policy. But for most people, things haven’t really changed.

Over time, though, they could. Whether you think the changes will be for better or worse depends on whom you believe.

Pai and many Republicans say freeing up broadband providers from onerous and outdated regulation will let them invest more in their networks.

Net neutrality supporters, including Democrats like Rep. Mike Doyle of Pennsylvania and Sen. Ed Markey of Massachusetts, consumer advocacy groups, civil rights organizations and technology companies like Google and Mozilla say that repealing the 2015 rules and stripping the FCC of its authority will lead to broadband companies controlling more of your internet experience. This may lead to higher prices.

What’s going on with the lawsuits?

The US Federal Appeals Court for the DC Circuit in February heard oral arguments in the case challenging the FCC’s repeal of the 2015 rules.

Two of the big questions being asked in this lawsuit are whether the FCC had sufficient reason to change the classification of broadband so soon after the 2015 rules were adopted and whether the agency has the right to pre-empt states, like California, from adopting their own net neutrality laws.

As mentioned, California struck a deal with the Justice Department in October that it wouldn’t enforce its net neutrality law until the lawsuit in the DC Circuit, challenging the agency’s repeal, is resolved.

A decision in the case is expected sometime this summer.

What is Congress doing?

Democrats and Republicans agree Congress should ultimately step in to end the regulatory ping-ponging that has been going on between Democrats and Republicans when they control the commission.

But that’s where the agreement ends. Democrats in the House passed the Save the Internet Act, which would essentially reinstate the 2015 order and once again make the FCC the agency in charge of policing broadband. But Republican Senate majority leader Mitch McConnell has blocked it from a vote.

Republicans oppose the bill, saying they are still worried that the FCC will have too much control over the internet. And they’re pushing for a bipartisan compromise.

While it’s clear the bill would have an uphill battle in the Senate, which is controlled by Republicans, Democrats were able to pass a Congressional Review Act resolution in the Senate last year that would’ve repealed the FCC’s order to dismantle the 2015 rules. But it’s unlikely any Republicans will defect again to pass this legislation, even if Democrats succeed in getting it to the floor of the Senate.

If it passes both houses of Congress, it still has to be signed into law by Trump. And White House advisors have already said they are advising the president to veto it.

Article Source: click here

Fake Browser Update is Ransomware

A recent trend in cyber attacks have taken the form of browser updates. When you open your browser it informs you that it is out of date and needs to be updated, when you click on update the malware is deployed. This attack can take the form of Chrome (pictured above) , Internet Explorer, Opera, …

Continue Reading

The rise of Hacking as a Service (HaaS)

Criminal enterprises have taken note of the growth in popularity of as-a-service products, copying this tactic to create Hacking-as-a-Service (HaaS). HaaS have provide some of the same services as the legitimate as-a-service offerings such as: live chat support, 24/7 phone support, monthly payment plans, discounts for purchasing year long subscriptions, and even marketing campaigns to …

Continue Reading
Scroll to top