October is National Cybersecurity Awareness Month!
TMC’s Security Scout wants you to be Cyber Savvy! Did you know? 43% of cyber-attacks target small businesses. Here’s how you can be Cyber Savvy: Use long, strong passphrases or passwords and different passwords for different programs and devices. See last month’s Advisor for password tips. Watch out for phishing emails and text messages! […]
FBI and the federal CISA have issued a ransomware awareness alert
The FBI and the federal Cybersecurity and Infrastructure Security Agency (CISA) have issued a ransomware awareness alert for the upcoming holiday weekend. The FBI and CISA have observed a trend of increased attacks around U.S. holidays. Businesses are more vulnerable when there are fewer workers in the office or workers are more distracted than usual […]
Audit Logs
August 2021 A covered entity recently discovered that a former employee had “snooped” (inappropriately accessed) over 10,000 patient records almost 4 years after the snooping began. The employee accessed the records in the EHR over a period of about 14 months. That’s over 700 records per month. The snooping went undetected until the former employee […]
Diabetes App Security Advisory from CISA
Patients and physicians who have the devices listed below and use the mylife Cloud and/or mylife Mobile Application should update to the current version of the application and update account passwords ASAP. The app is not sufficiently protecting usernames and passwords making their data vulnerable to exposure/hacking. https://us-cert.cisa.gov/ics/advisories/icsma-21-196-01 mylife website: https://www.mylife-diabetescare.com/en/products/therapy-management/mylife-digital.html mylife Diabetescare devices: Ypsomed […]
The 21st Century Cures Act and Healthcare Information Blocking
What is information blocking? Anything a healthcare provider knows is likely to interfere with the ability of a patient or other authorized person(s) to access, exchange, or use electronically protected health information (ePHI). Taking longer than allowed to respond to patients’ requests for access to their records, or not responding at all. Charging patients a […]
OCR Alert – Postcard Disguised as Official Communication
Some healthcare organizations have received postcards that appear to be from the OCR that they are required to participate in a “Required Security Risk Assessment” and they are to send their risk assessment to a website. This is not from the OCR or the U.S. Department of Health and Human Services, it is an advertisement […]
Information Blocking – Digging Deeper
Healthcare providers are not required to do anything new or buy new software to comply with the upcoming Information Blocking Rule issued by the HHS Office of the National Coordinator for Health Information Technology (ONC). However, understanding how your current policies and procedures could conflict with the rule’s requirements is a good exercise to start […]
Protecting Your Cybersecurity
If you use an on-premises Microsoft Exchange Server, it is important to reach out to your IT Support immediately to be sure updates are installed to boost your cybersecurity and protect against recently discovered critical security vulnerabilities. The vulnerabilities allow an attacker to compromise your network and steal information, encrypt data for ransom, or even […]
Upcoming Changes to HIPAA Not Set in Stone
Last month HHS released a set of proposed upcoming changes to the HIPAA Privacy Rule. Anyone can review and submit comments about the proposed changes until March 22, 2021. After that, HHS will review all comments and make any changes they feel are necessary and issue a final rule that will require compliance. This can […]
HIPAA: WHEN A MINOR BECOMES AN ADULT
When a minor becomes an adult, they become the owner of their medical record. Here are a couple of things to consider: When does a minor become an adult; What does the practice need to do to ensure proper handling of the record according to HIPAA. A minor can become an adult in several ways. […]