Good morning everyone. The Japanese computer company, Lenovo, made the news in a big way this week. It was revealed that several models of laptops they released last year were bundled with a software called Superfish.
Superfish was intended to be a shopping aid that helped you find items online even if you didn't know what they were called. But it backfired when hackers discovered they could use this software to hijack peoples web activity and traffic. Needless to say if you have this software on your computer it needs to be removed immediately!
If you're not sure if this applies to you, you can go to to this website on your Lenovo and it will check your computer and let you know if you are safe or not. If it detects that you are not safe it will give you detailed instructions on how to remove it.
As always the purpose of these newsletters is to inform and to empower so feel free to forward this to anyone that you know(especially if they recently bought a Lenovo). Feel free to reply with any questions or concerns.
If you work in the health industry then you're familiar with HIPAA(Health Insurance Portability and Accountability Act). HIPAA exists to protect the private health information and the rights of healthcare patients. And HIPAA enforces it by performing audits and keeping track of entities that fall under it's umbrella.
What puts you under HIPAA's umbrella? If you're considered a
- health plan provider
- healthcare clearinghouse or
- health care provider
Then you would fall under HIPAA's jurisdiction to enforce their policies on. But simply if you save patient charts and insurance in your office, then HIPAA wants to make sure you're handling it correctly.
Really, there's three categories of safeguards that HIPAA enforces. Physical, Administrative and Technical. Obviously since I'm an IT guy we'll be focusing on the technical guidelines. Now keep in mind that people spend a lot of time keeping up with constantly changing HIPAA regulations.
I'm not one of those people.
So we're going to be dipping our toes into the deep pool of HIPAA technical regulations, by briefly going over the four main points of the technical safeguards.
- Access Controls
This has to do with making sure that all access to data is protected with strong passwords. HIPAA likes to see policies in place that enforce strong passwords, and that require you to change your password every 60 to 90 days. Also if a laptop leaves the office with patient information on the hard drive, the hard drive needs to be encrypted.
- Audit Controls
HIPAA wants see that everytime someone logs in or out of the system and does something to the data there is a log that records it. Windows natively does a good job of logging that stuff. And typically if you're using a medical software for the patients records that is usually built in.
Here they're talking about the integrity of the data. HIPAA wants to see that you've taken good steps to protect the data and make sure that any changes to the data are ones you meant to make. Things like good and secure backups, a RAID to create redundancy and solid anti-virus are good examples.
- Person Authentication
This shows efforts to ensure that the person gaining access to the system is actual who they say they are. Things like not allowing people to share usernames and making sure only certain employees have keys to locked doors are things HIPAA likes to see here.
- Transmission Security
And finally, in this section HIPAA wants to see that any patient information that is changed hands is done so securely. If it's emailed the email needs to be encrypted. If it's through the cloud, it needs to be through a VPN. If it's on a DVD it needs to be password protected. I think you get the idea.
HIPAA means business. They say that the privacy and rights of a healthcare patient are important to them and they're not afraid to fine you or put legal charges against you if they feel you pose a significant threat to that. I hope this has been helpful. If time goes by and you see that they have changed their stance on anything I've said please message me so I can keep this up to date.
You are in the beginning of a series of security and protection newsletters on the technology that matters to you. Every week I'll focus in on one aspect of technology and talk about how to protect it and prepare for the worst.
This week I'll be starting with security for your mobile devices(phones and tablets). Just 5 years ago if you had a blackberry then you were on the cutting edge of mobile technology. Now there are no shortage of smartphones and now tablets. As I go through and list off how to protect your stuff not only will I try to give instructions on how to do it but I'll also try to include instructions for android and apple.
Use a passcode
I know. You're sick of PIN numbers and passwords. But they work. And if you leave your phone or tablet somewhere, and someone finds it who wants to see what they can get off of it before they turn it into the lost and found then you could be in trouble. All smartphones and tablets have the ability to require a 4 digit code or password before it will let you use the phone. That way any passerby or thief can't easily get access to your life. Here are apples instructions for password protecting your iPad and iPhone. All androids have subtly different steps to do this. But if you google your phone and put "password protect" at the end of it you'll find plenty of articles to help you out.
Be careful where you download apps
If you're an iPhone or iPad user you don't have to worry about this unless you rooted your phone. Apple is very strict about the apps that are allowed on their App Store. If you're an android user you have the option to install apps from 3rd party sites. Any app you download from the Google play store should be safe, but there's a myriad of 3rd party sources you can go to get an app. Just keep in mind that with apps if it's too good to be true then it probably is. If that app cost $5 on the Google play store and it's free on this Russian site then there's your red flag(no pun intended...kinda).
Be sure one of your apps is security software
Avg and Malwarebytes both make great apps that will scan your device for virus' that can hide in apps, texts and email attachments. And they're free.
Have a backup just in case
So far all of these have been preventative ideas. But sometimes things just happen. And that's when it's helpful to have a backup so you don't lose your stuff. Apple makes this real easy with iCloud. As long as your iCloud is logged in and set up on that device it will do a full device backup whenever it's plugged in, on wifi and the screen is turned off. Apple gives instructions on how to backup and restore from iCloud here. Android users have some options for how they want to do this. This PCMag article does a good job of laying those options out there.
I hope you found something useful here. That's the whole point after all. Feel free to forward this to anyone you think would enjoy this. Also feel free to reply if you're confused about something I talked about or have an idea for a topic I should do in one of the coming weeks.