Monroy Information Technology Services provides IT Support services, including computer maintenance and repair, network, and server support, to businesses throughout the greater San Antonio and Hill Country areas, including Boerne and Bandera, TX. We also offer monthly service plans for those clients desiring the peace of mind of on-call IT support without the high cost of in-house IT staff.
Some doctors think they are small enough to ignore HIPAA Compliance. They think the regulators are too busy watching large hospitals and insurers. They won’t notice a small doctor’s ofﬁce that fails to comply, right?
Wrong. HIPAA applies to every doctor, pharmacist, and health care provider in the U.S. Almost anyone who handles healthcare data has to comply. The consequences for failing to do so can be huge.
The Department of Health and Human Services, Ofﬁce for Civil Rights (OCR) is serious about enforcement. It has issued heavy ﬁnes to practices large and small:
● Phoenix Cardiac Surgery of Arizona agreed to pay $100,000 to settle a HIPAA case. The violations were discovered after a schedule of patient appointments was found online.
● Adult & Pediatric Dermatology of Massachusetts was recently ordered to pay $150,000 for HIPAA violations. The violations were discovered after a thumb drive was stolen from an employee’s vehicle.
● WellPoint, a health beneﬁts provider, agreed to pay $1.7 million to settle a HIPAA case. The violations were discovered after weak online security enabled a California woman to access personal health data of other customers.
In each case, a small event led to an investigation by OCR. HIPAA violations were discovered and each organization paid dearly. The ﬁnes represent only a fraction of the cost of a violation. Legal fees, consulting fees, and irreparable damage to a reputation can easily put a smaller practice underwater.
Expertise and Reliability for HIPAA Compliance
The key to complying with HIPAA is to ﬁnd a partner with the right tools and expertise. The partner should be able to assist with risk assessments, solution deployment, security audits, and all other requirements. You need someone who knows the statutes and who can bring your team up to speed quickly.
Contact us today for a free HIPAA consultation. You’ll see how easy it is to protect your practice.
From The U.S. Department of Homeland Security
There has been a significant increase in the number of reported incidents related to tech support scams. Many of these victims are older individuals who are not technically savvy and easily duped into believing these unsolicited phone calls are legitimate. These widespread scams sparked conversations on the prosecution of scammers during the United States Senate’s Special Committee on Aging symposium. In a testimony by David Finn, executive director for Microsoft’s Digital Crime Unit, he stated tech support scams are the “single largest consumer fraud perpetrated in America today”. Finn added criminals have swindled approximately 3.3 million people and collectively realize approximately $1.5 Billion annually.
The Scam: Someone posing as a computer support technician makes an unsolicited call to ruse potential victims into believing their personal computer is infected with malware. Victims are then lured into visiting legitimate websites that host malicious malware or illegitimate websites to download malevolent software that enable con artists to remotely access and overtake victim’s machine. Having gained the trust of these victims, criminals are able to charge hundreds of dollars for “bogus” assistance with malicious software removal and the purchase of fraudulent support plans or software.
Tech support scams are not limited to just phone calls. Other scam tactics include the use of pop-up ads seeded into websites that claim victim’s personal computer (PC) is infected with malware; large-scale campaigns that lure users to malicious websites with promises to increase the speed and performance of their PC; and malicious search ads that attract unwary users seeking online support. Although tech support scammers typically pose as Microsoft technicians, they also target other system owners such as Mac users. Common phone scam goals also include:
Recommendations: The best advice to avoid becoming a victim of a tech support scam is: hang up the phone! Tech support scams demonstrate social engineering is still an effective cybercriminal tool. System users are reminded to never grant remote computer access to third-parties unless the caller’s authenticity can be verified through direct contact with the company. Microsoft provides guidance for home PC users on techniques to handle phone calls from tech support scammers:
For those who suspect they are victims of a tech support scam, immediately change passwords for all accounts including email passwords and online banking accounts; conduct a scan for malware using installed tools such as Microsoft Safety Scanner; and verify normal computer performance by installing Microsoft Security Essentials or Windows Defender. In some instances, it may be beneficial to reimage system to ensure all malware has been removed.
Here are the pertinent details:
A fact that is important to note is that most malpractice or general liability insurance policies DO NOT cover HIPAA related fines. Unless Cancer Care Group had a specific insurance policy that would cover HIPAA fine, they will have to pay this fine out of their pocket. But even if they had insurance there is a very real possibility that the insurance company would not pay the fine due to gross negligence. Of course the fine is only the beginning of their monetary damages as there will be other costs associated with a data breach some of which will include legal matters. On average the costs are about $398 per record if you go by the Ponemon 2015 Cost of Data Breach Study.
What is mind boggling about this scenario is that Cancer Care Group could have avoided this HIPAA fine for a fraction of the cost. We can help your healthcare organization meet HIPAA IT requirements in your business.
Call us for a free consultation 281-799-3633
I often get asked how to zip files so here you go!
How to zip files:
How to unzip files:
Adobe Flash has been a popular target by hackers for a very long time because it's widely used and almost never kept updated by so many users. Using Adobe Flash as an attack vector is a great choice because they can affect anyone, regardless of what operating system they are using just by just installing malicious code on a website. Flash exploits seem to be a monthly occurrence, which means anyone using it must stay focused on keeping it updated.
There was a time that much of the animation and graphics on the Internet required Flash, so not having it made a lot of websites useless. This is no longer the case today as newer standards such as HTML5 are helping to reduce the need for Flash, but depending up on your surfing habits, it still may be necessary.
Some websites will appear to have gray boxes with a puzzle piece to indicate that Flash is necessary. If you hover your mouse over the box, it will give you information about what is missing.
Removing Flash is the best course of action to take and it is much safer, but you may need it for some sites that you frequent. A good way to test and see if you need it is to remove Flash. First completely uninstall Adobe Flash Player from your system. For Windows you can go here and for Mac OSX you can go here. Once you have uninstalled Adobe Flash you should decide which browser to use as your main safe browser. For Mac you can use Safari and for Windows you can use Internet Explorer.
When you visit a website that requires Flash that you absolutely need to use you should make a note of it. If you feel that you truly cannot live without that website and are willing to risk your security to use it then go ahead and install Adobe Flash. Also install a second browser like Firefox. What you will need to do is make sure that Adobe Flash is disabled in Internet Explorer or Safari. Then make sure Adobe Flash is enabled in Firefox. Firefox will be your non-safe browser that you should only use for the specific websites that you need to use that require Adobe Flash.
Chances are that you will find that Flash isn't critical for everyday use. If you do keep Adobe Flash installed on your system then make sure you keep it updated constantly.
When it comes to data backups people still think in terms of connecting a USB harddrive to a computer. While this might be fine for a home computer, this is no longer acceptable for backing up important business and customer information. It also does not comply with many industry standards like HIPAA or PCIDSS. Even your legal advisors will most likely tell you that you have to preserve your data for 7 years so data loss is not acceptable. Today you need something more than just a file backup. You need to be able to recover whole systems if you suffer a disaster. Businesses need a true business continuity and disaster recovery (BCDR) solution that will meet compliance standards as well as protect the business from critical failure.
A BCDR should have the following features:
Most importantly you need to ensure that your business can keep running in the event of a disaster because as we all know time is money.
Microsoft released an emergency security update for all versions of Windows on Monday. The patch fixes a critical security flaw that potentially allows a remote attacker to take control of the victim's machine. The flaw is in the way the Windows Adobe Type Manager Library handles OpenType fonts. What this means is that if someone running Windows visits a website that contains embedded OpenType fonts or a specially crafted document, an attacker could run code on his or her computer and take control.
"An attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft wrote in a security bulletin.
The vulnerability affects the following versions of Windows: Vista, 7, 8, 8.1 and RT, Windows Server 2008 and 2012. All Windows users are advised to update their PCs via Windows Update as soon as possible. Make sure to reboot your machine as necessary after installing the security update.
Monroy IT Services provides managed services which includes patching of operating systems to stay as current as possible.
Scott Guthrie, Executive Vice President of the Microsoft Cloud and Enterprise Group, has just announced that Microsoft has the largest cloud infrastructure on the planet. Microsoft Azure is now spread over 19 data centers across the globe. This is more data centers than Google and Amazon combined! Microsoft Azure will also be bringing 5 more data centers online very soon. What this means for you as an Azure customer is the ability to create redundancies in your business when hosting in the Microsoft Aure Cloud. What this will also mean for you is that Microsoft Azure is able to bring you the benefits of cloud speed, scale and economics. Microsoft is really showing the world that they are serious about continuing to be the premier cloud service provider. For more information on how we can help contact us!
Adobe Systems has just released a Flash Player update after an exploit for a vulnerability was leaked on the Internet and adopted by cybercriminals.
It is highly advised that you upgrade to Flash Player 188.8.131.52 for Windows and Mac. For the latest version you can go to Adobe.com. If you are interested you can read about it here in the Adobe Security Bulletin.
For users of Internet Explorer on Windows 8.x and Google Chrome the bundled Flash Player plug-in will be automatically updated.
As a general rule you should always make sure that Adobe Flash Player is current as this very common application is a security risk. If you are tired of always having to update Flash Player you could uninstall it but just remember that there are many websites that still use Flash Player so you may not be able to view them properly. That may be a great tradeoff if you want your systems to be much more secure.