Smartphone Apps and Best Practice to Reduce Risk

Smartphone Apps and Best Practice to Reduce Risk

There are many benefits to smartphones in the healthcare industry, however, there is also huge potential for HIPAA violations of patient privacy to be violated. It’s important to know what risk is associated with smartphones and other mobile devices.

CISA, or Cybersecurity and Infrastructure Security Agency, says “Mobile apps may gather information from your mobile device for legitimate purposes, but these tools may also put your privacy at risk.”

So, what are the risks associated with mobile device applications?

Apps are a convenient tool to access the news, get directions, or pick up rideshare, but these tools may also put your privacy at risk.

CISA says, when you download an app, it may ask for permission to access personal information—such as email contacts, calendar inputs, call logs, and location data—from your device. CISA goes on to say, “You should be aware that app developers will have access to this information and may share it with third parties, such as companies who develop targeted ads based on your location and interests.”

How can you avoid malicious apps and limit the information apps collect about you?

First, it’s helpful to reiterate that employee devices are for work purposes only. Therefore, applications on your workplace devices, including mobile devices must be approved by your Supervisor and must follow device guidelines set in place by your organization.

Employees must refrain from downloading, installing, and using apps such as social media platforms. Therefore, employees should refrain from posting, commenting, or sharing patient information on social media including patient names, photos, and descriptors that would identify the patient.

What steps can you take to secure data on your mobile devices?

  1. When using a public or unsecured wireless connection, avoid using apps and websites that require personal information and turn off Bluetooth.
  2. Avoid connecting your smartphone to any computer or charging station that you do not control. Charging stations are often found at transportation terminals and are not secure! Connecting a device to a computer using a USB cable can allow software running on that computer to interact with the phone.
  3. Do not leave your device unattended in public or in easily accessible areas.
  4. Ensure your device requires a password or biometric identifier to access it, so if is stolen, thieves will have limited access to its data.

If your device is stolen or misplaced, first, contact your IT administrator, supervisor, and/or designated HIPAA Security Officer immediately and notify them of the situation for immediate next steps. In general, it’s advised to, follow your organization’s Incident Response Policy immediately.

At Live Compliance, we make checking off your compliance requirements extremely simple.

    • Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location. Conducting an accurate and thorough Security Risk Assessment is not only required but is a useful tool to expose potential vulnerabilities, including those such as Password Protection.
    • Policies and Procedures are curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in the office, or out. Update in real-time.
    • Electronic, prepared document sending and signing to employees and business associates.

Call us at (980) 999-1585 or visit www.LiveCompliance.com.


ABOUT EZCLAIM:
As a medical billing expert, EZClaim can help the medical practice improve its revenues since it is a medical billing and scheduling software company. EZClaim provides a best-in-class product, with correspondingly exceptional service and support. Combined, EZClaim helps improve medical billing revenues. To learn more, visit EZClaim’s website, email them, or call them today at 877.650.0904.

[ Contribution from the marketing team at Live Compliance ]

How to Spot, Avoid and Report Malware

How to Spot, Avoid and Report Malware

Whether you’re a one-person billing company or a multi-location organization, it’s possible that you’ve seen or heard of Malware and the potential risks associated with it and how it can cause major downtime and potential HIPAA violations due to breached information.

Criminals use malware to steal personal information, send spam, and commit fraud. Malware includes viruses, spyware, and other unwanted software that gets installed on your computer or mobile device without your consent. These programs can cause your device to crash and can be used to monitor and control your online activity. They also can make your computer vulnerable to viruses and deliver unwanted or inappropriate ads.

Here are a few, high-level quick steps you can take to spot and avoid Malware.

First, let’s talk security software.

Install and update security software, and use a firewall. Set your security software, internet browser, and operating system (like Windows or Mac OS X) to update automatically, and don’t forget to Back up your data regularly. Strong security software can prevent a hack or scam before it happens. You should install well-known software directly from the source. Sites that offer lots of different browsers, PDF readers, and other popular software for free are more likely to include malware. Read each screen when installing new software. If you don’t recognize a program or are prompted to install additional “bundled” software, decline the additional program or exit the installation process.

Don’t change your browser’s security settings and pay attention to your browser’s security warnings. Many browsers come with built-in security scanners that warn you before you visit an infected webpage or download a malicious file.

Next, watch what you’re clicking on.

Instead of clicking on a link in an email, type the URL of a trusted site directly into your browser. Scammers send emails that appear to be from companies you know and trust. The links may look legitimate, but clicking on them could download malware or send you to a scam site. Don’t open attachments in emails unless you know who sent it and what it is. Opening the wrong attachment — even if it seems to be from friends or family — can install malware on your computer.

Avoid clicking on pop-ups or banner ads about your computer’s performance! Scammers insert unwanted software into banner ads that look legitimate, especially ads about your computer’s health. Avoid clicking on these ads if you don’t know the source.

Your computer may be infected with malware if it:

    • slows down, crashes or displays repeated error messages
    • won’t shut down or restart
    • serves a multitude of pop-ups
    • serves inappropriate ads or ads that interfere with page content
    • won’t let you remove unwanted software
    • injects ads in places you typically wouldn’t see them, such as government websites
    • displays web pages you didn’t intend to visit, or sends emails you didn’t write

Other warning signs of malware include:

    • new and unexpected toolbars or icons in your browser or on your desktop
    • unexpected changes in your browser, like using a new default search engine or displaying new tabs you didn’t open
    • a sudden or repeated change in your computer’s internet home page
    • a laptop battery that drains quicker than it should

At Live Compliance, we make checking off your compliance requirements extremely simple.

  • Reliable and Effective Compliance
  • Completely online, our role-based courses make training easy for remote or in-office employees.
  • Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location. Conducting an accurate and thorough Security Risk Assessment is not only required but is a useful tool to expose potential vulnerabilities, including those such as Password Protection.
  • Policies and Procedures curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in the office, or out. Update in real-time.
  • Electronic, prepared document sending and signing to employees and business associates.

Don’t risk your company’s future, especially when we are offering a free Organization Assessment to help determine your company’s status. Call us at (980) 999-1585, or email me, Jim Johnson at Jim@LiveCompliance.com or visit www.LiveCompliance.com

For more information about DarkWeb breaches please contact us at (980) 999-1585 or email us at support@livecompliance.com

 

Ransomware Hackers Target Medical Billing Companies

Ransomware Hackers Target Medical Billing Companies

Ransomware hackers target medical billing companies, and it CAN AFFECT your entire company! (Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.)

Often out of one’s control, ransomware hackers target medical billing companies because of the tremendous value of the data. BUT, there are steps that CAN BE TAKEN to protect you, your company, and your patients and/or clients.

 

NetWalker Ransomware, for example, gained notoriety for targeting hospitals and healthcare providers with e-mails claiming to provide information about COVID-19. (The e-mail usually has an attachment that downloads the ransomware from a remote server when clicked on.) The thing is, this is very lucrative for identity thieves since medical records information sells anywhere from $1-$1000!

As the number of healthcare providers taking advantage of Telehealth continues to increase—now outnumbering in-person visits—the number of ransomware attacks continues to increase as well. This means Billers and Providers must be aware of the programs that are used on their machines and ensure necessary steps are taken to safeguard against hackers and attacks.

How can you protect yourself and/or your organization?

  • Carefully monitoring where you store and enter your passwords can be extremely beneficial to help minimize the risk of a hack and keeping personal or patient information protected.
  • Routine password changes and monitoring where you store and enter your passwords can be extremely beneficial to help reduce the risk of becoming a victim to a hacker. Passwords should be long, unique in characters, capitalization, and alphanumerical.
  • Have you had an accurate and thorough Security Risk Assessment and/or penetration testing? If you haven’t completed an accurate and thorough security risk assessment, you could also be penalized under ‘willful neglect’ (this category alone is $50,000 per violation!) in addition to the higher risk of ransomware attacks.
  • If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.
  • The strength of your passwords directly impacts your online security.

 

Live Compliance can help. They aggregate breaches which enables you to assess where personal data has been exposed. Dark Web scanning is built right into their Portal, and it allows you to keep an eye on employees whose information was involved in a breach, where the breach took place, and then suggest the next steps to take.

At Live Compliance, they make checking off your compliance requirements extremely simple and to ensure this doesn’t happen to you or your organization:

  • Reliable and effective compliance
  • Completely online, our role-based courses make training easy for remote or in-office employees
  • Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location. (Conducting an accurate and thorough Security Risk Assessment is not only required but is a useful tool to expose potential vulnerabilities, including those such as password protection.)
  • Policies and procedures curated to fit your organization ensuring employees are updated on all workstation use and security safeguards in the office, or out of the office—all updated in real-time
  • Electronic, prepared document sending and signing to employees and business associates

 

So, don’t risk your company’s future on ransomware hackers. Contact one of EZClaim’s partners, Live Compliance, especially since they are offering a FREE Organization Assessment to help determine your company’s status. E-mail them, visit their website at LiveCompliance.com, or call them at 980.999.1585.

For more information about EZClaim’s medical billing software, which provides a best-in-class product with correspondingly exceptional service and support,  e-mail, visit their website, or contact them at 877.650.0904.

[ Article contributed by Jim Johnson of Live Compliance ]

Avoid Becoming a Victim of Dark Web Breaches

Avoid Becoming a Victim of Dark Web Breaches

The Organizational Assessment is one simple step to avoid becoming a victim of dark web breaches.

There’s no secret that the Dark Web is a scary place to lose your information. Medical records information sell anywhere from $1-$1000 by identity thieves! So, what if it affected your entire company?

 

What is a “breach” and where has the data come from?
A “breach” is an incident where data is inadvertently exposed in a vulnerable system, usually due to insufficient access controls or security weaknesses in the software. Data breaches are becoming more common and sometimes out of your control.

You  can protect yourself and/or your organization by:

  1. Carefully monitoring where you store and enter your passwords can be extremely beneficial to help minimize the risk of a hack and keeping personal or patient information protected
  2. Routine password changes and monitoring where you store and enter your passwords can be extremely beneficial to help reduce the risk of becoming a victim to a hacker. Passwords should be long, unique in characters, capitalization, and alphanumerical

 

If you believe sensitive information about your organization was compromised, report it to the appropriate people within the organization, including network administrators, so they can be alert for any suspicious or unusual activity.

The web browser, Firefox, has a “Monitor” that will warn you by saying, “Your password is your first line of defense against hackers and unauthorized access to your accounts. The strength of your passwords directly impacts your online security.”

EZClaim’s partner, Live Compliance, can help. They aggregate breaches and enable you to assess where your personal data has been exposed. Dark Web scanning is built right into the Live Compliance portal, which allows a company to keep an eye on employees whose information was involved in a breach (and where the breach took place), and the suggested next steps to take.

 

What can I do to ensure this doesn’t happen to me or my organization?

Live Compliance can make checking off your compliance requirements extremely simple. It provides:

  • Reliable and effective compliance
  • Completely online, our role-based courses make training easy for remote or in-office employees
  • Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location. Conducting an accurate and thorough Security Risk Assessment is not only required, but is a useful tool to expose potential vulnerabilities, including those such as password protection.
  • Policies and Procedures curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in the office, or out of the office, all updated in real-time
  • Electronic, prepared document sending and signing to employees and business associates

 

So, don’t risk your company’s future on dark web breaches. Contact one of EZClaim’s partners, Live Compliance, especially since they are offering a FREE Organization Assessment to help determine your company’s status. E-mail them, visit their website at LiveCompliance.com , or call them at 980.999.1585.

For more information about EZClaim’s medical billing softwaree-mail, visit their website, or contact them at 877.650.0904.

[ Article contributed by Jim Johnson of Live Compliance ]