Visual Hacking a Growing Concern for Healthcare, Reports 3M

Visual Hacking a Growing Concern for Healthcare, Reports 3M

Despite the push towards data security and information governance, data breaches can occur where you least expect them. Though encryption software and more secure firewalls have shown success at preventing internal data breaches, another threat is looming on the data security landscape: “visual hacking.”

Low-Tech Hacking

Visual hacking involves capturing confidential information from digital screens by using smartphones, discrete cameras, or plain sight. Compared to complex coding backdoors and malware infection, visual hacking is relatively low-tech, but that doesn’t mean it isn’t a concern for healthcare organizations tasked with controlling sensitive data.

Imagine the opportunities for visual hacking present in locations as basic as healthcare clinics. Offenders can snap photos of your information as you fill out your medical record, eavesdrop on your conversation with staff, and once they enter the actual clinic, use silent, high-powered zoom cameras to discretely record any instances of unsecured patient data. With just a few clicks of a button, healthcare organizations can suffer data breaches that may cost them millions.

Visual Hacking

Though protecting confidential data from prying eyes has always been a concern in the healthcare field, new mobile camera technology is giving offenders more tools than ever before. A 3M sponsored hacking experiment with the Ponemon Institute found that a white hat hacker could visually hack sensitive information in 88 percent of attempts.

3M’s campaign against data loss helps IT and security professionals better address their security vulnerabilities. According to Gartner, IT security spend reached $75.4 billion in 2015, but this increase in security funding will do little to prevent the rise of low-tech hacking methods.

Preventing Visual Hacking

Healthcare providers must try to prevent data loss from visual hacking:

  • Using applications to mask high-risk data, particularly when accessing data from mobile and public locations.
  • Creating a corporate culture of security that prioritizes visual security—all staff must know of the growth of visual hacking and why all data must be stored behind authentication or privacy filters.
  • Limiting logins to necessary locations will help prevent the number of access points where data breaches may occur.

There’s no simple strategy to fight visual hacking, but healthcare organizations that understand the risks and challenges associated with visually securing private data are one step ahead in the game. Data security across all channels is an ongoing struggle that healthcare providers must be prepared to face.

Desh Urs iBridge LLC

Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing, and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

iBridge NewsletterUnderground eBook CTA

Missing Hard Drives Contain PHI of Nearly One Million Individuals

Missing Hard Drives Contain PHI of Nearly One Million Individuals

Cybersecurity and safeguarding Protected Health Information (PHI) is a hot topic in the digital world. However, while awareness and new legislation are improving the current state of digital information security, less attention is given to security protocols for hardware and physical data storage.

Hard Drive Theft

Centene, a prominent Medicare and Medicaid insurance provider, recently announced the loss of six hard drives containing private information on nearly 950,000 individuals. The affected data loss includes names, addresses, social security numbers, and membership IDs. A statement offered by Centene on Jan. 26th claimed that the hard drive loss “resulted from an employee not following established procedures on storing IT hardware,” noting that the missing drives were a small part of their total 26,000 unit IT inventory.

Is Encryption Necessary?

Centene’s data loss was a function of lack of encryption protocols and poor inventory management.

Unfortunately, the answer to data security isn’t as simple as “encrypt everything with PHI.” Unnecessary encryption can be costly and may reduce efficiency due to the extra steps needed to authenticate users. Under the HIPAA Security Rule, encryption of PHI is merely “addressable.” This means that organizations that thoroughly document alternative security measures need not encrypt all instances of PHI.Centene Corporation

When encryption isn’t feasible, other security protocols must be used. Inventory governance is essential for protecting hardware containing PHI. However, the challenges of keeping a real-time IT inventory make the process easier said than done.

“An inventory of any IT assets, including data, is only accurate for a moment. Things are constantly changing. Maintaining an accurate inventory doesn’t scale well for large organizations. Rather than putting a lot of effort into an accurate inventory, efforts are better spent encrypting media containing confidential information,” said Tom Walsh, founder of security consulting firm tw-Security.

This presents a challenge to holders of PHI: how can the costs of encryption be balanced with inventory management for better overall security? According to Walsh, risk analyses coupled with precise inventory tracking will help organizations “channel limited security resources where they are needed most.”

Finding a Middle Ground

The question of hardware and PHI security is as complex as the challenges associated with cybersecurity. It’s clear that both inventory governance and correctly-applied security protocols are necessary to keep PHI safe. The CEO of security consulting firm Redspin noted that: “…Healthcare organizations must be disciplined about tracking PHI throughout the organization and ensuring the appropriate safeguards are in place everywhere. Encryption adds cost and complexity, but a PHI breach can be far more costly.”

Given recent PHI breaches, we’re willing to bet that insurers like Centene would agree.

Dean Van Dyke iBridge LLC

Written by Dean Van Dyke, Vice President, Business Process Optimization

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

iBridge Newsletter7 Things About Medical Identity Theft Healthcare Executives Need to Know

5 Tips for Gracefully Handling Your Data Breach

5 Tips for Gracefully Handling Your Data Breach

You can barely throw a rock on the Internet these days without hitting a piece of advice on the best way to prevent a data breach. Yet, any organization that falls victim to such an attack is likely to find little guidance about the next steps to take. What’s the most appropriate way to share the news about a security incident?

Source: freedigitalphotos/Stuart Miles

Know Your Audience

The key in finding the best approach to take is to first understand that the message may have to vary slightly depending on the recipients to address their pain points and concerns:

  • Consumers worry about their privacy. Will they need to switch banks? Cancel cards? Should they continue doing business with the affected company?
  • Regulatory bodies like the Federal Trade Commission will want to verify that the technical aspects—like fulfilling any statutory obligations—of the announcement meet certain standards.
  • Banks will want details about how the affected company will address the costs for issuing new cards to consumers.
  • The board and the shareholders are more concerned about company worth and viability, and how or if such an incident compromises an organization’s value.

Given this is just a cross-section of those who might be affected by a data breach; it is easy to see how any official message must be tailored according to the audience.

Tips for Taking the Plunge

Once it’s time to explain, remember that honesty is the best policy… with these tips:

  1. Find the right balance between planning when and how to discuss any cyberattack with those affected, whether that means shareholder or cardholder. Some companies have found success with making an initial limited disclosure, then releasing more details upon investigation completion, but don’t deliberately downplay the gravity of the situation either. Also, comply with all mandatory disclosure timelines.
  2. Remember that language is everything. A “cyberattack” suggests an unforeseen and unpredictable outside force, while a “data breach incident” subtly implies that the company is at fault. Choose every word carefully.
  3. Know your rights. Reporting information to the authorities may negate the protective status of attorney-client privilege. Although cooperation with law enforcement is a must, do so with the guidance and advice of counsel rather than disseminating information too quickly.
  4. Remember that excessive compensation isn’t a must. Although offering a type of loyalty reward, like free credit monitoring, as a gesture of thanks to affected customers is understandable (and often appropriate), going overboard with an offer that’s disproportionately generous can seem suspicious in an overly culpable kind of way. Always weigh the considerations of such offers against the possible costs.
  5. Don’t be afraid to involve forensics consultants as part of damage control. Digital evidence can uncover any indicators that could point to a preventable security compromise. Or, proof that could absolve an affected company completely.

Although any data breach incident—ahem, cyberattack—can feel like a PR nightmare, it doesn’t have to be. Going public with a data breach can be handled with professionalism and grace, as long as a solid strategy is set in place before any information is released about the incident.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsurcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

4 Ways Fitbit and Facebook Can Compromise Your Medical Privacy

4 Ways Fitbit and Facebook Can Compromise Your Medical Privacy

There’s a surge in the use of social networking and fitness-tracking devices like Fitbit to monitor and improve health and wellness, but some of these same advancements in health and fitness technology are raising alarming privacy issues. Here are four ways your efforts to share your fitness journey with the latest and greatest technology could have unintended consequences and compromise your privacy.

1. HIPAA Has Its Limits

The Health Insurance Portability and Accountability Act (affectionately known as HIPAA) effectively governs the privacy and security of health-related data collected by hospitals, healthcare providers and insurance companies. However, HIPAA’s policies and regulations for data security don’t apply to your private information when you choose to place it on other outlets.

When you fill out questionnaires or surveys at a gym, massage therapist’s office or health food store, you should understand that the data isn’t regulated the same way it is when it’s shared with your doctor or insurer.

2. You May Inadvertently Over-Share

Source: Photopin

For most people, accountability is a wonderful tool to use when working towards fitness goals. Through apps and social media, we can share our successes (such as a new record for a mile run) and find support in our downfalls (like the empty Ben & Jerry’s container in today’s trash). Fitbit offers its users a leaderboard that refreshes all day to show who’s burning the most calories, making the best food choices and getting the most sleep.

Making your triumphs and failures public may seem like a great way to stay motivated and meet your goals, but, as some Fitbit users learned in 2011, you may accidentally give TMI. Just as Fitbit shared the number of calories worked off on the treadmill or how many flights of stairs were scaled, the popular fitness device also recorded and published late-night physical activity statistics including duration and calories burned.

3. “Checking In” Allows Others to Check-Up on You

Checking in via Facebook or FourSquare is a popular tool on social networking that allows users to publicize where they’re eating lunch or what landmark they’re visiting. Believe it or not, broadcasting your every move and activity could affect your health insurance rates. Insurance companies are in the business of minimizing risk and turning a profit, so constantly checking in at bars or cigar shops could lead to a hike in your premiums if your insurer decided to check out your check-ins.

4. Facebook Is the New Insurance Company Questionnaire

When applying for new health insurance, you’ll likely be asked to fill out a detailed questionnaire regarding your general health, preexisting conditions and medical history. However, insurers are jumping on the social media bandwagon and doing their own research to determine the riskiness of would-be policy holders. The amount of private and personal information people willingly share on their social networking profiles is astounding. These profiles have become a valuable and insightful resource for insurance companies hoping to determine the actual lifestyle of an individual, which may vary from how one represents themselves on a health questionnaire.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsurcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Why Electronic Health Records Face Significant Security Risks

Why Electronic Health Records Face Significant Security Risks

The days of massive file stacks full of carefully coded health records are all but over. Today’s healthcare system is undergoing a somewhat rocky transition to more easily accessible electronic health records (EHRs) that put a wealth of patient healthcare history at physicians’ fingertips. There are so many positives to the digitalization of health records that it’s easy to get swept up in the fervor.

Beyond the significant financial investments required of individual practitioners and major healthcare systems alike, upgrading to EHRs may pose significant risks to the privacy and security of patients’ private health information. What can be done to stop the data leaks and breaches that tarnish the reputation of electronic health records?

Source: FreeDigitalPhotos.net/Stuart Miles

Counting the Costs

A recent report from POLITICO found a full identify profile of a single patient could fetch up to $500 on the black market. With medical data at a premium, individual patients face a significant risk each time practitioners enter private data into an online database. The cost for consumers goes beyond financial disaster:

  • Unlike credit card fraud or banking breaches, there’s no one-stop-shop where affected individuals can report medical identity theft.
  • What happens if your record contains falsified information about previous treatments or even a fictitious diagnosis? Just thinking about the possible real-world repercussions of such breaches is enough to raise your blood pressure.

If you think healthcare identity theft isn’t a significant issue, consider this statistic from the Identity Theft Resource Center: in 2013, the healthcare sector racked up 43.8 percent of total security breaches, outpacing the business sector by nearly 10 percent. It turns out the reason for growth in healthcare breaches is likely economic; these days even a stolen Social Security number garners only about a buck on the black market, while a full medical record fetches hundreds of times that amount.

How Is Healthcare Security Performing?

In the wake of recent data breaches at Target, Neiman Marcus and other retailers, many large companies are beefing up their data security in efforts to escape the wrath of angry consumers tipped off largely by renegade data security blogger Brian Krebs. While that’s a positive development, the same encouraging changes don’t seem to be catching traction in the healthcare industry, where profits should ideally take a backseat to patient care… and that should include care of private healthcare information security, too.

Misplaced Priorities

Perhaps it all comes down to a few misplaced priorities:

  • Healthcare providers must ramp up their privacy standards, requiring significantly increased spending on security measures.
  • Leaving EHRs vulnerable to data beaches comes at a great cost to patients, many of whom are already dealing with stressful situations such as chronic diseases like cancer.
  • The Healthcare Information and Management Systems Society (HIMSS) reports that half of survey respondents in a recent security study spent less than three percent of their overall IT budgets on healthcare information security.

This statistic points to a serious spending shortfall, leaving patient health information vulnerable to security breaches that come at great personal and security costs. In order to safely modernize U.S. healthcare, providers will need to refocus and redouble their efforts at securing patient information to keep Americans both healthy and safe from identity breaches.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsurcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

20 HIPAA Breach Response Tips From Experts

20 HIPAA Breach Response Tips From Experts

Medical identity theft is undeniably one of the biggest challenges facing the healthcare industry today. The guidelines laid out by HIPAA provide an excellent frame of reference to help better protect patient data. When you are faced with a breach, however, what’s the best response? Here’s a look at 20 tips from the experts.

Source: freedigitalphotos.net/Stuart Miles

1. Locate Breach

The very first thing to do if you suspect a breach is to find it. No other steps can be taken without knowing exactly what you’re up against.

2. Containment

After identifying the breach, the next step is containment. The goal here is the IT equivalent of stopping the bleeding, whether that means disabling compromised accounts or blocking access to infected machines.

3. Damage Control

Damage control begins as soon as the immediate threat is under control. Determine what was accessed, and investigate other potential vulnerabilities to gauge the extent of any collateral damage.

4. Restore Services

Your organization must continue functioning effectively, and this means getting critical systems up and running again as quickly as possible. Once you’re sure that you’ve accurately identified and contained the source of the breach, restore essential services.

5. Internal Notification

Next, develop an internal report that notifies everyone from the ground up about what just happened. This is important for managing the rumor mill, but also contributes to the U.S. Department of Health and Human Services documentation requirements.

6. Be Honest

Don’t bother trying to combine sugarcoating and information dissemination. Just be honest and explain the facts behind the breach.

7. Change Passwords

Change all passwords and authorizations right away. It’s hard to tell how much information a hacker had time to grab, so err on the side of caution.

8. Preserve Evidence

As you’re doing things like changing passwords and containing the breach, be sure to save evidence of both the breach itself and the corrective measures you’re taking for future reference.

9. Gather Documentation

The OCR will require extensive documentation, including but not limited to: a copy of your most recent risk assessment, records of corrective action taken to correct the breach, proof of plans to prevent future recurrence, and much more.

10. Report Immediately

Although you technically have 60 days to report the breach to HHS and the press, it’s better to go public sooner rather than later. This shows that you’re taking the issue seriously, which in turn bolsters confidence in your organization.

11. Inform HHS

Tell HHS about your breach. Remember, any incident that affects more than 500 patients should be reported directly to the Office of Civil Rights.

12. Contact Your Patients

All companies are required to inform potentially affected individuals that a breach has occurred. Again, this should be taken care of as quickly as is reasonable, for the same reasons mentioned above.

13. Tell the Media

As the saying goes, he who breaks the story controls the manner of its release. Acknowledging the breach openly with the media is much better PR than trying to cover anything up.

14. Remediate

Everyone makes mistakes, but those who make an effort to rectify those mistakes rebuild trust in their organization that much faster. Do the right thing by offering help where help is needed.

15. Offer Resources

As part of the remediation process, provide resources to patients who are concerned about their privacy. For example, you can create a dedicated 1-800 number help line for affected parties to easily get answers to the questions they have, or offer free credit monitoring for one month.

16. Discipline

If your data breach resulted from a clear internal violation of your existing policies, the responsible party has to suffer the appropriate consequences. Take the necessary steps to discipline where called for.

17. Review Policies

Any data breach is a good indicator that it’s time to review your processes and policies to prevent similar incidents in the future.

18. Uptrain

Further investigation of the breach could reveal that remedial training is required to ensure that all employees are in compliance with current data guidelines.

19. Promote Awareness

Most healthcare organizations have a great number of various policies and procedures that employees are expected to follow, and it’s possible that data security concerns could get lost in the shuffle. Encourage awareness of the importance of HIPAA compliance, and make it clear that ignorance is not an acceptable excuse for noncompliance.

20. Prevent

While all of these steps are important for handling a data breach with professionalism and grace, the truth is that prevention is still the best policy when it comes to keeping information secure. Going the extra mile now to limit the potential of dealing with fallout later on is well worth the extra effort.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Why It’s Time for Law Firms to Get Real about Data Security

Why It’s Time for Law Firms to Get Real about Data Security

Source: freedigitalphotos.net/Renjith Krishnan

Source: freedigitalphotos.net/Renjith Krishnan

When it comes to data security, law firms are facing two distinct disadvantages. First, the legal industry seems to lag behind other fields somewhat when it comes to technology in general; not every member of the old guard sees the need to learn new tricks. And secondly, there’s no industry-wide standard when it comes to data security requirements for sensitive information. This combination all too often leaves law practices severely lacking when it comes to protecting data, leading experts to refer to law firms as the “soft underbelly” when it comes to cyber security. Is this a fair designation, or are law firms more self-aware than that?

Technological Savvy

Although of course new case law is created on a regular basis, the truth is that the vast majority of legal expertise lies in examining and reexamining the same information again and again. This can give the impression—sometimes even to those within the legal profession—that not much changes when it comes to litigation, and therefore not a whole lot need to join the 21st century with regards to technology by investing significantly in a firm’s technological infrastructure. As such, to run into severely outdated computer systems in a lawyer’s office isn’t all that unusual, particularly in smaller firms that lack the financial resources of larger, more established practices.

Yet, to assume that these “rules” apply to all law firms is equally shortsighted. In reality, the past year alone has shown a dramatic uptick in security efforts from individual firms, either in an effort to adopt ISO 27001 or even stricter security standards. Initiatives like LegalSEC® are helping to develop consistent guidelines within the legal community and create security programs that are both measurable and achievable, as well as promote greater awareness about cyber security.

The Future of Legal Technology

The issue of cyber security becomes paramount when the legal industry intersects with other professions in which data protection is a chief concern. For example, clients in the financial services industry are likely to conduct security audits to ensure outside counsel’s compliance with industry-specific guidelines. These audits can even include details such as security assessments of data centers and physical files.

In short, the legal industry now finds itself positioned in a place that requires them to maintain robust security programs, acknowledge and resolve any existing vulnerabilities and be prepared to address any risks that are uncovered during a security audit. The overwhelming response has been to rapidly restructure existing operating budgets accordingly.

While the sudden IT security ramp-up may seem like an overwhelming shift, this is really only one pixel in the big picture of other changes law firms are facing: new billing practices as clients push for a move from hourly to service-based fees, the non-traditional career path of working as an independently contracted lawyer, and a number of other post-recession adaptations that allow the industry as a whole to evolve and—eventually—thrive in its new incarnation. Rest assured, those in the legal field are not the only seasoned professionals who are facing these types of challenges. Armed with a renewed awareness of the severity that a lapse in data security can represent, the legal industry is ready to face the future and get serious about data security.

Written by Simeon D. Rapoport

Simeon D. Rapoport is the Vice President & General Counsel for iBridge. He’s been an attorney for more than 25 years, began his career working in the courts and private practice for more than 10 years, and has been in-house corporate counsel since 1998. Rapoport’s experience includes private practice with the large West Coast firm of Bullivant Houser and more than 10 years at Standard Insurance Company. Rapoport is a frequent author and speaker, and he enjoys being active in Bar and civic groups. His interests include family, fitness, outdoor activities, and travel.

Are You Beefing Up Your Data Security?

Are You Beefing Up Your Data Security?

While the general public may think of data breaches as occurring mainly in the retail industry, signs increasingly indicate that the healthcare sector could present a much higher risk for consumers, both in terms of frequency and the potential for more serious consequences. Large retailers whose security efforts have been found wanting (as in the case of Target’s heavily publicized recent data breach) have been duly fined and have now actively kicked their security efforts up a notch, along with many of their peers. Yet, healthcare organizations—despite their arguably greater vulnerabilities—still seem to be lagging behind when it comes to data protection.

Source: freedigitalphotos.net/Stuart Miles

Personal vs. Financial Data

Although having your credit card or bank account data stolen is certainly stressful, the loss or theft of personal information like medical records can be even more sensitive, for a number of reasons:

  • While consumers can contact their banks, credit card companies or the credit bureaus to report identity theft, no “official” recourse exists for a breach of medical records.
  • Information gleaned from medical records can be leveraged into accessing a multitude of other accounts, including banks and credit cards.
  • Correcting medical records after healthcare fraud has occurred is next to impossible, as healthcare organizations are (understandably) reluctant to change any records but those directly originating from their practice.
  • Healthcare fraud cost the United States an estimated $80 billion, according to the FBI.

This list is just the tip of the iceberg when it comes to looking at all the reasons a personal data breach so often presents a more serious threat to individuals than a retail-related breach that only accesses payment accounts.

What’s Your Security Grade?

A close examination of data on security breaches indicates that those in the healthcare industry continue risking network exposure and patient data by following high-risk practices. Security ratings are lower overall for healthcare organizations than for retailers, indicating a strong need for all healthcare-related businesses to beef up their efforts at patient protection across the board.

In 2013 alone, nearly 200 data breaches were reported to the U.S. Department of Health and Human Services, a number that reflects over 7 million at-risk patient records. This is an increase of 138 percent from the previous year.

The Payoff

Since most healthcare systems were originally designed for ease of use rather than high-level security, these facts are hardly surprising. Yet, since the United States spends approximately $2.7 trillion dollars on healthcare every year, it shouldn’t be hard for healthcare organizations to see that their records represent a potential goldmine for cybercriminals. That fact alone should be reason enough to start taking security much more seriously.

At this point in the game, it’s clear that protecting patient data and healthcare records desperately needs to take top priority, especially when additional factors such as the launch of HealthCare.gov and the recent increase in HSS crackdowns are taken into consideration. If you’re still not sure where you stand with your system’s security, take the time to conduct a risk assessment and find out if your organization might be vulnerable.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

10 Ways to Keep Your Data Safe On the Go

10 Ways to Keep Your Data Safe On the Go

One of the obvious benefits of mobile technology like smartphones and tablets is the awesome ability to access your data from just about anywhere. With their frequent and casual use in public places—not to mention their laptop-sized price tag—it’s more important than ever to protect your investment. How can you keep your equipment and your data safe while you’re out and about?

1. Don’t Flaunt

Image via freedigitalphotos.net/Stuart Miles

Image via freedigitalphotos.net/Stuart Miles

While you may not be using your latest gadget with the intention of showing it off, the more visible your smartphone or tablet is, the more likely you are to be targeted by someone without your best interests at heart. Keep your device safely tucked away in a pocket, purse or briefcase when not in use to stay on the safe side.

2. Don’t Leave Unattended

No matter how familiar a face you are at your local coffee shop, don’t leave your device unattended while you get up to grab another latte or run out to your car for your charger. Although it may seem like a bit of a hassle at the time to pack up all your gear for such a short period, it’s a whole lot easier than replacing a stolen device and all the data it held.

3. Become a Master of Disguise

The e-reader covers that are designed to look like leather-bound classic literature look like an ironic commentary at first glance, but they’re actually a pretty crafty theft deterrent to boot. What’s more likely to be stolen after all: a tattered copy of Pride and Prejudice, or the latest Kindle model to hit the market? Phones and tablets can be similarly protected by clever covers.

4. Password Protect

If, despite your best efforts, your device is stolen, the actual physical theft is far from your only concern. What about your personal information like email passwords and bank account information? Work-related data is just as much at risk and may be even more sensitive. Be sure to use a strong password or passcode for your initial login to help prevent unauthorized access.

5. Encrypt Like Crazy

Passwords aren’t the only way you can protect your data from outside parties. A number of devices come with encryption capability to ensure that all information on your smartphone or tablet is nothing but gibberish to anyone who isn’t authorized to access it.

6. Install Trackers

The Find My Phone app has helped recover more than one device after falling into the wrong hands, and that’s only one example of the many available tracker apps out there. If your device does go missing, make sure you have some means of remote access already installed to help you or law enforcement officials track it down again.

7. Add Apps

Besides using apps to simply track your device, others can remotely lock your mobile device to prevent use, or even wipe your phone or tablet completely in response to a trigger (like trying the wrong password too many times). There are even apps out there that can snap an inadvertent selfie of the thief in question.

8. Personalize It

Monograms aren’t just for the rich and famous. By adding a personal touch to the outside of your device, like a permanent engraving of your name and/or contact information, you’re making the ability to resell or pawn your device that much trickier—and therefore, ensuring that your tablet or smartphone presents a far a less enticing target to potential thieves.

9. Contact Your Carrier

In the event that your mobile device does go missing, the first phone call you make should be to your mobile carrier. They may have powerful network tools at their disposal, like GPS tracking, that can be invaluable in locating and returning your stolen property. A proactive call to your carrier also prevents unauthorized usage fees from landing on your bill.

10. Practice Common Sense

While all of these tips are helpful, they really boil down to just one piece of advice: practice common sense when it comes to your smartphone or tablet. Remember that regardless of how prevalent their daily use may be, your mobile device is an expensive investment that deserves to be thought of and treated as such.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.

Not Preserving Text Messages Could Cost You Big Money!

Not Preserving Text Messages Could Cost You Big Money!

If you think text messaging is something you don’t need to worry about in litigation, think again. Several months ago, the defendants in In Re Pradaxa learned this lesson the hard way.

Image via freedigitalphotos/patrisyu

Image via freedigitalphotos/patrisyu

In this December 2013 case, a federal judge in the Southern District of Illinois ordered the defendants to pay almost $1 million in sanctions for eDiscovery failures, including the failure to preserve text messages. Specifically, the court found that the defendants knew their employees were communicating via text for business purposes, yet nevertheless did nothing about the auto-delete function for text messages when implementing a litigation hold. The court pointed out that the duty to preserve applies to text messages just as it does to email.

A link to the decision follows. http://www.crowell.com/files/20131209-re-pradaxa-litigation.pdf Praxada is something of an extreme case but it does illustrate the point that companies need to be concerned about business text preservation just as they need to be concerned about business email preservation.

Written by Dean Van Dyke

Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.