HIPAA Compliance for Small Medical Businesses

In the last couple months due to governmental pressures for state and local charities and nonprofits, small medical businesses have been asked to fully comply with HIPAA compliance even if a single machine might one day encounter that information.

We are currently working with many translation services, small doctor offices, dentists, and branch offices of hospitals and medical centers and you think a majority would be in compliance with federal HIPAA regulations. But you would be wrong.

Patient Healthcare Information in the Past

Many of these organizations could in the past filled out a basic questionnaire and they would be authorized to deal with patient healthcare information or PHI. No one really checked up on them. Now there are auditors going out to these contractors these doctors and facilities to verify that the information that they presented in the questionnaire is valid.

Bringing in Outside IT to Reach HIPAA Compliance

We have been spectacular in deploying solutions that meet and/or exceed HIPAA compliance as well as implementing policies and procedures for our clients to meet it. It is gone extremely well over the last couple years and our due diligence in selecting solutions has paid off for our clientele.

Those auditors are highly skilled, highly trained and can easily tell when an IT person is being less than truthful with their answers. At Triton technologies we have passed all of our tests, past all of our questionnaires, and have successfully been audited by a third-party multiple times with flying colors at the end.

HIPAA Compliance: What It Takes

For clients that need HIPAA compliance, what you need is an extremely secure network, and the ability to control access to information from within that network. Mobile devices, printers, scanners, USB flash drives, external hard drives, firewalls, wireless networks, remote terminal services, and more must be secured at all times and monitored. With Triton Technologies managed services we provide all of that by default to our clients. When we started years ago before HIPAA compliance was in full swing, we implemented these knowing full well that when the time comes the solutions in the technology we implement would solve our clients problems: it has.

HIPAA compliance may seem to be a large scary beast of compliance but it is not. It just requires the right solutions, security protocols and more and your business can easily meet those security guidelines. We have the experience in this field. We can help.

Vendor Management: The Balrog

Any business owner can attest to is dealing with multiple vendors is a business in of itself. From cellular carriers, internet providers, construction companies, telephone and more, each one has their own language and each one has their own methodology.

This situation happened, and this is why right after our client signed up for our Managed IT Services plan which included vendor management:

The Client’s Story

The client is a logistics company based in Massachusetts is part of an isolated transportation park. A few companies, but nothing massive. They are quite busy at times and this time is especially busy due to the three day memorial day weekend. So basically everybody is moving as fast as possible to get done early and go home, and that is where the trouble begins.

A truck entering the loading facility was going too fast and clipped the service pole of the facility, breaking the line for internet and telephone for the other occupants.

  • The client decided to call the ISP themselves and report that a line was “down.” Mistake 1.
  • Told them it was no big deal and to go out today please. Mistake 2.

Friday being the start of the holiday, no rush was put in and no need to rush since the facility began shutting down and so forth.

The Following Week

Tuesday comes and goes, expecting the technician, nope.

Wednesday comes and they finally call us. A lot of missteps occurred causing not only our client to be down, but other tenants. Come to find out the client conveyed that the line was down, as in a saggy line, therefor no rush. Apparently it was treated like a small issue and not an outage.

Then We Stepped In

We contacted their ISP and we were able to get a truck rolled within an hour, their lines repaired and all the tenants fully operational.

Sometimes miscommunication can easily create havoc without understanding the lingo vendors need. Vendor management might seem like a small thing, but having an IT provider who has the experience and connection in the field allows you to get the most out of your resources, from internet landlines to software suites. Avoid that broken link in your chain. Want to learn more? Drop us a line.

Dispelling Ransomware Myths

Ransomware is the new underground economy.

In the last few years, a new breed of exploit has arrived on the scene, called Ransomware. Basically, what it does is encrypts all your files, demands bitcoins or some other crypto currency and waits. It usually has a timer giving you a couple of days to setup an account, transfer the funds and when done they usually send you the decryption codes.

Why Does This Happen: Money, Greed, and a Lack of Patching

A majority of infections are from “drive-by” downloads. You go to a website, or to an obscure search engine and a virus writer has purchased an AD on that page or engine. In the coding, it displays to the search engine something different than what others see to avoid detection. When you go to that page, it runs a JavaScript with usually a zero-day exploit and tries to inject itself in your computer, and you don’t have to do anything for it to come in. It tests the weaknesses of your java, shockwave, HTML interpreter or other system weakness and exploits it.

What is a “Crypto Currency”?

Years ago (and there is some disagreement how it was developed), a new type of currency was developed. It was named “BitCoin”. Bitcoins are computer generated slices of encrypted code that utilizes each other to generate a code when it considered a currency. You can slice and dice up this code to pay other people, bundle up all the bitcoins or be able to send money to anyone else on the planet. It is extremely fast, easy to use and no one government controls it. It also has some drawbacks: enter in the wrong bitcoins address and it is gone, never to come back.

My Files are Encrypted. What do I do?

Most people don’t think anything of the popup that they receive when the initial demand for payment is made until they go to launch a program or access a file. That is when people begin to panic. Word, Excel, PDF’s and more are locked down solid. They want their bitcoins and your data is being held hostage to deliver them. The virus is smart, so it disabled system restore and in some cases deleted backups in the process.

I’ll Call the Police, They’ll Help!

Nope. The people who develop these ransomware viruses are overseas and they use the highest encryption they can get their hands on. Usually, 4096 bit+ RSA multi-key crypto keys and they are extremely hard to break if you’re not a major super power. FBI, NSA, DHS and the local police have no tools to help you. These writers specifically target small business owners, hospitals, and smaller targets so the governments do not get involved. If they targeted larger, then something would be done. The best thing is just to NOT get infected to begin with by utilizing a terrific antivirus, patching, and maintenance program and being proactive in your security.

Patching Your Computer

If you see a leak in a dam, you patch it right? Why not your computer?

Many people avoid patches, and yes, there are many. From Windows updates to Office updates, Adobe Reader, Shockwave, Firefox, Google Chrome and more it requires you to keep on top of them. Why? Anyone of them can be a vector to enter into your computer and you should be patched. At Triton Technologies, we have an excellent patching system in place for our clients and networks. We update once a day for workstations, weekly for servers, and hourly for 3rd party software such as Adobe, Google and more. It pretty much KILLS the ransomware even before it has a chance to come in.

I Have a Firewall, I Don’t Need to Patch All the Time!

Nope, the firewall is just another line of defense, but it shouldn’t be your only defense. You need to have a proper maintenance program in place, security protocols in place, anti-virus that is up to date and more. Just relying on a single piece of technology for a total system defense is not only bad for data security, it could potentially bankrupt your business. If you’ve got any of these concerns, or are recovering from a ransomware attack: contact us. We can help you get your system back up and backed up, and make sure it never happens again.

Website Defense: Is It That Important?

Why is your web site defense strategy important? It is what people see, it’s what your customers see and it shows what kind of company you are when it comes to security. If your website gets hacked, it shows to potential clients that you are not serious about your internet security and you are a potential risk.

Defense One: SSL Certificate

Business owners need to secure their website using a number of techniques. The first and foremost we extremely recommend is getting an SSL certificate. SSL certs are cheap, and the cheapest is $9.99 a year from NameCheap.com and all the way up to $300 wild card from GoDaddy. These are imperative and the standard in which we recommend. Not only because it secures the site from unencrypted communication, but also it increases your search rankings when it comes to search engines.

Defense Two: Website Firewall

Second, we recommend Securi Firewall: it is a WordPress plugin that scans your files for infections, and secures your site from penetration and brute force attacks from login attempts.

Defense Three: Responsive Host

Third, we recommend an excellent responsive host. We have tried GoDaddy, Blue Host, Host Gator and more, but we have recommended and continue to use Liquid Web. Their tech support and 24 technical support is spot on. Coming from an IT company, I can assure you that their always ready group is excellent and the access to the root of your own hosting is spectacular when it comes to getting things done.

At the end of the day, your website is your public face and you need to protect it as well as your internal network. Get excellent hosting, watch, monitor and tweak it to keep it secure and always operational. And it doesn’t hurt to have proactive IT in your corner too.