Blog

On December 9th, 2021, a critical vulnerability was discovered in a popular code library, Log4J, that affected many applications across the world. It affected everything from firewalls to security software. Essentially, anything that uses this library and takes user input is potentially vulnerable. Researchers have named this vulnerability Log4Shell.

Do you know what time it is? It’s turkey time, people! (Apologies to the vegetarians out there). But yes, Thanksgiving is upon us once again. As per tradition, this is the time of year when we consider the things for which we are most thankful (and spend a whole day eating ourselves into food comas and then the brave or mad among us choose to go out the next day for an annual shopping event with its own casualty rate). And this Thanksgiving there are certainly a lot of things to be thankful for—we aren’t locked up in our houses like we were last year, COVID vaccines are widely available, new episodes of Dexter are back on Showtime, and it looks like we will be able to openly travel this holiday season (and on that note, if you do travel, please be kind to airline personnel).

Recent events have put a spotlight on a new element of payments security—terminals. For those readers who may not have been following the news, federal law enforcement (FBI) recently raided the Florida offices of PAX Technology, a leading, Chinese-based payment terminal provider. The raid was first reported by Krebs on Security. Based on the information we currently have, both the FBI and MI5 began investigating the firm after a major US payment processor started asking the vendor questions about network packets originating from PAX’s point-of-sale terminals. The vendor, it would appear, did not provide satisfactory answers which only increased suspicion and led the processor to report the situation to authorities.

Welcome back to the blog, ghouls and goblins! It’s almost Halloween once again, that time of year when we celebrate all things scary. Perhaps one of the scariest things going on right now is the fact that many specialty practices still believe that having an onsite server infrastructure is somehow faster and more secure than using cloud-based solutions. It’s not. In fact, it’s terrifying to think about how on-premise systems are still out there giving nightmares to specialty practices like a burn-scarred maniac with a bladed glove.

Well, folks… it’s that scary time of year once again. No, not Halloween. It may be October, but in this blog, we won’t be talking about ghouls and goblins. Nope. As you may already know, October is also Cybersecurity Awareness Month. And there are scarier things out there to worry about than those imaginary monsters in your closet.

HIPAA violations caused by access issues have made news in recent weeks, where current or past employees have abused their access to EHR patient records to snoop on or steal protected health information (PHI). One rather disturbing example of such abuse was uncovered just this week at the Canton, Ohio-based Aultman Health Foundation. In this case, the PHI of roughly 7,300 patients was compromised (including Social Security numbers, health insurance info, home addresses, birthdates and treatment details).

Here we are. Talking about ransomware. Again. And the truth is, whether we are tired of talking about it or not, the current ransomware situation (especially for those in healthcare) is only getting worse as this year goes on. Simply put—things are bad. How bad? Well… bad enough for the FBI director to compare the current nationwide surge in ransomware attacks in the U.S. to the September 11th attacks of 2001. You have to admit, that’s a pretty extreme comparison. However, it’s not too far off. As we’ve seen already with the recent Colonial Pipeline attack, ransomware has the potential to bring parts of our country’s infrastructure to a grinding halt and disrupt commerce, similar to the results of a physical terrorist attack.

Fraud is one of those topics that no one really enjoys talking about. It can be uncomfortable to think that someone in your practice, even someone you are close to and believe you have a strong relationship with, would steal from you. But it happens. And you need to be aware of it because fraud and theft are far more common in healthcare practices than you might expect.