Information Managers
  • Home
  • Services
    • All Services
  • Templates
  • Blog
  • Contact Us
  • Practice Management Success
  • Podcasts

Email Phishing

Posted on October 25, 2017 by Jean Eaton in Blog

Don't get caught on the phish-hook!

Did you know – 1 in 95 emails sent to small and medium sized businesses (SMB) include malware that can include ransomware or other malicious attacks. (source: Symantec)

There are many creative ‘cyber bad guys' who love to trick you into providing your personal information. You need to educate yourself about the kind of scams out there, and take heed to prevent a cyber attack.

Employees are still widely considered to be the weakest link in any security infrastructure,so it’s no surprise that phishing remains so popular and effective. The fact is, good phishing email looks just like regular messages from people we know and care about, and to make matters worse, it can also be difficult to detect.

When it comes to phishing, prevention is the best defense. Investing in employee education and training now can save you a great deal of time and effort further down the line.

Let's look at the most common kinds of cyber assaults:

  • Spam email includes large amounts of unsolicited emails that can annoy you, cause you to waste time, and slow down your internet communications.
  • Phishing emails look like they come from a real company you know and trust. The sole purpose of a phishing email scam is to trick you to go to a fake website that looks real, and enter personal information that gives the attacker access to your data.
  • Spear-phishing is a targeted attack. It looks real because the perpetrators use accurate-sounding information to trick you into providing more of your personal data. The attack may be launched when you open the email or attachment (it looked real, right?), or when you followed an external link. The attackers use malware-compromised systems or credentials to steal data and sell it on the black market.
  • Ransomware is a cyber attack that often uses phishing to access your network. This attack relies on users to make mistakes even if your network has antivirus software installed. The attackers encrypt your computer network (and any backup devices connected to your network) that prevents you from opening any of your computer data. The attackers hold your data ransom until you pay their hostage demands.

Many businesses admit to being attacked. It only takes one person in an organization to open an attack email, and everyone is impacted – possibly by a data breach, definitely by the time and money it takes to contain and report the attack.

It is essential to train your employees to help them identify an attack and prevent a breach.

 

Do you want more tips and resources like these – for FREE?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

NCSAM Champion

#15DayPrivacyChallenge, #CyberAware, cyber secruity, email phishing, Practical Privacy Coach

Top Tips to Improve Your Computer Security

Posted on October 24, 2017 by Jean Eaton in Blog

Think about a medieval castle. A moat surrounds high walls, protected by soldiers behind battlements. There is likely a drawbridge and a portcullis, and slitted windows for archers. These layers of defences keep the castle safer than if the inhabitants rely on only one strategy for defence.

Your computer is no different.

A password-protected computer, for example, may be compromised if you share the password. But if your data is also encrypted, a potential breach can be averted. Like a moat and a portcullis, layers of protection help to make your computer defenses stronger.

Here are some hints to ensure your computer system is well-defended:

  • Purchase business-grade computers. Manufacturers embed additional security features into commercial-grade equipment.
  • If you use multiple operating systems, like Apple mobile devices and Windows-based desktop computers, you need to address another layer of security. Good policies and default settings for one system may not apply to the other. Here is an article about the importance of layers of safeguards when using multiple systems.
  • Create unique user accounts. Make it easy for multiple users to switch users on the same computer instead of sharing passwords.
  • Users should have access to data on a ‘need to know' basis. If your computer network uses shared access to files, decide who needs access (and who does not) to each type of file. For example, everyone should have access to the policy and procedure manuals and forms, but only a few people need access to payroll information.
  • Set permission levels for folders with sensitive information.
  • Review and update the security settings on your wireless router – and change the WiFi password.

 

Do you want more tips and resources like these – for FREE?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away! Hurry – registration closes soon!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

NCSAM Champion

#CyberAware, computer security, Practical Privacy Coach

Email Confidentiality Notice

Posted on October 16, 2017 by Jean Eaton in Blog

October is CyberSecurity Privacy Awareness Month!  Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge.  The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Privacy Challenge #1

Take a quick look at your email address book: how many Jennifers and Toms do you see? Even uncommon names can show up more than once, and it’s easy to send an email to the wrong person by mistake.

Mistakes happen. But from a privacy perspective, it’s important that our email recipients know what we want them to do should we make an error of this sort. So it’s vital to include some guidelines in the form of a confidentiality notice.

Consider the following elements of a well-crafted confidentiality notice:

  • State your email privacy policy.
  • Encourage the recipient to inform you should an error occur.
  • Thank them for letting you know about any mistakes.
  • State that you believe their privacy is important, and that you will take every step necessary to correct the error to prevent it from happening again.

Does your email signature block and fax cover sheet include these points?

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches? 

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware.

 

#15DayPrivacyChallenge, #CyberAware, e-mail confidentiality statement, Practical Privacy Coach, privacy

Cyberextortion – Is Your Patient’s Health Information Protected?

Posted on May 19, 2017 by Jean Eaton in Blog

Alice had a few minutes before the clinic opened and the first patients arrived. She logged onto the computer and then her personal email through a webmail connection. She checked through her messages and opened an email from a supplier. She followed a link to a website looking for a deal on office supplies and was shocked to find pornographic images!

Alice closed the browser and closed her email.

Then she saw the message on the clinic's computer screen, “This operating system has been locked for security reasons. You have browsed illicit material and must pay a fine.”

Alice could not access any of the files on the computer, not even the clinic's electronic medical record (EMR).

Is data the new hostage?

Cyberextortion is a crime involving an attack or threat of attack followed by a demand for money to avert or stop the attack. Cybercriminals have developed ransomware which encrypts the victim's data.¹

A healthcare business has many types of data on the computer network – patient health information, employee personnel records, fee for service billing, accounting and tax information. That information is important to you – and makes it a valuable target for cybercriminals.

The motive for ransomware attacks is monetary, and unlike other types of security exploits, the victim is usually notified that an attack has occurred and is given instructions for how to recover data. Payment for recovery instructions is often demanded in virtual currency (bitcoin) to protect the criminal's identity. (see WhatIs.com for more information)

 

 

How_They_Get_Your_Data_Phishing

 

Here's what you should be doing now to prevent cyberextortion on your computer network.

  1. Know where all your data is kept – your active patient records, archived patient records, billing records, etc. Remember to reclaim data that you may have left behind with previous vendors – transcriptionist, billing agents, remote data, retired EMR vendors, etc.
  2. Collect only the information that you need; not information that might be nice to know or that you might have a use for in the future.
  3. Install or update endpoint security solutions anti-malware and anti-virus software.
  4. Backup your data with secure encryption. Make sure that you have the encryption key and that you know how to use it. Test restore the backup and test the encryption key, too.
  5. Keep your backup separate from your computer network. You might store your backup on encrypted external drives or remote backup. But don't keep your backup device connected to your computer. If you are attacked by ransomware, the backup device can be locked. too.
  6. Is your current back-up device secure? Your backup should be maintained in an area with appropriate physical safeguards – for example, in a locked, secure, filing drawer, safe or data centre in a location separate from the computer network.
  7. Learn how to recognize phishing attacks so that you can prevent cyber attacks, too.

 

Collect_Only_What_You_Need_Cyberextortion

Risk can be mitigated through use of appropriate safeguards that will lessen the likelihood or consequences of the risk. Layers of safeguards – administrative, technical, physical – will help to prevent privacy and security breaches. When both the likelihood of the risk and the risk of harm is high, the more layers of safeguards should be considered to mitigate the risk.

Risk mitigation assessment is part of a privacy impact assessment (PIA). (What is a PIA?)

Review your current security policies and software with your technical support. If you have a small business and don't have in-house technical support, outsource a security review. Update your risk assessment. [clickToTweet tweet=”Don't become a victim of cyberextortion. #PrivacyAwarwe” quote=”Don't become a victim of cyberextortion.”]

 

Have you seen this?

The Office of the Information and Privacy Commissioner (OIPC) of Alberta has released an ‘Advisory for Ransomware'. You can learn more about preventative measures and ransomware response here.

10 Fundamental Cybersecurity Lessons for Beginners, by Jonathan Crowe, Nov 11 2015 to help you get started on improving your security.

See getcybersafe.ca for more information on common internet threats and on how cyber attacks affect businesses.

References 

Search Security Tech Target. cyberextortion definition

 

cyberextortion, health care, healthcare, phishing, Practical Privacy Coach, privacy, ransomware, Safeguards, security

Privacy Impact Assessment (PIA)

Posted on May 1, 2017 by Jean Eaton in Clinic Manager / Privacy Officer, Established Practice, New Practice, Services, Vendor

Does your medical practice collect personal health information?

If so, you may need to conduct a Privacy Impact Assessment (PIA).

The Health Information Act requires health providers to complete a Privacy Impact Assessment when you:

  • open a new clinic
  • establish a new health services program
  • change how you collect and use personal information
  • implement Electronic Medical Records (EMR), or transition to a new EMR provider
  • share information with a Primary Care Network or other health program
  • access health information from Netcare or other data repositories

Information Managers' Privacy Impact Assessment (PIA) consultation helps you document your practices, meet practice management best practices, and ensure compliance with regulatory legislation.

The PIA consultation includes reviewing your current practices, documenting current or new privacy and security policies and procedures, information flow, legal authority analysis, risk assessment, and Privacy Impact Analysis.  Contact us and we’ll take a look at your current office practices and let you know how we can help make your workload easier, your information secure, and meet regulatory compliance.

The ABCs of Privacy Impact Assessments

What do you know about Privacy Impact Assessments (PIAs)? If you have implemented an electronic medical record (EMR ) funded through a provincial program, you have probably had to go through a PIA. It was probably time consuming to some degree, but perhaps not as bad as you thought. Jean Eaton is a consultant and expert on Privacy Impact assessments in the medical office. She explains in this blog post, The ABCs of Privacy Impact Assessments, what you should expect when required to undertake a PIA.

Listen to the podcast with Dr. Alan Brookstone of Canadian EMR.

Document Management Tip: What is a Privacy Impact Assessment?

YouTube video: What is a Privacy Impact Assessment? Who needs a PIA? How can I tell if I have a PIA? Information about privacy impact assessments in Canada. Additional details for Alberta and Health Information Act, HIA, OIPC.

Having problems viewing the video here? Watch it on our YouTube channel: What is a PIA?

Computer Network Vendors and Privacy Impact Assessment

Video especially for vendors that supports healthcare practices

 

E-course: Protect Your Practice, Your Assets, and Your Patients with Privacy Impact Assessments

 

A PIA should be as common place to a healthcare practice as a business plan is to a business. BUT most healthcare practices don’t know this and often don’t know that a PIA is  usually part of their professional college requirements and often even a legislated requirement! Prevent malicious errors, omissions or attacks that could result in fines and even jail time for the business, healthcare provider, employee, or vendor by completing a PIA.

If your Privacy Impact Assessment was written more than 2 years ago this e-course is for you

ClinicManager_Icon

The Clinic Manager and Physician Lead and Privacy Officer  must ensure its content is updated to reflect the current state of administrative, physical and technical controls.

BONUS! Checklist to update your PIA to meet recent changes to Alberta’s Netcare Portal. If your practice has completed a PIA and now you need to update the PIA, you receive a checklist of items that you need to consider to refresh your PIA.

 

If you a vendor that supports healthcare practices this e-course is for you

Vendor_Icon

BONUS! One hour tele-consult with Jean, “Create a branded Privacy Impact Assessment Readiness Package”. Jean will work individually with you to review your documentation and coach you on how to prepare the package to give to healthcare practices.

BONUS! Vendor PIA live webinar includes Vendor non-disclosure agreement, Information Manager Agreement, GAP Analysis, Computer Network Narrative templates.

 

Jean has helped hundreds of physicians, chiropractors, pharmacists, and other healthcare providers complete their Privacy Impact Assessment. She has visited hundreds of practices across Canada. But time and geography limit my ability to visit each healthcare practice that needs a PIA. That’s why I developed this on-line interactive course to help you learn everything you need in order to review, amend, or create your own PIA. Each module includes a weekly live webinar, as well as templates, tools, resources and two common case studies to build on each week. You can use these scenarios to guide you through the PIA process.

You know your practice better than anybody else. If you had the right tools, at the time most convenient for you and a mentor to help you, you can develop good office practices, meet legislated and college requirements, and successfully complete your Privacy Impact Assessment requirements.

Consult, electronic medical record, EMR, health, healthcare, medical, Netcare, PIA, PIA completed, PIA templates, Privacy Impact Assessment

Medical Identity Theft – Examples

Posted on January 25, 2017 by Jean Eaton in Blog

Medical Identity theft is one of the fastest growing areas of organized crime.

It can affect individuals:

  • Financial and credit.
  • Inaccurate information added to your medical record.
  • Extortion of your personal health information.
  • False information can threaten your family or your employment.

It can affect health service providers:

  • Stolen identities of health service providers is used to set up fake clinics in their names and bill against stolen patient identities.

[clickToTweet tweet=”Prevent #MedicalIdentityTheft. Here's how.” quote=”Preventing medical identity theft starts by clinics asking to see picture ID from their patients.”]

  • Helps to reduce medication errors in healthcare.
  • Avoid providing services to fraudulent patients – ask for picture ID when you register a patient.
  • Improve your technical safeguards – budget for electronic data security investment.
  • Become aware of the risks and educate your staff.

Information Managers offers Privacy Awareness training on-site, group public workshops, and webinars. Don't miss an event – see Upcoming Events.

For more examples of how medical identity theft may impact your office, listen to the Health Care Technology Online Newsletter podcast

identity theft, medical identity theft, privacy

Identity theft protection (Would you know if there were two of you?)

Posted on January 25, 2017 by Jean Eaton in Blog

Would you know if there were two of you? Identity theft is a growing problem but there are things that you can do to protect yourself.

Identity theft happens when someone steals your personal information and uses it without your consent – to make purchases, take out loans, get medical services – and more! Victims can end up with drained bank accounts, destroyed credit, and the enormous task of fixing the problem.

5 tips to protect yourself from identity theft

  • Set up a schedule to review your credit card and bank statements – monthly, quarterly – and always have a ballpark in mind of your spending history
  • Once you've reviewed your statements, make sure that you've shredded the paper documents that you no longer need (and keep them in a secure place while you do need them!) By shredding your bank and credit card statements, you can prevent thieves from “dumpster-diving” for the easy information.
  • Set up a Google Alert for your name, business name, and other key identifiers (but not your account numbers).  You will receive a listing of whenever your name appears in the internet.
  • Limit the amount of personal information that you share on-line, in stores, and on the forms that you fill out.  Ask why they need your information.
  • Install and update anti-virus and malware protection software on your smartphone. Malware and viruses can access and steal personal information, which can lead to identity theft. ‪

Celebrate Data Privacy Day with Information Managers!

Tweet This!

Concerned about your privacy online? The FREE Data Privacy Day E-course makes it easy for you to enjoy the benefits of the internet while protecting your privacy. 
It's easy, fun and filled with practical tips, tools, and resources! Get it before it's gone.

Follow Data Privacy Day around the world using Twitter and #PrivacyAware.

We are proud to be a Data Privacy Day Champ!

DPD_profile_icon (All Platforms)

#DPD15, best practice, Data Privacy Day, identity theft protection, Practical Privacy Coach

Are cookies a good thing?

Posted on January 24, 2017 by Jean Eaton in Blog

Hungry? Cookies may sound good when they're filled with chocolate chips, but when cookies are used to track your online activity, they can result in behavioral tracking that advertisers use to target products to you.

You may be okay with this when it leads you to your next great shoe sale, but if you use a shared computer and search for something more private, the next person to browse the web on your computer may get bombarded with ads for the wedding rings – something you didn't want them to know.

A silly example, but if you use the internet for activities that require more personal information – such as online banking or shopping – cookies can save and remember your account number, credit card number, mailing address, phone number and more.

Privacy Tip – Delete your cookies!

Especially if you use a shared computer or if you are doing activities that require your personal information.

 

Celebrate Data Privacy Day with Information Managers!

Tweet This!

Concerned about your privacy online? The FREE Data Privacy Day E-course makes it easy for you to enjoy the benefits of the internet while protecting your privacy.
It's easy, fun and filled with practical tips, tools, and resources! Get it before it's gone.

Follow Data Privacy Day around the world using Twitter and #PrivacyAware.

We are proud to be a Data Privacy Day Champ!

DPD_profile_icon (All Platforms)

#PrivacyAware, best practice, cookies, Data Privacy Day, Practical Privacy Coach

Why Does Data Privacy Matter So Much?

Posted on January 23, 2017 by Jean Eaton in Blog

Data privacy is important. But the real question is, why does data privacy matter so much?

“Our personal information is built with our data that enriches, defines, educates and connects us. Data tells our story.” M. Dennedy, VP & CPO at Cisco.

Celebrate Data Privacy Day with Information Managers!

Tweet This!

Concerned about your privacy online? The FREE Data Privacy Day E-course makes it easy for you to enjoy the benefits of the internet while protecting your privacy.
It's easy, fun and filled with practical tips, tools, and resources! Get it before it's gone.

Follow Data Privacy Day around the world using Twitter and #PrivacyAware.

We are proud to be a Data Privacy Day Champ!

#PrivacyAware, best practice, Data Privacy Day, Practical Privacy Coach, Practice Management Mentor, privacy awareness, training

Do you know the most frequent source of a privacy breach?

Posted on October 29, 2016 by Jean Eaton in Blog

October is Cyber Security Awareness Month! Information Managers is celebrating by hosting our annual 15 Day Privacy Challenge. The 15 Day Privacy Challenge is a fun, no cost educational opportunity on privacy and security.

Challenge #15 Privacy Breach

80% of all privacy breaches are caused inside the business

Have you ever received a phone call from your bank telling you that your credit card information may have been compromised or stolen?

Be glad you did. While this kind of call may frighten you and create doubt and cause inconvenience, it is far better to be notified and to solve the problem than to let it persist. And if the bank catches the theft early and calls you to let you know how they have prevented it from happening again, you are likely to thank the bank for looking out for your best interests.

The same thing happens when you suspect that you have a privacy breach at work. You need to stop it, report it, inform the client, and let them know what you are doing to solve the problem. It is never an easy phone call to make, but most of the time the client appreciates your concern.

Watch the video, “Can You Spot the Privacy Breach?” for some handy information about what is a privacy breach, how to spot one, and what the most common mistakes are that you need to avoid.

Ideal for privacy officers, clinic managers, practice managers, healthcare providers, owners.

 

Do you want to enjoy the benefits of the internet without the fear of cyber attacks and privacy breaches?

Join us for the Free 15 Day Privacy Challenge for more tips, tools, and templates that you can use right away!

We are proud to be a Champion of National Cyber Security Awareness Month #CyberAware. #15DayPrivacyChallenge.

#15DayPrivacyChallenge, #CyberAware, Practical Privacy Coach
‹1234›»

What is the elephant in the room?

The Elephant in the Room Find out here...

 

Privacy Policy

 

"The 15 Day Privacy Challenge has made me aware of the policies that my facility needs to update/create!"

- Rachel Worthing, CHIM, Ontario Shores Centre for Mental Health Sciences

Register for Free On-line Privacy Breach Awareness Training!

Privacy Policy

Copyright 2023 Information Managers Ltd.

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}