D Squared Computer Consulting
D Squared Computer Consulting
D Squared Computer Consulting can help:
Make sure your network and communications safeguards are intact and robust.
It is increasingly difficult to find a computer that is not attached to some sort of network. Most computers in your
practice are connected to the Internet, a particular kind of public network that has its special risks. Network security is
a complex sub-domain of computer security; the basic threats and protective devices should be installed and
maintained by a qualified network security technician.
Networks work by routing packets of information among and between users at various computers. Generally, networks
use devices known as routers to send the packets to correct addresses. Therefore, networks need to defend
themselves against attacks from unauthorized users and from infiltration of unauthorized information packets through
Firewalls are hardware and software devices that protect an organization's network from intruders, such as hackers or
data thieves. Think of firewalls as sentries at the boundaries of private networks and the public networks they are
connected to: They check credentials, permit passage of authorized parties and communications, and keep a record of
what crosses the boundary. Firewalls deny access to unauthorized users and applications, and they create audit trails
or logs that identify who accessed the network and when. Firewalls may also issue alarms when abnormal activity
occurs, such as a repeated unsuccessful attempt to enter the network. D Squared Computer Consulting can monitor
your firewall and shut down any unauthorized access attempts.
Be certain that you have anti-virus software and keep it up to date.
Even if you are in solo practice and use only one laptop computer for all your data capture, storage and transmission -
and therefore may not require a network firewall - you probably connect to the Internet for e-mail and Web browsing.
In terms of risk to your computer's data, connecting to the Internet is the most dangerous activity in which you can
Malicious software, sometimes called malware, has become a familiar form of computer attack. Viruses, worms and
"Trojan horses” are among the most common forms of malware that your computer security must protect against.
Viruses can attach themselves to e-mails, program files and data files. They can infect all your hard disks and change or
erase data while spreading to floppy disks and e-mails to infect other machines. Worms are self-replicating programs
that attack networked computers. The now infamous Nimda virus was a worm spread via e-mail attachments named
README.EXE. It affected a wide variety of operating systems, including several versions of Windows. Nimda was
responsible for tens of millions of "denial of service” events throughout the Internet, in large part because it was able
to attack key Web servers that direct traffic across the Internet. It is estimated that worms like the Nimda cost U.S.
companies billions of dollars each year in repairs and lost productivity.
The solution to malware is installing and updating anti-virus software, available from specialized software companies,
on all of your computers. Anti-virus software works by scanning digital data, such as incoming e-mails, files, hard disks
and CDs, and then automatically deleting or isolating viruses. Anti-virus software programs are great at detecting
known viruses but not so good at detecting new ones. New malware appears all the time, so anti-virus software
needs to be updated frequently.
Viruses, especially e-mail worms, are the price we pay for universal connectivity and communications over open
networks, especially over the Internet. There is no single solution to the problem of computer viruses, and the problem
seems to be getting worse as more information is delivered over the Internet all the time. Vigilance is essential. D
Squared Computer Consulting will come onsite to your business to verify that your systems are updating and that your
virus definitions are up to date.
The bottom line is this: Computer security is a requirement for any sound business, including your medical practice or
pharmacy. Computer security is needed to protect the privacy of those whose information you store and manage. It is
also needed to protect you and your practice from the risk of penalty and legal liability if private information is used or
released by your practice.
AAFP (American Academy of Family Physicians) recommendation:
A single-vendor solution for small and medium medical practices allows you to work more closely with the
vendor to ensure that all the facets of your computer system satisfy your practice's HIPAA security plan. Some
Health System vendors will even help you do a gap analysis as part of their purchase program. But because
most Health System vendors don't install the hardware and networking components, your choice of a local
contractor for these services should be made with HIPAA in mind. Be certain that your local contractor is fully
aware of the HIPAA security standards and is willing to assist you before you proceed.
D Squared Computer Consulting works with health care professionals and is fully aware of HIPAA requirements
for your business or practice. We are also fully insured with professional errors and omissions insurance and will
stand by our clients if they ever have a HIPAA related security breach on their network or computers.* With our
Premier Service Contract solution, D Squared Computer Consulting will do real time monitoring of your firewall to
protect your business against outside threats and will proactively work to stop any such attacks.
Like any small business owner, independent pharmacists and doctors face the challenges of a competitive market - and
work the hours to prove it. To increase productivity while improving quality of life, many pharmacists and doctors
depend on secure remote access to network resources. Owners no longer have to stay at the store or office for 16
hours a day,. With secure remote access provided by D Squared Computer Consulting, they can go home at the end of
a regular business day and do a few hours of work in the evening from the comfort of their home.
To compete with large, national chains, independent pharmacies are deploying more advanced pharmacy management
systems to automate the entire pharmacy from point-of-sale and drug dispensing to billing and insurance claims.
Further enhancing productivity and improving customer service, pharmacies are switching from dial-up modem
connections to broadband services, improving system performance and reducing transaction fees for claim processing.
In doing so, pharmacies must protect confidential customer information and ensure network availability to keep
business processes up and running.
However, with broadband connectivity come security risks. HIPAA requires that pharmacies and doctors secure the
transmission of sensitive customer related information as it crosses the Internet.
* D Squared Computer Consulting will only guarantee HIPAA compliance with a Premier Service Contract of 50 hours or more. We
cannot be held liable if we are not actively monitoring your systems for intrusion and verifying that anti-virus and anti-spyware
programs are running with up to date security and software settings. Premier Service Contracts will automatically have the D Squared
guarantee that if your business has a computer related HIPAA security breach, we will be by your side in the courtroom to show that
your business has taken all precautions against the threat of a network breach.
Health Care Professionals and HIPAA
This page is geared toward Pharmacists and Family Medical Practices but HIPAA rules apply to
all health care professionals and D Squared Computer Consulting can help insure that your
business is HIPAA compliant on the computer and network security portion.
The Following is from Techtarget SearchSecurity:
Researchers at security vendor Finjan uncovered a server containing the sensitive email and Web-based data of
thousands of people, including healthcare information, credit card numbers and business personnel documents and
other sensitive data.
The server contained over 1.4GB of both email and web-based data. In all, the data consisted of more than 5,388
unique log files traced back to 5,878 distinct IP addresses.
Finjan said the server was a drop site for the AdPack exploit toolkit. The hacker controlling the server did not encrypt
the data and failed to protect the server from being accessed.
"It shows that you don't have to be highly knowledgeable to use these toolkits," said Yuval Ben-Itzhak, Finjan's chief
technology officer. "The whole idea for selling these toolkits is to provide to people who are not security experts and
do not have a computer science background."
Like other crimeware toolkits such as NeoSploit or MPack, the AdPack toolkit has a very intuitive interface, Ben-Itzhak
said. The management features enable the criminal to address specific groups of users by allowing them to target a
country or IP, or even by log types, he said.
Cybercriminals found it easy to access whole Outlook accounts including mail and personal folders, calendar, public
folders and contacts, Ben-Itzhak said. The crimeware used by the hacker was able to capture screenshots of the
victim's desktop and upload them to the server.
Ben-Itzhak said since the initial discovery, three other servers have been discovered with unprotected sensitive data.
"This indicates that the person running it is interested in the data and the money, but probably has no clue about
how to secure the server and how to protect the data from others to access it," he said.
Finjan notified more than 40 major international financial institutions located in the United States, Europe and India
whose customers were compromised as well as various law enforcements around the world.
Ben-Itzhak said the server logs contained a mountain of healthcare information, including personal data, health data,
treatment, medications, insurance details, Social Security Numbers, and healthcare providers' data, including
physician's name. Due to the fact that the data was HIPAA related, Finjan informed the FBI of the discovery.
"I think that the fact that medical data was stolen from doctors' PCs using Trojans, means there's still work to do,"
Ben-Itzhak said. "There are still security measures that need to be implemented."
Other data contained personnel files and business files marked confidential. One message revealed details about an
upcoming court case, while a few others contained business financial data such as invoice information. Banking data,
including credit card numbers and account login numbers were also discovered on the server, Ben-Itzhak said.
In one example, the cyber criminals gained access to a large chunk of business data, including network folders and
business contacts. They also had access to the company's shipment information, retirement plans and invoices,
"These criminals are not just targeting credit cards and the individual's identity, they're targeting real business data,"
Ben-Itzhak said. "It's not just a technical problem anymore of a broken application that the IT department has to fix;
it's a real business issue here that someone is monitoring your activity."
By Robert Westervelt, News Editor
06 May 2008 | SearchSecurity.com
Original article can be found here
A great article from TechTarget Security