Basic IT Security for the Public Health Worker

Health information technology is ever-changing, developing, and growing more sophisticated.

While this technology empowers us to do our jobs better and more efficiently, it also brings its own set of challenges and concerns.

• Have you ever wondered what actually makes a password strong, and how to choose a password that is both strong and easy to remember?
• Have you ever wanted to understand a little more about cloud computing?
• Would you recognize a phishing attack? (These are responsible for the most high-profile hacking news stories in recent years.)
• Are you curious about where information technology is headed, particularly EHR technology?

Scott Randall, Developer, recently presented at an Expert Webinar for Champ Software titled, IT Trends & Security for You.

Expanding on a presentation he made earlier this year at the Omaha System International Conference, Scott answered those questions and more.

Recently, the news has been saturated with updates on the Equifax data breach. Millions of Equifax customers in the US were affected when social security numbers, names, dates of birth, and addresses were accessed by hackers.

On September 13, 2017, Equifax made the news again when accusations of a breach of its Argentinian data were made.

The vulnerability was discovered by two native Argentinian employees of a Wisconsin security firm called Hold Security LLC.

What was the vulnerability?

The highly sensitive and private information Equifax held was, according to them, accessible via a portal protected only by a username, “admin” and an identical password, “admin”. (Source)

Hacking has become a daily occurrence; whether we’re hearing about celebrities’ private photos being accessed and distributed without permission or we are getting a notification that someone tried to hack in to our Facebook account, we are ever-aware that there is a threat out there.

You may wonder, how do I know my information is secure enough?

Often, websites and softwares will specify certain password requirements to help you create a secure password.

However, the stricter the requirements are for a secure password, the more difficult it becomes to remember the password.

In fact, most people seem to just give up and hope for the best when creating a password, opting for easy to remember variations such as “admin” or “123456.”

According to Keeper Security, a leading online Password Manager, over 50% of the 10 million users they analyzed in 2016 used one of the same 25 passwords.

So how does one create a strong, secure password that is uncommon but isn’t easy to forget?

One example recently provided by Scott Randall, Developer during his presentation was this: J’sgtWC&T’sgtM,p!gtw.

If that password looks complicated and forgettable, Scott’s explanation will surprise you. It’s simply based on a popular children’s rhyming song that you won’t be able to get out of your head once you hear it.

Another threat to our information security is phishing.

While some phishing scams are laughably easy to detect (the rich uncle you never knew you had probably isn’t going to wire you a $1M inheritance if you give him your social security number and banking information), others are startlingly sophisticated.

• Would you recognize a phishing attack? (These are responsible for the most high-profile hacking news stories in recent years.)

In fact, Scott Randall shared during the IT Trends & Security for You webinar that it was a phishing scam that allowed the 2016 Democratic National Committe (DNC) email hack to take place, leaking thousands of private emails to the public.

It all started from an email, cleverly disguised as a notification from Google, sent to a DNC employee asking them to change their Gmail password to (ironically) protect themselves from being hacked by an unauthorized sign-in attempt.

Clicking the legitimate-looking link resulted in the hacker obtaining the DNC employee’s Gmail login information and accessing the account and all the private emails.

Scott shared a few key tips in detecting a phishing scam, including:

• Beware of a “corporate” email containing a link or button to change or confirm your login information
• Ensure https precedes the URL in the address bar prior to entering sensitive information
• Check the URL to see if it is what it should be before entering your information on that page

While keeping your passwords secure and avoiding scams are simple ways to protect your information, more questions arise when considering where the information goes once it leaves your hands (or your laptop).

For many, although the term “cloud computing” has become as common as sliced bread, we may still wonder what exactly the ethereal cloud is, where it is, and just how secure it is.

This is especially relevant to public health as web-based electronic health records (EHRs) become more and more mainstream.

Not only are we keeping client data in the cloud, but when we visit the doctor’s office or the hospital, our own information is also entering the cloud.

Where does it all go and who has access to it?

One of the easiest and simplest definitions of cloud computing comes from Oxford Dictionaries, “The practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.”

So data stored in the cloud is actually stored on remote servers. For Software as a Service (SaaS) applications such as web-based EHRs, “the cloud” more specifically refers to online applications which manage and store your data in highly secure remote servers spread throughout the country.

According to the late Judith Riemer, MS, RN, PHN, CNS, and former consultant to Champ Software, “This sort of cloud could more closely be termed ‘private cloud computing,’ which means that the entity storing your information knows exactly where the data will be stored.

“These servers are non-public, and can only be accessed by authorized users. If you’ve banked online, you’ve already  experienced this sort of cloud computing.” (Source: EHR Primer ebook pubished by Champ Software May, 2012 – available upon request)

While cloud computing can be a daunting prospect to the uninitiated who just want to ensure their information is secure, when understood and properly utilized, it offers a host of increased capabilities, freedom in how you access your own data, and even (perhaps surprisingly) increased security over traditional data storage.

Scott describes this more during his presentation.

“While cloud computing can be a daunting prospect to the uninitiated who just want to ensure their information is secure, when understood and properly utilized, it offers a host of increased capabilities, freedom in how you access your own data, and even (perhaps surprisingly) increased security over traditional data storage.”

It is important to note that the internet, while it has grown at lightening speed over the last several years, is still in its infancy in technological terms.

Scott Randall shared during the IT Trends & Security for You webinar, “A few years after the dot com bubble burst, Jeff Bezos, the founder of Amazon.com, gave a TED talk… talking about this very subject.

“At the time, people were comparing the internet to a gold rush… comparing the financial side of things, how it boomed, then it collapsed. But he compared it to electricity and the application of that in our lives.”

Scott goes on to describe Jeff Bezos’ example of the first electric washing machine which did not have a normal plug, but a light socket-type plug, and no power switch.

Houses weren’t even wired to support electric devices beyond lighting at the time.

“The lesson in this is that technology sometimes takes a long time to develop. Although we’ve seen a lot of change in the internet and computing and how we use it, things are still on the move, they’re getting better, they’re stabilizing and maturing and changing,” says Scott Randall.

What does the future hold?

Scott shares his predictions:

• Increase and advancement of speech-to-text technology (For public health workers this could mean one day completely charting by voice in a HIPAA compliant manner)
• Sophistication and wider adoption of blockchain technology. (This is the technology under-girding bitcoin. The cryptographic algorithms that maintain order with the online collection and distribution of these bitcoin funds offer potential advantages to public health. One such advantage is the potential impact to interoperability with such a secure technology that contains an inherent audit trail.) Scott refers his listeners to a March, 2017 article from Harvard Business Review by John Halamka for more detail on the possibilities.

To learn more about these topics, click the button below to view Scott’s full presentation.