Record Requests610-994-7500

Recent Guidance on Contacting COVID-19 Patients for Blood Donations

The Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) recently issued guidance on how providers can contact former COVID-19 patients regarding opportunities for blood and plasma donations. Though healthcare providers can use Protected Health Information (PHI) to identify and contact previous patients, specific guidelines should be followed.

What the guidance outlines

Contacting previous COVID-19 patients to notify them of opportunities for donating blood and plasma is allowed in order to assist healthcare providers in collecting antibodies for treatment of other patients with COVID-19. The use of PHI for this purpose is permitted as a population-based healthcare operations activity, as outlined in the HIPAA Privacy Rule for HIPAA covered entities and their business associates. Furthermore, facilitating the supply of donated blood and plasma is expected to improve the provider’s ability to conduct case management for patients who have been infected with COVID-19.

However, safeguards remain in place when contacting previous COVID-19 patients. The provider can contact its previous patients for this purpose, without authorization, to the extent that the activity is not considered marketing. As defined by HHS, marketing is a communication about a product or service that encourages the recipient of the communication to purchase or use the product or service. However, under one exception, a covered healthcare provider is permitted to make such a communication for the population-based case management and related healthcare operations activities, provided there is no payment associated with the activities.

Additionally, providers are not permitted to share PHI with third parties. For example, a provider cannot release a patient’s PHI to a blood and plasma donation center so that the center can contact the patient for its own purposes, such as collecting the blood and plasma for a profit. For such a transaction to occur, the provider must receive the patient’s authorization prior to making the disclosure of PHI.

For more information, the complete guidance can be found here.

Read More

MRO’s Special Webinar Series: Information Blocking

MRO’s four-part special webinar series regarding the Interoperability Rule will teach attendees how this rule helps healthcare data and systems become more standardized, so that data can be exchanged seamlessly. Even if you and your organization are already making strides toward achieving interoperability at your facility, you can benefit by continually learning more. The Interoperability Rule, which consists of over 1,200 pages, probably seems daunting. Therefore, we created these expert-led sessions to break down the rule for you, since the rule has major compliance implications that your organization needs to prepare for.

Highlighted below are the four sessions included in our webinar series.

Information Blocking and the Interoperability Rule

Information Blocking: Setting the Stage – Lauren Riplinger, AHIMA

The first session of the Information Blocking webinar series, presented by an AHIMA staff member, provides an introduction by setting the stage for the other sessions. Attendees will learn the history of information blocking as well as the legislative background of the 21st Century Cures Act. They will also take a deep dive into the intended goals of the rule, and how the ONC got to the current state we are in.

Information Blocking and Interoperability: Decoding API Elements, Incompatibilities, and the Role of HIM in Technical Developments – Jeff Smith, AMIA and Diana Warner, MRO

The second session of the Information Blocking webinar series breaks down the technical developments and considerations from the ruling. Jeff Smith from AMIA will highlight the informatics and the technical compatibility requirements, as well as delve deeper into the technical aspects of the ruling and what it means for supporting CIOs and their teams. Specializing in information governance, Diana Warner from MRO will then guide attendees through the special considerations for HIM teams.

Information Blocking and HIPAA: Road to Compliance – Rita Bowen, MRO and Angela Rose, MRO

The third session of the Information Blocking webinar series, presented by two of MRO’s industry experts, analyzes the rule with a focus on HIPAA. Attendees will be immersed in a discussion around critical aspects of the rule and explore ways to operationalize its requirements to achieve compliance. Furthermore, they will take away tips and strategies to share with their organizations to guide planning efforts for success.

Information Blocking: Looking Ahead – All Webinar Presenters

The fourth and final session of the Information Blocking webinar series features a roundtable panel discussion from all the previous presenters. This session will briefly summarize what attendees learned during the first three sessions, as well as discuss what comes next. Attendees will learn practical enforcement mechanisms, OIG timing and enforcements, and possible penalties. The expert panel will also provide answers to the most frequently asked questions from the entire series.

Please join us for the first webinar, presented by Lauren Riplinger, JD, from AHIMA, Information Blocking: Setting the Stage, on June 11, 2020 at 2 pm ET.

Register today!

Read More

Security Awareness: How to Remain Safe While Working from Home

As our current climate continues to change day by day, I thought it would be beneficial to share some best practices for security awareness. While this is certainly not all encompassing, many of these practices can be applied not only to your organizations, but also in your personal life as well.

Working from Home

Due to the COVID-19 pandemic, many of us are now working from home. Unfortunately, cyber criminals will continue to target individuals and organizations with phishing campaigns in the hopes of exploiting vulnerable systems and services. While working from home, everyone must remain vigilant and keep an eye out for suspicious activity. Here are some of the most effective ways to protect yourself while working at home:

  • Secure your wireless network router at home, and make sure to change the default admin password. Also enable WPA2 encryption and use a strong WiFi password for the wireless network that you created.
  • Be aware of all the devices you have connected to your network, including baby monitors, gaming consoles, Alexa, Google Home, TVs, appliances or even your car. Ensure that each device is protected by a strong password and that the operating system is kept up to date. You should enable automatic updating whenever possible, so that you don’t forget. This includes your cell phone and computer as well.
  • Make sure every account has a separate, unique password. If you can’t remember all your passwords, consider using a password manager to securely store all of them for you. Some of our (free) favorites include LastPass, Dashlane and Keeper.
  • Keep your account secure by using multi-factor authentication or two-factor authentication. Whenever this feature is offered, you should absolutely use it. When you login, both your password and a code sent to your mobile device are needed. For example, you might use it for banking, Gmail, Dropbox and various social media sites.
  • Make sure antivirus software is installed on your personal computer. Chances are your work computer already has this software from the corporate level. Some free options for personal computers (Windows, Mac and even smartphones) include Sophos Home, Bitdefender and Avast.
  • Use your common sense! If an email, phone call or online message seems odd, suspicious or too good to be true, then it probably is.

Using Social Media

While most people use social media for personal reasons rather than for business, almost everyone has a LinkedIn account which is considered social media but designed for work purposes. Regardless of the social media platform you use, here are some friendly reminders to ensure stronger security awareness:

  • Use social media wisely. Once it’s out there, it will never permanently come down, even if you think that it has!
  • Apply the strongest privacy settings possible to ensure your privacy and protection.
  • Enable multi-factor authentication. If someone is trying to hack your account, you will know immediately and can remedy the situation quickly.
  • Don’t share personal information on business accounts. And don’t share business information on personal accounts.

Being Hacked

If you are working from home, and believe you have been hacked, how can you tell? This can be more challenging if you’re accustomed to being in the office and reporting an issue to your IT/Security team in person. Here are some signs that you’ve been hacked:

  • Your antivirus program triggers an alert. That’s why you should always install an antivirus program.
  • Your password no longer works, but you know it is correct.
  • You get a pop-up message stating that your computer is infected, and you must pay a ransom or call a phone number to fix the problem.
  • You believe that you have accidentally installed suspicious or unauthorized software.
  • Your friends and coworkers are receiving odd messages from you, that you never sent.
  • Your browser takes you to a random website that you can’t close.

Maybe more important, what can you do if you believe that you have been hacked? If your equipment in question is from your organization, always consult the appropriate department or person. At MRO, our employees are directed to contact the IT department. Don’t try to fix the problem. Stop what you are doing and report the problem right away. If it’s your personal equipment that has possibly been hacked, contact a local business for assistance. However, if an account such as LinkedIn has been hacked, then contact LinkedIn support for assistance. Getting help from a knowledgeable professional is always the best course of action when you are hacked.

Whether you are working from home or using a personal device for leisure, being proactive and vigilant can help both your organization and you practice better security awareness and protect your important online accounts.

Read More

Step Up in Crisis

There are times in a person’s life where resilience is tested.  As I reflect upon this pandemic, I feel hopeful.  I say this because time and time again, we Americans have risen to challenges such as natural disasters, 9/11, the Great Depression, rationing during wars, etc.  I remember the extraordinary story of people forming a human chain into the ocean to rescue someone drowning.  I remember how I was assisted after Hurricane Katrina and we recently saw volunteers lined up in Nashville to assist tornado victims.  One of my city leaders said, “We have to face this with storm coming mentality.  That’s when we check on our neighbors and make sure they have a plan, especially elderly neighbors.  Let’s make sure they have groceries or whatever they need to stay home and stay safe.”  I love this sentiment- that in a crisis, we band together where the fate of us all matters more than the individual.  Surrender the ME to WE!

In wars, natural disasters, or pandemics, we are called upon to be our best selves.  It’s time for you to ask the question, “How can I be my best self in this pandemic?”  Staying calm and collected is important.  Anxiety about the future just inflames your immune system.  Live in the present.  The past is done, the future cannot be controlled, but the present is the state in which to live and appreciate the little things.  Minute by minute, hour by hour, day by day.  Preparation is important in a possible quarantine situation.  Yes, buy groceries for a couple of weeks, but don’t hoard.  I know someone who was worried about families who don’t have childcare, and she decided that she would volunteer to babysit.  How generous, she will make a difference and leave this world a better place.

Psychologist Gretchen Schmelzer wrote, “For most people worldwide, this virus is not about you. This is one of those times in life when your actions are about something greater, a greater good that you may never witness. A person you will save who you will never meet.  This isn’t like other illnesses and we don’t get to act like it is. It’s more contagious, it’s more fatal—and most importantly, even if manageable, it can’t be managed at a massive scale anywhere. We need this to move slowly enough for our medical systems to hold the very ill so that all can be cared for. There is still cancer, heart attacks, car accidents and complicated births. We need to be responsible because medical systems are made up of people and these amazing healthcare workers are a precious and limited resource. They will rise to this occasion and work to help you heal. They will work to save your mother, father, sibling, grandparent or baby. For that to happen, we have important work to do.  Yes, you need to wash your hands, stay home if you are sick and comply with all social distancing rules.  But the biggest work you can do is to expand your heart and your mind to see yourself and your family as part of a much bigger community that can have a massive impact on the lives of other people.”

I’ve already seen amazing stories happening- the patron who left a $3,000 tip at a restaurant for workers to split, people delivering groceries to those in need, stores dedicating hours for elderly shopping and many more.  Let’s share these stories to encourage others.  Imagine if we can make our response to this crisis our finest hour.  Hopefully, we can look back and tell stories of how we came together as a team in our community, our state, our nation and across the world. Your contribution to the finest hour may seem small—but every small act of kindness adds up exponentially to save lives.

At MRO, we have an incredible team and a culture we’re so proud of.  I recently shared with our team, that if they start to feel stressed, take a deep breath and practice mindfulness.  One thing that always works for me is to name 5 things for which I’m grateful for right in this moment.  It eases your anxiety.  Rely only upon reputable sources for information.  Unplug for a while to de-stress.  Now is a great time to journal your daily thoughts.  You’ll appreciate reading them in the future.

Interested in learning more? Request the playback of my recent webinar, Effective Leadership During COVID-19.

Join our blog mailing list

Read More

Maintaining Compliance and Privacy Amid COVID-19


In these unprecedented times, there is much talk of the novel coronavirus (COVID-19) as it relates to HIPAA and the privacy of patient information. The Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) recently provided a statement to ensure all parties are aware of how patient information can be shared during an infectious disease outbreak. The purpose of the statement was to remind business associates and other entities covered by HIPAA that the Privacy Rule is not set aside during an emergency.

What this means for caregivers

Anyone who has been recognized by the patient will be allowed to continue receiving patient information. Additionally, HIPAA-covered entities are permitted to share the information in order to identify or locate a patient, and to notify the family members, guardians, or other caregivers of the patient’s general health condition or death. Furthermore, the information can be disclosed to law enforcement, the press or the public at large if necessary, to identify or locate the patient.

In any of the above cases, verbal permission from the patient should be obtained prior to the disclosure of information. However, the HIPAA minimum necessary standard does apply. This means that healthcare providers should make a reasonable effort to ensure any disclosed PHI is protected and restricted to the minimum necessary information, and only used to achieve the intended purpose.

What this means for business associates

While caregivers involved may share information as needed for public health purposes, business associates may not release the information without express authorization. If there is a legitimate need for public health authorities, or others responsible for ensuring public health and safety, to access protected health information required to carry out their public health mission, then and only then may the covered entity release the information. For example, should a facility ask that a business associate, such as MRO, release information verbally, the business associate is required to obtain a waiver of protection to do so. This is because the rule specifically indicates that business associates are to continue with the use of the protected information as outlined in the business associate agreement.

To learn more, and read the entire HHS release, click here.

Read More

Announcing MRO’s 2020 Webinar Series









MRO and I are proud to announce our 2020 webinar series. I would like to invite you to join me and my colleagues to review, analyze and discuss the hottest topics impacting Protected Health Information (PHI) today.

This year’s webinar series focuses on best practices related to industry trends and challenges, leadership development and regulatory changes that affect the secure and compliant exchange of PHI. The sessions address the needs of Health Information Management (HIM), privacy, compliance, risk management, security and other healthcare professionals seeking up-to-date information. Don’t miss the opportunity to learn from seasoned industry experts!

Highlighted below are the four sessions included in our webinar series.

The Right ROI Solution, Information Blocking, Workforce Training, and Privacy and Security Trends

Release of Information: Industry Changes and the Road to the Right Solution

This presentation explores results from a nationwide survey of senior HIM professionals about the ROI challenges, priorities and strategies at the forefront of today’s healthcare ecosystem. The survey was commissioned and published by MRO and conducted by Porter Research. I will guide attendees through a discussion regarding the right time to consider a new strategy and ROI partner, the meaning of transparency in partnership, key criteria for success and more.

Information Blocking Rule: The Impact to HIM

The Information Blocking Rule encourages the flow of information for patient-enhanced management of their own healthcare through the use of health information. As a result, we expect to see increased patient-directed flow of their health information to APIs and other support management tools. MRO’s privacy and compliance expert, Rita Bowen, and MRO’s legal expert, Danielle Wesley, Esq., will discuss how this rule appears to conflict with areas of HIPAA and what that means for HIM departments.

HIM Workforce Training: Developing Tomorrow’s Leaders

The evolving HIM landscape demands new skillsets and expertise for the workforce. MRO’s motivation and development expert, Mariela Twiggs, will provide best practices for training and retaining your employees. Attendees will take away valuable knowledge to develop their staff into tomorrow’s leaders.

Watch List: 2021 Privacy and Security Trends

This presentation recaps 2020 privacy and security trends affecting the HIM industry. The session also focuses on the outlook for HIM in 2021 and how to prepare for the future. MRO’s privacy and compliance expert, Rita Bowen, and MRO’s IT expert and CIO, Anthony Murray, will review watch list resources and provide related links. This timely information is most valuable to HIM directors, compliance and privacy officers, security officers, chief information officers and chief financial officers.

I will present our first webinar, Release of Information: Industry Changes and the Road to the Right Solution, on April 15, 2020 at 2 pm ET. Register today!

Read More

PHI Disclosure Management Webinar Recap: Attorney Misuse of Patient-Directed Record Requests and How to Cope


On December 11, 2019, I joined my colleague Danielle Wesley, Esq., Vice President and General Counsel, to present the fourth and final installment of MRO’s PHI Disclosure Management Webinar Series. In this webinar titled “Clearing the Confusion: Attorney Misuse of Patient-Directed Record Requests and How to Cope,” we reviewed trends and national efforts underway, discussed how the health system is impacted and formulated tactics to combat the confusion.

Patient-Directed Request Trends

The OCR’s 2016 guidance on patient access was meant to remove roadblocks for patients and their personal representatives when requesting medical records or PHI. However, instead of adding more clarification for healthcare provider organizations, the 2016 guidance opened the door for third-party requesters and attorneys to inappropriately request medical records under the guise of patient-directed requests, resulting in mounting challenges for healthcare providers. Recently, we have begun to see the following trends:

  • Attorneys and other third parties have increased the number of “patient-directed” requests and are using the records for their own for-profit activities—such as litigation or data sharing/selling.
  • Such requests demand that records be sent directly to the third party but be billed at the patient rate under the HITECH Act.
  • Use of the phrase “any and all” has led to a rise in page count per request. This phrase is used as an attempt to receive all PHI regarding a patient, not just the specific encounters or visits that are relevant to the litigation.
  • An increase in the submission of meritless complaints to release of information companies such as MRO, their clients, and the OCR has resulted in more time and effort to respond to baseless complaints, which ultimately generates greater operational costs.

These trends are concerning for release of information companies and their clients because attorneys and record retrieval companies are able to obtain large volumes of essentially unrestricted, unregulated PHI at lower fees by using generic, template forms. Furthermore, patients are unaware of the risks associated with the documents they are signing and are not actually providing “informed consent.” Such risks include:

  • No acknowledgement of HIPAA rights
  • No expiration date, allowing third parties to copy and use the “patient-directed” request letter indefinitely
  • No restriction on sensitive information regarding HIV, sexually transmitted diseases, psychotherapy notes, substance abuse and more

Health System Impacts

As the misuse of patient-directed requests grows, so does the impact across health system departments. Not only does this issue directly affect the Health Information Management (HIM) department, it also affects the Compliance and Legal/Risk Management departments.

HIM departments must mitigate patient privacy risks while managing an increase in volume, workload, costs and staffing.

Compliance departments are concerned about OCR incrimination, which results in knee-jerk responses versus well-informed actions. There is also a lack of time and resources to appropriately push back on meritless attorney complaints and threats.

Legal and Risk Management departments face OCR complaints and outside attorney pressure, and lack understanding of the steps and costs required to fulfill requests for medical records. For all parties involved, proper training is needed to mitigate risk and take appropriate action in response to attorney requests and patient-directed requests.

PHI Disclosure Management: Recommendations for Organizations

All health systems and organizations should have a plan in place to combat attorney misuse of patient-directed requests. Here are four simple, yet effective tactics:

  • Provide HIPAA training and education throughout your organization, particularly focused on patient access and patient privacy. Include departments such as HIM, Legal, Compliance, Risk Management, Finance, etc.
  • Recognize this as a long-term problem that cannot be resolved effectively by short-term solutions. Consistency is essential, begin by understanding your responsibilities set forth in your organization’s HIPAA compliant Notice of Privacy Practices.
  • Don’t be afraid to push back. Engage with the OCR whenever possible since it is critical that they hear from your organization directly. MRO’s most successful clients have taken a strong stance for their patients and against third parties misusing patient access.
  • Contact your representatives and senators to share your concerns regarding misuse and abuse of patient-directed requests from attorneys, record retrieval companies and other third parties. Specifically, contact members of the Health, Education, Labor and Pensions (HELP) Committee.

Continuing Education for the Misuse of Patient-Directed Requests

As we begin the New Year, Danielle and I will continue to educate our client base by hosting webinars, publishing additional content and visiting Capitol Hill alongside other industry experts. Stay connected and view the latest updates by following us on our social media platforms.

To learn more about the misuse of patient-directed record requests, fill out the form below to receive a copy of this webinar.


Receive a copy of the webinar "Clearing the Confusion: Attorney Misuse of Patient-Directed Record Requests and How to Cope"

Read More

MRO’s Everyday Heroes: A Motivational Initiative

I have a fabulous job title: Senior Director of Motivation and Development. When I meet people, they often comment on my title, saying it’s intriguing and then ask what I do. The development aspect of my job at MRO Corp. includes managing all the training content—creating engaging lessons within our learning management system for our large, diverse workforce. But the truly heartwarming and rewarding part of my job is the motivation aspect. It is my responsibility to manage a program that inspires our workforce. I often joke that I get to play MROprah!

Creating Everyday Heroes

The biggest piece of our motivation plan is a program called Everyday Heroes, which celebrates team members who go above and beyond in their job performance. On a bimonthly basis, we produce an Everyday Heroes Newsletter that tells stories about how the actions of a team member touched someone’s life. The stories come from a variety of sources, but each one is about an MRO customer who received outstanding service and took the time to email an employee’s manager. Sometimes these happy customers send a gift of appreciation or call MRO to say they had a wonderful customer service experience. By far, most of these satisfied customers are patients whose lives have been touched.

Additionally, there are customers such as attorneys, insurance company representatives and our clients who write lovely letters to sing someone’s praises. Sometimes a staff member is asked to tell a noteworthy story about their own MRO coworker. Further, the newsletter features a section called “My Manager Cares” where an employee nominates a manager for excellent leadership and an inspirational skillset.

I recently shared with my daughter that one of my career accomplishments I’m most proud of is being able to touch one person’s heart. This is a privilege I treasure. As the Everyday Heroes program begins its fourth year this January, our CEO asked me how we find all the stories. I explained that inspiration is contagious, so team members and managers continue to send me great material.

I like to say, “We don’t just disclose health information, sometimes we save lives.”

Celebrating Great Customer Service at MRO Corp

Many ROI specialists who handle patient walk-in requests often say the most enjoyable part of their job is making a difference in a patient’s life. Our program celebrates these moments and gives people recognition for great customer service. When acknowledged as an Everyday Hero, honorees receive a gift box with a gift card, an MRO Hero frame containing their story, a candygram and a chance to enter a drawing for a big cash prize. Historically, we’ve had around 60 team members per year receive this honor. At the end of each year, we randomly draw three Everyday Heroes and one “My Manager Cares” for the big cash prize.

How We Make a Difference

As I reflect on all the newsletters I’ve written over the years, some memorable stories come to mind. In one case, a patient was in the middle of surgery when a report from an old chart was needed. Our staff member made the request a top priority and walked the report to the surgery area.

In another case, a husband came in to obtain his wife’s report, explaining that she was in the car because she had difficulty walking. To make things easier, our staff member walked to the requester’s car to obtain the patient’s signature on the authorization form.

Another story that comes to mind featured a manager who stayed at work in the Distribution Center during a blizzard because many employees were unable to get to work. It’s so great to hear, “I have been working for many years with many bosses, but I have never had a manager make a difference in my life the way my MRO Manager has done.” Heartwarming, inspirational, making a difference. We care!

Here are some photos of gifts that have been received by staff members:








To stay updated on our heartwarming and inspirational “Everyday Heroes” sign up to receive MRO’s newsletters. 

Stay updated on our heartwarming and inspirational "Every Heroes" by signing up to receive MRO's Newsletters.

Read More

Heard on the Hill: A Call for Regulation of Attorney Misuse of Patient-Directed Requests










During the week of November 11, 2019, I visited Capitol Hill with colleagues from the Association of Health Information Outsourcing Services (AHIOS) to address concerns regarding patient access to medical records. As many HIM professionals are aware, in February 2016 the Office for Civil Rights (OCR) released guidance on patient access to health information that is being misused by third parties. During our time on Capitol Hill, we met with staffers from the offices of senators and state representatives of both parties to voice our opinions.

Protected Health Information: Help Make a Difference in Patient-Directed Requests

While this trip to Washington, D.C. was very successful, we will continue to make many trips in 2020 to voice our concerns to policymakers. One critical takeaway is that constituents (both hospitals and patients) need to reach out statewide to the people who can make a difference with regard to this issue. Constituents need to contact their senators and state representatives to express the struggles and hardships related to patient access in their respective states, growing privacy concerns, and in the case of hospitals, cost shifts back to your facility.

If a constituent’s state has a U.S. senator serving on the Health, Education, Labor and Pensions (HELP) Committee, then they should especially reach out to share their patient access concerns. MRO’s legal, privacy and compliance teams are available to all clients to assist in identifying HELP committee members, as well as other key senators and state representatives in their respective states.

Learn More About Protected Health Information

MRO is currently working alongside industry experts to make a difference on Capitol Hill.

To learn more about our visit and our 2020 initiatives, join me and my colleague, Rita Bowen, for our upcoming webinar by registering below.

Register for our webinar "Clearing the Confusion: Attorney Misuse of Patient-Directed Record Requests and How to Cope" on December 11, 2019 at 2pm EST

Read More

National Cybersecurity Awareness Month: How to Protect Your Online Presence


National Cybersecurity Awareness Month, initiated by the National Cybersecurity Division within the Department of Homeland Security and the nonprofit National Cyber Security Alliance, is observed in October. The purpose is to raise awareness about the importance of cybersecurity, which is essential to the business operations of MRO. As our company’s information systems security officer, I saw an opportunity to review some important cybersecurity points to protect your online presence this month and beyond.

IT Security Basics for Breach Prevention

Though sophisticated measures are an important part of an effective cybersecurity plan, it is essential to always remember the basics:

  • Use passwords – Not only should you have one, you should create one that includes numbers, symbols, and upper- and lower-case letters. And never use your name, birthday or an existing password. Use different passwords across systems, so that if a hacker accesses one system, they cannot easily access all the others. Finally, never share your password. Just because you trust someone does not mean they will protect your password.
  • Lock your device – When you are away from your device, lock it to prevent people from viewing sensitive information or using the device. This goes for computers, mobile devices, tablets, etc. Set your device to lock automatically after a certain period of inactivity for stronger data breach prevention.
  • Use a secure WIFI connection – Connections at hotels, coffee shops, airports and other public places are not secure. Even if a password is required to use the WIFI at a trusted business or location, those connections are by no means secure and are vulnerable to hacking.


In a phishing attack, cyber criminals use an email to lure you into giving them more information. These emails usually look real and are excellently designed to trick you. They will try to collect financial information, login credentials or other sensitive data. Sometimes these criminals use malicious web links, attachments or fraudulent data-entry forms to install harmful software called malware on your device. Falling for a phishing attempt can have serious long-term impacts on your work and home life. Many companies have had billions of confidential personal data leaked, and many people have had their bank accounts cleared out, all due to successful phishing by cyber criminals.

How can you protect yourself against phishing? Follow these simple, but effective steps:

  • Think before you click – Does it sound too good to be true? Do you know the sender? Does it have any links or attachments? Does it ask for money, credentials or any other sensitive information that you would not give to a stranger?
  • Verify attachments and links before you open them – Hover over the link to see where it is taking you. Do you know that site? Visit the site on your web browser (NOT by clicking the link, but by doing a quick search), and then call the number on the site to inquire about the email message.
  • Double and triple check – Email addresses can be “spoofed” meaning they appear to be from a trustworthy source, when in fact they are not. Brands and logos can be copied and pasted from the real, reputable site. Even links can be disguised as legitimate when they are not. Before you do anything, you need to be 100 percent sure that everything is legitimate. When in doubt, simply do not open, click or respond. Report it to your IT security team.


Ransomware is a malicious software that cyber criminals use to deny access to your system or data. These criminals will hold your system/data hostage until ransom is paid. After the initial infection, there will be attempts to spread the ransomware to shared drives and systems. If the demands are not met, the system could remain unavailable or even be deleted altogether.

How do you know if you have ransomware on your computer? A window will pop up telling you that you have XX amount of time to pay a certain amount of money to avoid losing your system or data.

If that happens, take the following steps:

  • Unplug the power cord from the back of your PC—don’t just turn it off
  • Contact your IT department (via phone) for assistance
  • Contact your supervisor

Ultimately, the best way to ensure this does not happen is to avoid unknown links, ads and websites. Do not download unverified attachments or applications. At home, keep your software up to date, and back up data files to a secure location daily. As always, if it looks suspicious, simply do not open, click or respond.

Social Engineering Tactics

Social engineering attacks are directed specifically at human beings. Hacking a human is much easier than hacking a business, so be on the lookout! There are three basic tactics used in this type of hacking. Be aware, and don’t fall for these common tricks:

  • In person – Someone gains access through an open door or pretends to be a service technician, someone buys you a drink and tries to extract information, someone looks at your unattended device, or someone is left unattended to use your computer, perhaps during a troubleshooting session
  • Phone – Someone calls you pretending to be from an organization asking for donations, pretending to be your bank with a pre-recorded message and asks you to call back to confirm information, or pretending to be a person in authority who intimidates you to give them information
  • Digital – Someone uses phishing, someone mimics a trusted social media page to get you to click on malicious links, or someone uses common typos for brand URLs to make you think it’s the real site and click on malicious links

National Cybersecurity Awareness Month: Sobering Stats

Homeland Security recently published some sobering statistics about cybersecurity. Don’t fall victim and be a part of these statistics:

  • 47 percent of American adults have had their personal information exposed by cyber criminals
  • 600,000 Facebook accounts are hacked every single day
  • 65 percent of Americans who went online received at least one online scam offer

Though National Cybersecurity Awareness Month is observed during October, the advice and resources provided above can and should be used all year round to improve cybersecurity in the office and at home. Be a strong link in the cybersecurity chain and practice what you have learned every day.

Join our blog mailing list

Read More